Another serious case of theft has occurred in the cryptocurrency industry. Cryptocurrency exchange operators and the Financial Services Agency should swiftly implement effective measures to prevent a recurrence.
A virtual currency exchange operated by Osaka-based Tech Bureau Corp. has been hacked, with losses of about ¥7 billion in digital currencies. Of the total, ¥4.5 billion in stolen currencies were assets deposited by customers.
There was also a massive theft in January of about ¥58 billion in digital currencies held by Coincheck Inc. The industry’s careless methods of asset management are too much to tolerate.
Failure to thoroughly protect the interests of customers will even more seriously tarnish confidence in digital currency transactions.
Tech Bureau has been given a business improvement order by the FSA on two occasions, following the frequent occurrence of system failures there in the past. The company should be held heavily responsible for having neglected to reinforce its asset management measures.
The latest case of hacking was perpetrated on Tech Bureau’s “hot wallet,” which was connected to the internet to store digital money. Hot wallet storage can quickly handle payments and withdrawals by customers. However, its fragile security has been pointed out.
In the Coincheck case,the same problem has occurred, digital money stored in its hot wallet was stolen. The latest case shows that the lesson of the former case has not been used to good effect, and failure in this is a problem.
Tech Bureau’s computer system was unlawfully accessed from outside, during a period from around 5 p.m. to 7 p.m. on Sept. 14, prior to a string of holidays.
FSA must review the security system and impose stricter regulations on exchange operators, checking the security implementations at the same time.
Tech Bureau’s server did not detect any abnormality until Sept. 17, and it took the company until Sept. 18 to confirm that it had suffered damage.
Why was Tech Bureau so greatly delayed in taking action after it had suffered losses? The FSA, which has conducted an on-site inspection at the company, needs to thoroughly clarify the circumstances leading up to the latest case of hacking.
Tech Bureau is a registered cryptocurrency exchange operator — one whose business has been officially authorized by the FSA. It is vital to severely question the FSA’s supervisory responsibility in this respect.
An FSA expert committee is considering tighter regulations on cryptocurrency transactions, but its move was too late for the latest case. It is important for the FSA to fundamentally reconsider its supervisory system, with a view to tightening its inspection and registration arrangements.
It is also indispensable to strictly reexamine the conditions of asset management by other cryptocurrency exchange operators.
According to a National Police Agency survey, there were a record 158 cases in which financial losses were caused through hacking to transfer money during the first half of the year, the January-June period. That figure has already exceeded the 149 cases of similar hacking last year.
Hacking techniques have become highly sophisticated. It may be advisable to consider revoking the registration of an operator who has not taken sufficient measures to protect its system.
Cryptocurrencies have no backing from national governments or central banks. Customers need to conduct virtual currency transactions while properly recognizing the price-fluctuation risks involved and the reality that there are concerns about exchange operators’ asset management.