Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zaif Cryptocurrency Exchange Suffers $60 Million Hack (zdnet.com)

Posted by BeauHD on from the hot-to-trot dept.

Hackers were able to steal $60 million worth of company and user funds belonging to the Zaif Japanese cryptocurrency exchange. The breach occurred last week, but the company discovered the hack on Monday, September 17. An anonymous reader shares the report from ZDNet: Investigators are still gathering details, but Zaif said the hack took place on September 14, between 17:00 and 19:00 local time, when the attacker siphoned off three types of cryptocurrencies from the company's "hot wallets." [A "hot wallet" is a term used to describe a cryptocurrency addresses with light security measures where a cryptocurrency exchange keeps funds for immediate transactions, such as cryptocurrency-to-cryptocurrency or cryptocurrency-to-fiat (and vice versa) operations.] Zaif says the hacker stole Bitcoin, Bitcoin Cash, and MonaCoin from its hot wallet, all three worth 6.7 billion Japanese yen (roughly $59.67 million) when combined. Of the 6.7 billion stolen yen, 2.2 billion yen -- 32 percent -- were Zaif funds, while 4.5 billion yen were customer funds. Zaif plans to secure a 5 billion yen loan to pay back affected customers.

32 comments

  1. Wow by olsmeister · · Score: 1, Insightful

    That is a hack worth doing. That guy is set for life now... if he's smart enough to hang up his spikes and call it quits.

    1. Re:Wow by chill · · Score: 3, Informative

      Assuming they can convert it into real money -- Dollars, Euro, Yen. What are you going to do with $60 million of crypto currency if you can't transfer it to something you can really spend?

      Turning crypto to real is where the danger is -- no anonymity when you show up at the bank.

      --
      Learning HOW to think is more important than learning WHAT to think.
    2. Re:Wow by Anonymous Coward · · Score: 0

      After the first exchange in Japan pulled a big fraud Mt. Gox it is just a bit suspicious. If you have an exchange and are struggling, then it is tempting to just steal your customers money. So open up a vulnerability, get an accomplice to "steal" the crypto then tell your customers that you got hacked.

      No one better than an exchange operator knows how to turn crypto to cash in untraceable ways (I have no idea what they are.) In fact this is probably the most common question that the exchange gets asked. "How can I turn my crypto to cash without getting traced, for um tax purposes." Probably if you searched for that online you would find a wiki-how or something.

    3. Re:Wow by Anonymous Coward · · Score: 0

      ZCash first. Then it's untraceable. (Or one of the other ZCash equivalents.)

    4. Re:Wow by Anonymous Coward · · Score: 0

      Are you suggesting you can't spend crypto as easily as real money? The crypto-nuts here have assured us that crypto is better and safer and easier to spend in every way. Becoz... errr... sticking it to the man!

    5. Re:Wow by ole_timer · · Score: 1

      nice problem to have...even if they lose 50% they're still way ahead...

      --
      nothing to see here - move along
  2. Why are so many of these getting hacked? by Anonymous Coward · · Score: 0

    Run by con men, nearly (if not technically illegal) crooks? It's easy money without providing much of anything valuable. Not the sharpest tools in the shed. Then again, the earliest bankers did little but "safe keep" others money knowing few would return to make use of it.

    1. Re:Why are so many of these getting hacked? by AuMatar · · Score: 1

      You're assuming the guys in charge weren't the hackers. Get a nice little assured payoff, probably more than they'd get selling it.

      --
      I still have more fans than freaks. WTF is wrong with you people?
  3. Sucks to be Zaif by Anonymous Coward · · Score: 0

    Not my problem.

    1. Re:Sucks to be Zaif by Zaiff+Urgulbunger · · Score: 1

      It's certainly a challenging time to be me, but me... but I shall get through this!

  4. Who will loan them 5 billion yen!? by Anonymous Coward · · Score: 0

    Seriously, they've literally proved their security wasn't worth a damn and is just another nail in the cryptocurrency coffin, no one in their right mind will ever lend them that 5 billion yen.

  5. The HOT wallet is not support to have 60M$! by JcMorin · · Score: 0

    The concept of a HOT wallet is like cash you carry around, it's supposed to a small amount... more possible to get hacked as it's connected to the internet and allowed automated withdrawal. But the system is supposed to keep most money offline via COLD wallet that need human interaction to refill the HOT wallet. 60M is way to much for a HOT wallet.

    1. Re:The HOT wallet is not support to have 60M$! by Comrade+Ogilvy · · Score: 4, Insightful

      I would bet a very large amount of money that most of these exchange hacks are inside jobs. It is probably not an "accident" that so much was in the hot wallet, because one of the people whose jobs it is make intelligent decisions about such things did not want an appropriate amount. Note also how it took multiple days to discover the theft.

      Is it really so hard to monitor the appropriate blockchains and figure out if your hot wallet is being drained?
      Is it really so hard to be notified within 1 hour that there is a huge problem?

