Posted on

Bitpoint Hack Shows That Regulators’ Scrutiny Does Not Equal Safety

Bitpoint incident continues the streak of hacks targeting Japan-based exchanges.

On July 12, 2019, Tokyo-headquartered cryptocurrency exchange Bitpoint promptly suspended its services after noticing an error in the outgoing funds transfer system. Soon, an official announcement followed, revealing that the trading platform had lost around 3.5 billion yen (roughly $32 million) as a result of a security breach. The exchange’s administration has managed to find a portion of the missing funds since the initial announcement was published. Nevertheless, the security breach seems to continue the streak of hacks targeting Japan-based exchanges.

Details of the hack

According to the breakdown of the hack published by Bitpoint’s parent firm, Remixpoint Inc., Bitcoin (BTC) accounted for the highest share of total losses. The total amount of stolen BTC (1,225) is worth over 15 billion yen (just over $138 million). Further, over 28 million XRP (10 billion yen, or $92 million) and 11,169 ETH (3.3 billion yen, or $30 million were taken away by the hackers. Additionally, the fraudsters stole 1,985 Bitcoin Cash (BCH) and 5,108 Litecoin (LTC), worth 1,2 billion yen, or $11 million. 

The breach occurred due to unauthorized access to the private keys of its hot wallet, Remixpoint Inc. indicated in the document. Bloomberg has reported that shares of the company shed 19% after the news of the incident surfaced and became untraded in Tokyo at some point due to what the publication called “a glut of sell orders.”

Later, on July 14, local English-language publication The Mainichi reported that Bitpoint has discovered over 250 million yen (around $2.3 million) in cryptocurrency on overseas exchanges that were using a trading system provided by Bitpoint Japan. The exchange’s spokesperson reportedly told The Mainichi that the recent discovery brings the total sum of lost founds down from 3.5 billion yen (about $32 million) to 3.02 billion yen (approximately $28 million).

Related: Round-Up of Crypto Exchange Hacks So Far in 2019 — How Can They Be Stopped?

Genki Oda, founder and CEO of Bitpoint, told Cointelegraph that his platform is going to compensate its users, although without mentioning any specific time frame. Additionally, Oda said it was in touch with fellow exchanges Binance and Huobi regarding the freezing of stolen funds that have allegedly ended up in their wallets following the security breach. Such collaboration with other trading platforms is a common method of mitigating cryptocurrency hacks, as it prevents fraudsters from cashing-in on their loot. “If you know other way for locking or getting back the hacked crypto, please let us know the ways,” Oda added.

Moreover, Bitpont has announced it is going to compensate customers in cryptocurrencies rather than in their equivalent fiat value.

The FSA and Japan’s regulatory regime

Although Japan is one of the very few countries where cryptocurrencies can be used as legally accepted means of payment, the Japanese Financial Services Agency (FSA) — the country’s financial watchdog — has been noticeably nervous ever since the infamous Coincheck and Mt. Gox hacks. Since the amendment of Japan’s Payment Services Act in April 2017, all crypto exchanges in the country are required to register with the FSA. 

Notably, Bitpoint was one of the approximately 16 local exchanges that has been licensed by the regulator as a result of its rigorous inspections of industry players, which include on-site inspections. According to Nikkei Asian Review, Bitpoint received an operational improvement order from the FSA last year, as the regulators concluded that “its internal controls were flawed,” but it was lifted at the end of last month — just two weeks before the hack occurred.

Related: Grand Theft Crypto: The State of Cryptocurrency-Stealing Malware and Other Nasty Techniques

Koji Higashi, a Japanese market analyst and the founder of Koinup, told Cointelegraph that the FSA’s scrutiny does not necessarily ensure that its subjects have stronger protection in place. Conversely, it could lead to a reduction in safety, Higashi continued:

“I don’t think it’s a reasonable assumption that being regulated by the FSA closely ensures safety of exchanges. After two major hack incidents that took place in Japan, the FSA tightened the enforcement significantly to prevent any more hacks, but they are by no means security experts. Also, as far as I understand, their main focus seemed to be more on KYC/AML. In some situations, I have heard before that their scrutiny is the reason to put pressure on exchanges financially and lose its focus on security.”

Maurizio Raffone, CEO at Tokyo-based Finetiq Ltd., sees these hacks “as teething problems for a developing market.” He told Cointelegraph:

“Japan’s cryptocurrency exchanges are suffering from their own success as volumes are strong and attract the unwanted attention of cyber attacks. The FSA is actively reviewing the exchange’s operations, issuing improvement orders and so forth but there will always be human error, particularly in an industry that has grown so much, so quickly.”

