Unknown cryptocurrency exchange located in Japan

The organisation operates as a cryptocurrency exchange, providing a platform for the trading of digital assets. Its headquarters is situated in Japan, meaning it is subject to Japanese regulatory oversight for virtual currency services. As an exchange, it enables users to buy, sell, and convert various cryptocurrencies and tokens.

In June 2023 the exchange was reported to have been compromised by a sophisticated macOS backdoor known as JokerSpy. The attack utilized a multi‑architecture binary named xcc, which was employed to bypass system privacy permissions on compromised machines. After gaining initial access, the threat actors deployed a Python implant to maintain persistence and execute commands. The attackers also used the Swiftbelt enumeration tool to collect system and network information from the infected hosts. Initial intrusion was achieved through backdoored versions of legitimate software development applications that were supplied to the exchange’s environment. The incident was covered by security news outlets, highlighting the use of a multi‑stage infection chain involving xcc, the Python implant, and Swiftbelt. No further details regarding the exchange’s ownership, size, user base, or specific product offerings are disclosed in the available source material.