Date:: September 14th, 2018
Amount Stolen:: $59,000,000
Tags:: CEX Hack, Japan, ChipMixer, Binance
Attribution: High Confidence
Time: 8:00-10:00 UTC
Japan-based cryptocurrency exchange Zaif, which is operated by Tech Bureau, was hacked. This is yet another case where it’s unclear how hackers stole the funds. However, Zaif did file a criminal case with their local authorities, which makes it sound like they have an idea as to who did it. The perpetrator made off with ¥6.7 billion (about $60 million) worth of cryptocurrency, including 5,966 bitcoins.
After the Coincheck mega heist of $520 million in NEM tokens in January, the Financial Services Agency (FSA)—Japan’s financial watchdog agency— launched a series of inspections of cryptocurrency exchanges in the country to assess their security measures. Notably, the FSA had already issued a business improvement order to Tech Bureau in March specifically regarding the need for security and anti-money laundering enhancement.
This is yet another case where it’s unclear how hackers stole the funds. However, Zaif did file a criminal case with their local authorities, which makes it sound like they have an idea as to who did it. Either way, this Japanese exchange lost $60 million worth of cryptocurrency.
The attackers accessed the exchange’s hot wallets to steal roughly $60 million in bitcoin, bitcoin cash, and MonaCoin. The identity of the attackers remains unknown.
Zaif is a Japanese-based cryptocurrency exchange owned, and was operated by Tech Bureau at the beginning. On September 17, 2018, the Zaif exchange suspended deposits and withdrawals in BTC, BCH, and MonaCoin (MONA). On September 18, the exchange reported to the police that it had been hacked and funds had been stolen.
Someone gained unauthorized access to the exchange on September 14, 2018, between 5 PM and 7 PM local time (8 AM and 10 AM UTC). They successfully transferred out 5,966 bitcoin (BTC) and unknown amounts of BCH and MONA. Zaif was alerted of this unauthorized access when a server malfunction was detected on September 17.
After the hack, Zaif was purchased by Fisco, a publicly listed Japanese investment firm that already had its own exchange.
All services were resumed, and the exchange refunded the users their stolen holdings. As Zaif outlined, users who had Bitcoin or Bitcoin Cash stolen were refunded in the same cryptocurrency. However, users who had MONA stolen received around 60 percent of the crypto, and the rest was compensated in Japanese Yen.
https://cryptobriefing.com/japanese-crypto-exchange-sues-binance-role-63-million-bitcoin-hack/
https://coindesk.com/japan-cryptocurrency-exchange-zaif-fisco-binance-laundering-hack
Seven counts have been lanced at Binance in the United States District Court of California concerning the hack in 2018.
Fisco cryptocurrency exchange, which took over Zaif’s business after the hack and reimbursed its customers, is the complainant in the case.
Due to Bitcoin’s transparent ledger, it was not difficult to trace the movement of the stolen funds. Soon after the hack, public analytic firms and Zaif employees traced a significant portion of the hack back to the following address 1NDyJtNTjmwk5xPNhjgAMu4HDigtobuls, which belonged to Binance.
Fisco claims Zaif had informed Binance of the hacked BTC inflows, giving the latter ample time and opportunity to freeze the accounts.
However, Binance’s failure to cooperate with Zaif allowed the hackers to process 1,451.7 BTC, worth $9.4 million at the time, through various smaller accounts and trades on Binance.
Fisco has brought the case to Californa, saying that it is home to Binance’s principal operations and also to many of the victims of the Zaif hack.
Fisco seeks damages from Binance for the $9.4 million routed through the exchange along with interest and fair compensation, the details of which will be discussed in the trial.
The two Bitcoin withdrawal limit allows non-KYCed users to withdraw more than $20,000 at current prices. For comparison, the withdrawal limit for “starter users” on the American exchange Kraken is $5,000.
The case filing also cites that in 2019, the exchange facilitated the laundering of roughly $750 million obtained from illicit activities.
The amount of damages is relatively small for Binance, which is reported to have crossed $1 billion in cumulative profits within the first three years of its launch. However, the questions raised are troubling for cryptocurrency users.
-
BTC 1FmwHh6pgkf4meCMoqo8fHH3GNRF571f9w (5960 BTC / $40m) Sep 14, 2018 8:33 AM
-
3MyE8PRRitpLxy54chtf9pdpjf5NZgTfbZ
-
1PKeMDSNFg9mgGHTeBmJSjGrD2cv2TFpvP
-
1DGsZgFTPbQ8PmuMucRa8shasWBkFXpDu9
-
BCH: qpyh6tw42h5pyl84py4c3ukqamsz0ucyly04nyz8u7 (42k BCH / $19m) Sep 14, 2018 11:10 AM
-
qz8yltmsl2temttutmzlkt7yqk3gaq9nwcfjz8sdtw
- https://quadrigainitiative.com/casestudy/zaifhackingtheft.php
- https://coindesk.com/crypto-exchange-zaif-hacked-in-60-million-6000-bitcoin-theft
- https://zaif.jp/
- https://cryptoxdirectory.com/zaif
- Annex 95: Suspected DPRK cyberattacks on cryptocurrency-related companies (2017-2023) investigated by the Panel