Jeff Wentworth, co-founder of Curvegrid, another blockchain startup based in Tokyo, seems to agree with that statement, stressing that the hacking problem is not exclusive to Japan:

“I don’t think any country has been immune to financial system hacks, including crypto exchange hacks. Japan is probably seen to be more targeted because it has a larger number of well-capitalized crypto/fiat exchanges versus other jurisdictions.”

Some experts believe the FSA might strengthen its regulation even further as a result of the hack. Wentworth told Cointelegraph:

“I’m sure there will be additional regulatory scrutiny which could lead to tighter requirements for getting licensed. The FSA has shown itself to be both fairly pro-active and fairly fluent in cryptocurrency, so it might just mean an acceleration of already in-flight measures. Computer security is hard, and just as traditional banks will continue to battle hackers, so will crypto exchanges.”

Higashi, on the other hand, is not certain it could be the case, saying:

“According to this website which tracks and compares BTC stock trading volume in Japan, Bitpoint ranks just 7th and their reported BTC trading share is just 2.5% in June. From that standpoint, this incident was minor compared to the Coincheck and Zaif hacks and thus it’s possible that the incident may have a minimal impact on the regulation.”

As for now, it seems safe to assume that the level of the FSA’s scrutiny does not necessarily correlate with the safety of the exchanges it oversees. Nevertheless, this year has seen an unprecedented amount of security breaches in the crypto space, which means that some proactive steps should be taken by both players and participants.

Posted on

Bitpoint Reveals Amounts Stolen, Pledging to Reimburse Users in Crypto

Japanese exchange Bitpoint has published the breakdown of crypto assets stolen in the $27.8 million hack of its platform earlier this month.

Japanese exchange Bitpoint has published the breakdown of crypto assets stolen in the ¥3 billion (~$27.8 million) hack of its platform earlier this month.

A document published by Bitpoint’s parent firm Remix Point Inc. on July 16 reveals that five crypto assets in total were stolen by the attackers. The breakdown provided by the company compares the proportion of stolen customer assets with assets belonging to the firm:

  • 1,225 Bitcoin (BTC) worth ¥15.3 billion — ¥1.28 billion belonging to customers and ¥250 million to the firm; 
  • 1,985 Bitcoin Cash (BCH) worth ¥70 million — ¥40 million (customers) and ¥0.2 billion (firm);
  • 11,169 Ether (ETH) worth ¥330 million — ¥240 million (customers) and ¥0.8 billion (firm); 
  • 5,108 Litecoin (LTC) — ¥0.5 billion, of which ¥40 million (customers) and ¥0.0 billion (firm); 28,106,323 XRP — ¥10.02 billion, of which ¥2.6 billion (customers) and ¥960 million (firm).

Out of the ¥3.02 billion stolen in cryptocurrencies overall, ¥2.6 billion belonged to customers and ¥960 million were company assets. XRP accounted for the highest share of total losses, with stolen XRP accounting for over ¥10 billion — roughly a third of the lost funds.

Bitpoint has moreover revealed its plans to compensate customers in cryptocurrencies rather than in their equivalent fiat value.

The exchange reiterates its belief that the breach occurred due to unauthorized access to the private keys of its hot wallets, and that it now plans to move all holdings into cold storage. 

It confirms that no breach of its cold wallets has been detected, but states that it continues to monitor the situation and is also suspending all services until more comprehensive security measures have been undertaken and the firm has completed its tracking of the stolen funds.

The document reveals that Bitpoint is cooperating with the Japan Virtual Currency Exchange Association (JVCEA) — a self-regulatory crypto exchange association that formed in March 2018 to help establish industry-wide investor protection standards — and has requested that the association monitor any suspected ill-gotten funds and wallets potentially associated with the incident. The exchange is also reportedly in close communication with the Ripple Foundation.

As reported yesterday, Bitpoint discovered over 250 million yen ($2.3 million) in crypto that was stolen during the hack, bringing the total sum of lost funds down to its initial estimate of ¥3.5 billion ($32 million) to ¥3.02 billion ($28 million).

Posted on

Hacked Bitpoint Exchange Finds $2.3M in Stolen Crypto

Japanese cryptocurrency exchange Bitpoint has reportedly discovered some of its funds that were stolen in a hack last week.

