Zaif

On September 14, 2018, at approximately 17:00 Japan time, Zaif, a licensed Japanese cryptocurrency exchange operated by Tech Bureau, detected an unusual outflow of funds, resulting in the theft of 6.7 billion yen (approximately $60 million USD) in cryptocurrencies. The breach involved 5,966 bitcoins, alongside unspecified amounts of Bitcoin Cash and MonaCoin, stolen from the exchange’s hot wallets. Zaif, based in Japan, was a regulated platform under the oversight of the Financial Services Agency (FSA), but prior security concerns had led to a business improvement order from the FSA in March 2018, citing deficiencies in security and anti-money laundering measures.

The hack was identified after abnormal transactions prompted Tech Bureau to suspend deposits and withdrawals. Investigations revealed that unauthorized access to the exchange’s hot wallets enabled the theft, though the precise amount of Bitcoin Cash stolen remained unconfirmed. The stolen assets, valued at $60 million based on market prices at the time (with Bitcoin trading around $6,500), represented a significant portion of Zaif’s holdings. The exchange’s own asset reserve of 2.2 billion yen ($20 million) was insufficient to cover the losses, forcing Tech Bureau to secure a 5 billion yen ($44.5 million) investment from Fisco, a Japan-listed firm, in exchange for a major ownership stake.Zaif reported the incident to local authorities as a criminal case, prompting a police investigation.

The breach, which did not affect cold storage or other platform systems, exposed vulnerabilities in hot wallet management and underscored ongoing security challenges in Japan’s crypto sector. This was the second major exchange hack in Japan in 2018, following the $520 million Coincheck theft in January, which had already spurred heightened FSA scrutiny of exchange security practices.The Zaif hack eroded trust in Japanese cryptocurrency exchanges, highlighting the risks of storing significant assets in hot wallets and the need for robust security protocols. The incident amplified calls for stricter regulatory oversight and improved cybersecurity measures across the industry. Zaif’s reliance on external investment to stabilize operations and its prior FSA warning serve as stark reminders of the importance of proactive security and compliance in safeguarding user funds in volatile digital markets.