Earlier this month, a Japanese cryptocurrency exchange fell victim to an attack that has siphoned more than 3 billion yen (~$27.8 million) out of its wallets. Following the hacking incident, the company has promised affected users that they will reimburse the stolen Bitcoin and other digital money through e-payments.
BitPoint, the Japanese crypto exchange, and its parent company, Remix Point Inc., published a document that details the attack and includes the company’s apology to its affected users. According to the document, a total of five crypto assets were stolen by the attackers. The stolen assets include 2.6 billion yen in cryptocurrencies that belong to users and 960 million yen that the company owns.
“On July 12, 2019, unauthorized outflow of virtual currency at the exchange has been identified,” said the document.
In the document, the company reveals the breakdown of the stolen cryptocurrencies as follows: 1,125 BTC (15.3 Billion yen), 1,985 BCH (0.7 Billion yen), 11,169 ETH (3.3 Billion yen), 5,108 LTC (0.5 Billion yen), 28,106,343 XRP (10.2 Billion yen).
Bitcoin and XRP accounted for the highest shares of losses with an aggregate amount of more than 25 Billion yen, which comprises three-quarters (75%) of the total hacked and stolen amount.
In order to compensate those who fell victim of the hacking incident, the company said that they would be reimbursing the stolen amount in cryptocurrencies rather than their equivalent fiat value.
“In line with the resumption of services in BPJ, it should be as soon as possible, such as making a refund on request. We will do our best to respond,” they promised.
According to the company, the breach occurred because a threat actor has gained unauthorized access to their hot wallets. Hot wallets are the only depository of cryptocurrencies and are said to be hackable, based on sources. BitPoint said that they are now in the process of moving their holdings in cold storage or offline depositories.
“We are currently investigating the cause and route of this case,” they said.
“The wallet that manages the hot wallet private key although various security measures have been taken. It is highly likely that the server has received unauthorized access, and the hot wallet private key has been stolen / abused. We believe,” they added.
The document released by the company confirms that the hacker did not compromise the cold wallet of the company, but they said that investigation is still ongoing to further validate information pertaining to the cause of the attack.
Because of the breach, the crypto exchange is suspending all services until they are able to comprehensively conclude investigations and the firm has completed tracking all the stolen funds.
BitPoint said that they are already in cooperation with the Japan Virtual Currency Exchange Association (JVCEA) and has asked for their assistance in monitoring and reporting of suspicious fund transactions and wallets potentially associated with the fund stolen from BitPoint. JVCEA is a self-regulatory crypto exchange organization that was formed last year to help establish industry-wide investor protection standards and protocols.
Yesterday, the crypto exchange was able to track down more than 250 million yen worth of crypto that was part of the stolen funds from BitPoint. This discovery brings down the total sum of missing and stolen funds to its initial estimate from 3.5 billion yen to 3.02 billion yen.
Two months ago, a similar incident happened to another crypto exchange company Cryptopia where more than $16 million were stolen in ether and ERC-20 tokens. While the company has restarted its trading services in March, no one is still certain of the actual damages that the cyber attacked caused the company.
Earlier this year, a global saga involving the shamed Quadriga-CX, a Canadian crypto exchange company also crumbles to find funds that were lost after the company’s CEO mysteriously died late last year.
More than $200 million in assets (both fiat and crypto) has been lost because of the CEO, Gerard Cotten, allegedly taking all encryption keys and passwords for their hot wallets to his grave. The cold storage of the company was also proven to unopenable.
Incidents like this further assert the apprehensions of governments regarding Bitcoin and cryptocurrencies. Last week, President Donald Trump slammed Bitcoin and other cryptocurrencies saying that America has “only one currency, and it called the US dollar.”
Aside from Trump Democrats senators have also circulated a proposed draft that practically bans tech companies from issuing cryptocurrencies. In the same note, the US Treasury Secretary branded crypto money as a “national security threat.”