Japan Gov’t Issued Warnings to Zaif Prior to $60m Crypto Hack, Official Investigation

According to local publications, the Japanese government and its main financial watchdog Financial Services Agency (FSA) has launched an official investigation into Zaif, a major local crypto exchange which experienced a $60 million hack earlier this month.

The FSA reportedly issued two business improvement orders to Zaif in 2018 after several audits discovered serious issues pertaining to possible system failures and fraudulent withdrawals. But, the FSA stated that the company did not implement necessary fixes to improve its infrastructure and security protocols.

Ultimately, the failure of Zaif to comply with the business improvement orders issued by FSA led the exchange to become vulnerable to hacking attacks, falling victim to a $60 million hacking attack on September 20.


In June, Bithumb experienced a $40 million security breach, which came a shock to the local cryptocurrency exchange market given the exchange’s dominance over the local sector.

Subsequent to the hack, Bithumb was requested by the government to overhaul its internal management system and security protocols. Complying with the demands of financial regulators, Bithumb temporarily suspended deposits and withdrawals for just over a month, which essentially disabled trading on the platform for more than 30 days.

Security issues of Bithumb were not made aware to the government and authorities prior to the hack. But, after the hack, the government conducted an investigation into 25 cryptocurrency exchanges in South Korea, suspending platforms with poor security and requesting exchanges to completely overhaul their systems within a month.

When the FSA was aware of various technical issues surrounding withdrawals and system failures, it should have suspended the exchange until it complied with the demands of the authorities.

Although the government of Japan has implemented strict policies to govern the local cryptocurrency exchange market, the successful hacking attempt of Zaif demonstrated weakness in the execution of the policies by the FSA.

In a sense, the Zaif hack was very similar to the $500 million hacking attack of Coincheck in that both platforms were told to improve their infrastructure due to various vulnerabilities in their systems. Yet, the two exchanges failed to comply with the demands from the government and inevitably fell victim to high profile security breaches.

In the months to come, FSA is expected to tighten regulations surrounding cryptocurrency exchanges and actively cooperate with trading platforms to ensure that robust internal management systems, infrastructures, and security protocols are integrated.

The Japan Virtual Currency Exchange Association (JVCEA) has also requested all exchanges in Japan to conduct independent security and financial audits to prevent any hacking attacks in the short-term.

The JVCEA reported that minor and major cryptocurrency exchanges including BitFlyer and Quoine conducted audits hours after the hacking attack on Zaif. The security protocols and internal management systems of other exchanges in Japan are said to be secure.


Already, Fisco, a publicly listed company in Tokyo which recently acquired majority stake in Zaif by agreeing to compensate investors that were affected by the hack, has initiated the process of eliminating executives and auditors that were responsible for the security breach of the exchange.

It is both positive and troubling that the FSA was able to disclose issues in the infrastructure of Zaif but the authorities were not capable of pressuring the exchange to prioritize the improvement of its system.

In the upcoming months, especially with 160 companies planning to file licenses with the FSA to operate as cryptocurrency exchanges, analysts expect the FSA to cooperate with trading platforms in a more proactive manner, to eliminate vulnerabilities and systematic issues in the infrastructure utilized by crypto exchanges.

*Edited based on an article from 8btc. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: