About three weeks ago, the Japanese cryptocurrency exchange Zaif was the target of hacker(s) who made off with around $60 million worth of cryptocurrency. Once the hack was uncovered by the exchange (which, incidentally, took two weeks to discover), the exchange’s parent company, Tech Bureau, suspended trading, apologized to its customers and said that restitution of deposits was forthcoming. Fast-forward to today and—even though it has allegedly already made arrangements to have the funds available—clients are still waiting for their money.
To compensate customers for their losses, Tech Bureau announced after the hack that it had made a deal to sell a large chunk of the company to Fisco Digital Asset Group for $44.5 million. That, coupled with its own savings, would give the company the money needed to cover investors’ losses. However, it told regulators this week that it needed more time to finalize the repayment plan. It had previously said that it had expected to have the plan in place by the end of September.
In making its announcement, Tech Bureau added that it is still trying to work out the terms of the Fisco deal. This is surprising since the two were able to quickly come to an understanding following the hack and they’ve now had three weeks to hash out the details.
Japan’s Financial Services Agency (FSA) stepped in to investigate following the hack and subsequently issued Tech Bureau a business improvement order. It was the third received by the company for the Zaif exchange this year and the third since the exchange began operations.
There have been two major hacks of Japanese exchanges this year, the Zaif heist and the Coincheck hack this past January. The scandals have put more pressure on regulators to intervene and crack down on crypto exchange operators to ensure they are protecting their customers adequately. Many are now calling for changes to how the companies manage user funds, with some pushing for the assets to be stored in cold wallets, a type of offline storage facility, instead of in hot wallets that are always connected to the Internet.
According to Kyoto University professor Kaoyuki Iwashita, “Exchange operators should overhaul their security, including hot wallets. We are well past the point of handling massive amounts of funds with the mindset of startups.”
Japan’s self-regulating body for the cryptocurrency industry, the Japan Virtual Currency Exchange Association (JVCEA), apparently agrees with Iwashita. It has introduced a guideline for the involved exchanges that would require them to store no more than 10% of all assets in hot wallets. However, it is only a guideline and cannot be enforced the same way as if it were law.