Japanese cryptocurrency exchange Bitpoint has discovered over 250 million yen ($2.3 million) in cryptocurrency — part of a $32 million sum that was stolen last week, local English language daily The Mainichi reports on July 14.

According to The Mainchi, Bitpoint found the stolen cryptocurrency on overseas exchanges that were using a trading system provided by Bitpoint Japan. Bitpoint told The Mainchi that the recent discovery brings the total sum of lost founds down from 3.5 billion yen ($32 million) to 3.02 billion yen ($28 million).

The exchange was initially hacked on July 12. 2.5 billion yen ($23 million) of stolen funds belonged to customers while 1 billion ($9.2 million) belonged to the exchange. Hackers stole Bitcoin (BTC), Litecoin (LTC), Ether (ETH) and XRP from the exchange’s hot wallets.

Bitpoint suspended all services following the hack, while the exchange’s parent firm Remixpoint Inc. shed 19% following the theft. Remixpoint went untraded in Tokyo following the attack due to a reported glut of sell orders.

The recent incident involving Bitpoint follows a record-breaking hack of Japanese exchange Coincheck in January 2018, wherein $534 million of NEM tokens were stolen from Coincheck’s low-security hot wallet.

Bitpoint was one of several exchanges to receive a business improvement order from Japan’s finance watchdog, the Financial Services Agency (FSA), in June of last year. One of the FSA’s main concerns was the exchanges’ compliance with Anti-Money Laundering and Know Your Customer requirements.

The agency also expressed concerns that customer funds were not being kept sufficiently separate from those of the exchanges.

Posted on

Japan to Look Into the Impact of Facebook’s Libra Ahead of G7

Japanese authorities are investigating the impact of Facebook’s Libra stablecoin.

Japanese authorities are investigating the impact of Facebook’s Libra stablecoin, The New York Times reported on July 12.

Per the report, Japanese authorities have set up a working group tasked with investigating the impact of Facebook’s stablecoin on monetary policy and financial stability. The working group will reportedly consist of the Bank of Japan, the Ministry of Finance and the Financial Services Agency and already started meeting this week.

The outlet claims that the objective of the newly formed group is to coordinate policies that would address the consequences of Libra’s implementation on regulation, tax, monetary policy, and payments settlement.

Unspecified officials reportedly noted that they hope that more tax and financial regulators will join the group, given the broad impact of Facebook’s project. Japan has taken the initiative on ahead of the upcoming meeting of the G7 finance ministers in Chantilly, France, on 17-18 July.

As Cointelegraph reported at the end of June, also France created a G7 taskforce to examine how central banks can regulate cryptocurrencies such as Libra in anticipation of the same summit.

It is not only regulators who are worrying about Libra. Yesterday, news broke that Ethereum’s co-founder Mihai Alisie is concerned that Facebook is attempting to hoodwink regulators into approving a centralized “cryptocurrency.”

Posted on

Japanese Crypto Scene Slammed by Hack: $32M in XRP, Bitcoin, Others Sniped

Japanese Crypto Scene Sees Another Hack…

Youch. A Japanese crypto asset exchange, Bitpoint, has just been subject to a large hack, during which attackers managed to steal over $30 million worth of Bitcoin, XRP, Ethereum, Litecoin, and other digital assets. The funds were siphoned out of the exchange via its hot wallet, not the cold wallets as first suggested by some users. This harrowing tidbit of news comes via Bloomberg.

Interestingly, the broader crypto market hasn’t reacted to this debacle, despite the fact that BTC has habitually fallen in the minutes and hours after the hacks of Binance, Bithumb, and so on and so forth. Though, shares of Bitpoint’s parent company, Remixpoint, fell by upwards of 19% on some markets and were actually temporarily frozen due to “a glut of sell orders” by panicked investors.

Revealed in an announcement published via Remixpoint, the upstart exchange claimed that around 70% of the funds lost originate belong to its customers, with the rest coming from company coffers.

Due to this hack, Bitpoint has been mandated to cease its operations for the time being, including deposits, withdrawals, and trading at large.

It is unclear how or if the exchange will reimburse its customers.

Unfortunate Timing

This comes at an unfortunate turning point in the Japanese crypto exchange. You see, ever since the monumental CoinCheck hack, which incurred the loss of $500 million worth of a crypto asset named XEM (NEM), the local financial regulator has been very stringent in handling the cryptocurrency space. The Financial Services Agency (FSA), as the entity is known, has developed a serious licensing system for want-to-be trading platforms.

The thing is, Bitpoint had purportedly been somewhat verified by the FSA, but had received a “business improvement order”.

