Another Japanese cryptocurrency exchange was hit as thieves made off with roughly $60 million worth of Bitcoin, Monacoin and Bitcoin Cash.
The attack targeted Tech Bureau’s Zaif exchange and took place over a two-hour period on Sept. 14 however, the firm detected server problems on Sept. 17 and didn’t confirm the attack until the following day, according to Reuters.
Regulators had already hit the cryptocurrency firm with two business improvement orders earlier this year as Japan’s cryptocurrency exchanges have been under close scrutiny since the Coincheck heist in January where cybercriminals made off with $530 million in digital coins.
JASDAQ-listed Fisco Ltd has agreed to invest five billion yen ($44.59 million) into Tech Bureau that will be used towards replacing the digital currencies stolen from client accounts, in exchange for majority ownership in the company. The amount of “financial assistance” may change in value if the amount affected by the heist changes upon further investigation, Fisco said in a statement.
Ilia Kolochenko, Chief Executive Officer and founder of High-Tech Bridge noted that this breach is an example of how compliance unfortunately isn’t always a guarantee your data is safe.
“Compliance does not necessarily mean security - major data breaches of PCI DSS certified merchants are not that unknown for example, likewise intrusions into organizations under even more rigorous regulatory and compliance requirements,” Kolochenko said. “Moreover, the vast majority of crypto-companies, including large crypto exchanges, are operating in a very turbulent, hostile and merciless market where a minor mistake can drive you out of business.”
He added that cybersecurity is rather complementary to their growth strategy and that some startups even ignore security and privacy, recklessly using out-of-the-box solutions that put their customers’ assets at risk. As a result he fears that there will be more attacks on cryptocurrency exchanges.
“Unfortunately, even the harsh regulation of crypto markets is no silver bullet,” he said “Digital coins are extremely attractive for cybercriminals who can easy launder them and convert into spendable cash, even inspite of some losses due to ‘transactional commissions’. Most of these operations remain technically untraceable and undetectable, granting an absolute impunity to the attackers.”
Cybercriminals will continue investing into additional efforts to break into these exchanges even if the firm’s security is properly implemented and maintained, Kolochenko added.