Slashdot Mirror
Zaif Cryptocurrency Exchange Suffers $60 Million Hack (zdnet.com)
Hackers were able to steal $60 million worth of company and user funds belonging to the Zaif Japanese cryptocurrency exchange. The breach occurred last week, but the company discovered the hack on Monday, September 17. An anonymous reader shares the report from ZDNet: Investigators are still gathering details, but Zaif said the hack took place on September 14, between 17:00 and 19:00 local time, when the attacker siphoned off three types of cryptocurrencies from the company's "hot wallets." [A "hot wallet" is a term used to describe a cryptocurrency addresses with light security measures where a cryptocurrency exchange keeps funds for immediate transactions, such as cryptocurrency-to-cryptocurrency or cryptocurrency-to-fiat (and vice versa) operations.] Zaif says the hacker stole Bitcoin, Bitcoin Cash, and MonaCoin from its hot wallet, all three worth 6.7 billion Japanese yen (roughly $59.67 million) when combined. Of the 6.7 billion stolen yen, 2.2 billion yen -- 32 percent -- were Zaif funds, while 4.5 billion yen were customer funds. Zaif plans to secure a 5 billion yen loan to pay back affected customers.
That is a hack worth doing. That guy is set for life now... if he's smart enough to hang up his spikes and call it quits.
I would bet a very large amount of money that most of these exchange hacks are inside jobs. It is probably not an "accident" that so much was in the hot wallet, because one of the people whose jobs it is make intelligent decisions about such things did not want an appropriate amount. Note also how it took multiple days to discover the theft.
Is it really so hard to monitor the appropriate blockchains and figure out if your hot wallet is being drained?
Is it really so hard to be notified within 1 hour that there is a huge problem?
The reason easy and obvious risk mitigation measures were not taken is because someone(s) did not want to mitigate risk.
Inside job.