A virtual bank robbery struck Tokyo last month causing a Tokyo exchange to shut down.
Seems like a Hollywood movie trailer, doesn’t it? Unfortunately, it’s all too real.
So how does one steal cryptocurrency?
Well, the details of the actual heist are still fuzzy, but because cryptocurrency is acquired, stored, and used online it certainly makes sense that it could also be stolen online as well.
The online currency which is stored and traded by exchanges such as Bitpoint (owned by Remixpoint) in Tokyo, maintain their cyber-coins in an online app or “wallet.”
To use a cryptocurrency as a method of exchange, you need to have a cryptocurrency wallet. To be able to send, receive, or make purchases using your cryptocurrency your wallet must be available online, meaning it must be hooked up to the internet. If your wallet is considered “hot” it is actively available to the World Wide Web, if it is considered “cold” it is stored offline somewhere safe (think a USB drive or other storage device – hopefully inaccessible to others).
On July 11th, 2019 an error occurred due to the outgoing funds transfer system – it was this error that alerted Bitpoint the cryptocurrency had gone missing from a “hot” wallet. Any funds kept in “cold” wallets or offline storage, was not affected. See the importance?
The $32 million US dollars lost equates to ¥3.5 billion Yen (of which ¥2.5 billion belonged to Bitpoint customers), the rest were assets belonging to the exchange itself.
This is not the first time a virtual bank robbery has taken place in Japan.
In 2014 the Tokyo-based exchange Mt.Gox handled over 70% of all bitcoin transactions worldwide and was the world’s leading bitcoin exchange, that is until it lost 740,000 bitcoins (at the time that was 6% of all bitcoins in existence). The lost coins in value of €460 million in 2014, meant the company was no longer able to sustain operations.
In 2018 Coincheck, (a bitcoin wallet and exchange service headquartered in Tokyo) was hacked for $500 million worth of digital currency – mainly bitcoin. This prompted Japan’s Financial Services Agency (FSA) to send warnings to other virtual currency exchanges of possible cyber-attacks, urging them to upgrade and enhance their security measures.
This warning from the FSA was received by Bitpoint, and although the exchange was advised to reinforce their cybersecurity they were instead hacked in July 2019
Yet another high-profile, virtual bank robbery. Remixpoint has said they will compensate customers for their losses however their stock plunged 20% in response to the hack announcement.
Our takeaway? A cold wallet.
If you need help with your business cybersecurity needs contact DarkHound SecOps at [email protected]
–Emmy Seigler
Sources:
https://www.theguardian.com/technology/2019/jul/12/tokyo-cryptocurrency-exchange-hack-bitpoint-bitcoin
https://www.reuters.com/article/us-japan-cryptocurrency/hacked-tokyo-cryptocurrency-exchange-to-repay-owners-425-million-idUSKBN1FH03D