Cyber Incident Victim: Zaif
Date:
Sep 2018
Location:
Japan
Summary
A Japan-based cryptocurrency exchange suffered a security breach resulting in the theft of approximately $60 million in digital assets, including bitcoin, bitcoin cash, and MonaCoin, through unauthorized access to its hot wallets. The operator detected abnormal fund outflows and suspended services, later confirming insufficient reserves to cover losses and securing a $44.5 million investment from another firm in exchange for majority ownership. The incident represented the second major hack targeting a licensed exchange in the country that year, prompting regulatory scrutiny and prior enforcement actions by financial authorities regarding security deficiencies. Criminal investigations were initiated following the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 14, 2018, at approximately 17:00 Japan time, cryptocurrency exchange Zaif detected abnormal fund outflows from its platform, prompting an immediate suspension of deposit and withdrawal services. The exchange, operated by Tech Bureau and licensed in Japan, conducted an investigation revealing unauthorized access by attackers to its hot wallets between September 14 and 17. Hackers stole approximately 5,966 bitcoins alongside unspecified quantities of bitcoin cash and MonaCoin, totaling ¥6.7 billion ($60 million). Tech Bureau confirmed the theft primarily affected customer assets, with the exact amount of bitcoin cash remaining undetermined. The company formally reported the incident to Japanese authorities as a criminal case due to the illicit fund transfers.
Zaif’s financial reserves of ¥2.2 billion ($20 million) proved insufficient to cover losses, leading Tech Bureau to secure a ¥5 billion ($44.5 million) capital injection from Fisco, a Tokyo-listed financial services firm, in exchange for a controlling stake. This marked Japan’s second major exchange hack in 2018, following Coincheck’s $530 million NEM token theft in January. Japan’s Financial Services Agency (FSA) had intensified oversight of cryptocurrency exchanges after the Coincheck breach, conducting security audits and issuing operational improvement orders. Notably, the FSA had mandated Zaif’s parent company, Tech Bureau, in March 2018 to strengthen anti-money laundering protocols and cybersecurity controls, prior to the breach. The incident underscored systemic vulnerabilities in exchange security practices despite regulatory interventions.