Japanese cryptocurrency firm Tech Bureau Corp’s Zaif exchange was hacked mid-month, where virtual coin losses amounted to 7 billion yen ($60 million).
Today, the country’s financial watchdog has accused the firm of failing to provide details on how thieves hacked the exchange and also for not explaining its delay in reporting the hack itself.
Financial Services Agency Now After Zaif
Tuesday, the Financial Services Agency (FSA) issued a business improvement order to the Osaka-based firm ordering it to provide details how the theft occurred, what measures will be put in place to prevent it happening again, and how it plans to compensate customers.
“We have not received enough explanation on what exactly happened. What they told us is an employee’s PC was hacked,” a senior official at Financial Services Agency told reporters at a briefing. The official, who declined to be identified, warned that further action could be taken against the Tech Bureau if necessary, reports Reuters.
The exchange was hacked over a two-hour period on September 14th. On the 17th it detected server problems which the following day confirmed the hack. It was then that Zaif notified authorities. The funds stolen were in the forms of Bitcoin, Bitcoin Cash, and Monacoin, about 2.2 billion yen ($20 million) of these belonging to the exchange and the rest to clients.
Third Business Improvement Order:
This was actually not the first business improvement order served on Zaif, in fact, this most recent order is the third this year. Zaif, the 35th largest exchange in the world, was among those that were ordered to improve their operations after the Coincheck hack earlier this year. They first received their first business improvement order in March and their second in June.
Unfortunately, Tech Bureau apparently didn’t act, as both of the business improvement orders demanded the firm rectify their computer system risk management and improve internal protective measures for customers.
“It is extremely regrettable that such an incident happened when [Tech Bureau] was given two business improvement orders,” the Financial Services Agency official said.
According to a notice published on Tech Bureau’s website yesterday, the business improvement order received in March this year called for:
(1) Establishment of an effective system risk management system.
(2) Establishment of a system to respond appropriately to customers.
And the business improvement order received in June called for:
(1) Establishment of business management system.
(2) Establishment of legal compliance system.
(3) Construction of risk management system related to money laundering and terrorist financing.
(4) Establishment of separation management of user property.
(5) Utilization who build a management system in accordance with the protective measures
construction of the risk management system in accordance with the new handling of virtual currency
Last year, Japan became one of the first jurisdictions to regulate cryptocurrency exchanges, attempting to encourage technological innovation while ensuring consumer protection. But the country’s exchanges have come under closer regulatory scrutiny following the theft of $530 million in digital currency from Tokyo-based Coincheck this January.
It’s now a requirement for exchanges to register with the Financial Services Agency and comply with their demands if they wish to operate in the country.