      The reason easy and obvious risk mitigation measures were not taken is because someone(s) did not want to mitigate risk.

      Inside job.

    2. Re: The HOT wallet is not support to have 60M$! by Anonymous Coward · · Score: 0

      Pretty much this. Someone always comes along and says "never attribute to malice that which can be explained by stupidity" but that's really one of the stupidest quotes ever invented. Some things are malice and some things are stupidity--it should always be worth the effort finding out the truth.

      It's too easy for Crypto companies to pull off an inside job and say "ah, it was hackers. Yep, looks like North Korean hackers got us, sorry guys." And every idiot believes them. Even if those things happen, who's to say an insider didn't make a deal with the hackers to begin with.

      It's just like the vast majority of all kidnappings are by people already close to the victim, a statistic that still surprises a lot of people.

    3. Re: The HOT wallet is not support to have 60M$! by Anonymous Coward · · Score: 0

      Ah I get it. Like how Mt. Gox was an inside job. "Whoops our security sucks. No that's not my home IP and personal crypto account!"

    4. Re: The HOT wallet is not support to have 60M$! by Anonymous Coward · · Score: 1

      Blockchain is either convenient or risky. It can not possibly be both. Either you pay higher than credit card fees for small transactions (in which case there is no point), or you have to keep high liquidity in an exchange to have the transaction not take tens of minutes or even hours or days.

      If it is fast because an exchange handles it in house, the house can be hacked/embezzle coins. If it is secure in an offline usb key wallet, then it takes time and a fee to put it on the exchange, another fee to get it to the vendor and a third fee for them to turn it into cash. For mass market use bitcoin and co are like a credit card with a twenty dollar swipe fee plus a ten percent cash advance fee.

    5. Re:The HOT wallet is not support to have 60M$! by Zaiff+Urgulbunger · · Score: 1

      Inside job.

      You take that back! Right now!!

    6. Re:The HOT wallet is not support to have 60M$! by Comrade+Ogilvy · · Score: 2

      History is a blockchain. The protocol does not support reversals.

    7. Re: The HOT wallet is not support to have 60M$! by ole_timer · · Score: 1

      blockchain is fine, it's just a ledger...stupidity is not...and never has been...

      --
      nothing to see here - move along
    8. Re: The HOT wallet is not support to have 60M$! by ole_timer · · Score: 1

      shame on those for putting what they were not willing to lose into any crypto-coin...

      --
      nothing to see here - move along
  6. Re:Crypto? That crap is still around? by JcMorin · · Score: 2

    get used to it... just like the electricity or the internet it's not something you can "un-invent"!

  7. Not your keys, not your coin. by xtal · · Score: 0

    Learned my lesson the hard way.

    Sucks, but crypto is cash, and itâ(TM)s unregulated.

    But a hardware wallet and know how to use it.

    --
    ..don't panic
  8. Can you get idiot insurance? by humankind · · Score: 1

    Who's going to secure a loan to pay back clients of a company who had shitty security, engaging in a ponzi schemes?

    1. Re:Can you get idiot insurance? by Anonymous Coward · · Score: 0

      taxpayers

  9. It wuz haxx0rz! by Anonymous Coward · · Score: 0

    You can stop reading now. There's guaranteed to be no honest information of interest to be had.

  10. Re:Crypto? That crap is still around? by Anonymous Coward · · Score: 0

    What have we built here though? For most bad inventions they usually fizzle out pretty quickly. In the case of BitCoin we saw this weird spike in sales of hardware to support the effort, vast installations of miners and spinning up brand new power plants to fuel it. It's a crazy amount of infrastructure to throw at something that's just a fad. For a while it completely distorted the GPU market which was being bought up completely for the purpose of BitCoin mining.

    All that infrastructure has to go somewhere now. A lot of companies are executing their exit strategies which might include selling off that infrastructure - cheap 2nd hand GPUs flowing onto eBay to try and float these dead companies. Nobody will tell the truth since they need to dump their capex quickly before anyone notices they screwed up. These big heists are basically companies trying to grab dead coins so they don't fail so hard.

    We'd call it fraud, but since these aren't recognized monetary instruments this is just "hacking", and it's business as usual.

  11. i have an Egyptian mummy by Anonymous Coward · · Score: 0

    and she is into cryptcurrency.

  12. Re:Crypto? That crap is still around? by Anonymous Coward · · Score: 0

    We? You haven't built anything.

  13. TOO hot by Anonymous Coward · · Score: 0

    Over 9000 coins in hot wallets ?

    Not very safe... should keep it to under 3000 in the future...

  14. Sony did it by Drunkulus · · Score: 1

    60 million lucky winners will find the cryptocurrency in random loot boxes on Playstation Classic.

  15. Corporate Motto by Anonymous Coward · · Score: 0

    "Your money is Zaif with us!"