With the agency currently managing a list of over 100 upstart crypto firms wanting to sortie into the exchange space, the FSA may become even more heavy-handed than it already is, potentially resulting in the death of some crypto platforms, and thus investor interest, in the nation.

A Digital Asset-Friendly Nation?

It is important to note that Japan has been quite friendly to the cryptocurrency space overall. As reported by this outlet previously, Kazuhiro Tokita, the president of the FSA-regulated local crypto exchange DeCurret, in April unveiled a system that would allow for consumers that hold a Suica card, which is used on East Japan Railway Company’s (JR East) metro and shinkansen systems, to top up their balance with digital assets.

Also, Rakuten, an e-commerce heavyweight in the nation, has acquired a Bitcoin exchange, and intends to integrate direct cryptocurrency payments into its stores. Bit Camera, a large electronics retailers, too, has embraced cryptocurrencies, accepting BTC in its stores across the nation.

Title Image Courtesy of Unsplash

The post Japanese Crypto Scene Slammed by Hack: $32M in XRP, Bitcoin, Others Sniped appeared first on Ethereum World News.

Posted on

Japanese Crypto Exchange Bitpoint Suffers $32 Million Hack

Japanese crypto exchange Bitpoint has suspended all services after losing $32 million in a hack involving XRP, Bitcoin and other cryptocurrencies.

Japanese crypto exchange Bitpoint has suspended all services after losing $32 million in a hack involving XRP, Bitcoin (BTC) and other cryptocurrencies.

In an official announcement on July 12, Bitpoint revealed that it had lost around 3.5 billion yen (~$32 million) — 2.5 billion yen (~$23 million) of which belonged to customers and 1 billion (~$9.2 million) to the exchange.

Bloomberg reports that shares of Bitpoint’s parent firm Remixpoint Inc. shed 19% following news of the incident, and were untraded in Tokyo as of 1:44 p.m. “on a glut of sell orders.”

Alongside XRP and Bitcoin, a total five different cryptocurrencies had been stored in the affected hot wallets, including Litecoin (LTC) and Ether (ETH).

The exchange’s cold wallets are not reportedly thought to have been compromised, Bitpoint’s announcement indicates.

Bitpoint was one of multiple domestic crypto exchanges to have been served a business improvement order from Japan’s financial regulator, the Financial Service Agency (FSA), during its wide-ranging inspections of industry businesses, per Bloomberg.

As previously reported, the industry record-breaking hack of $534 million of NEM from Japan’s Coincheck exchange in January 2018 had been attributed to the fact that the coins were stored in a low-security hot wallet.  

In 2019, May’s $40 million hack of top crypto exchange Binance has loomed large over the industry — at least eight crypto exchanges have been the target of large-scale hacking incidents in the first half of this year, most recently Singapore-based Bitrue.

Posted on

Report: Fortress Offers to Buy Mt. Gox Bitcoin Claims at $900 a Piece

Fortress Investment Group has reportedly sent out an email offering to buy Mt. Gox creditors’ bitcoin claims for $900 per bitcoin.

Fortress Investment Group is buying bitcoin (BTC) claims from Mt. Gox creditors, according to a report by CoinDesk on July 8.

The Japan-based cryptocurrency exchange Mt. Gox filed for bankruptcy in 2014 after losing $473 million worth of bitcoin at the time due to an apparent hack. Bitcoin reportedly experienced a subsequent decline in value, dropping by 36% over the month when this took place.

As per the report, Fortress executive Michael Hourigan has sent out a letter to creditors detailing the buyback offer. According an apparent copy of such a letter, Fortress has offered to buy the bitcoin claims back at approximately double the bankruptcy value.

The value of the claims at the time Mt. Gox was declared insolvent was reportedly $451, while Hourigan says Fortress can offer $900 per coin. 

The letter also notes that the purchase could be made in bitcoin or fiat money, and that the offer stands until July 31.

As Cointelegraph reported in April, Mt. Gox creditors may have claims for their lost bitcoins being automatically filed on their behalf. A Reddit user named DerEwige circulated an unverified screenshot of an email, which says:

“The creditors who objected to your self-approved rehabilitation claim withdrew their objections. As a result, the approval of your self-approved rehabilitation claim has become effective, and you no longer need to file an application for claim assessment.”

DerEwige interpreted this to mean that Mt. Gox users that did not file a rehabilitation claim after losing their crypto have had a claim automatically filed on their behalf, which has now been approved.