Major Security Incident at Japanese Crypto Assets Exchange

Recently, a well-known Japanese crypto assets exchange experienced a serious security incident, resulting in a large amount of Bitcoin being illegally transferred. Although the authorities have not yet released an official investigation result, according to blockchain data analysis, this is likely a massive case of crypto assets theft. It is reported that the amount involved is as high as approximately $300 million.

This incident somewhat recalls a cryptocurrency exchange theft that occurred years ago in Japan. Currently, the involved exchange has taken several measures, including suspending new user registrations, restricting asset withdrawals, and limiting spot trading buy orders. The exchange has also publicly committed to bear all losses caused by this incident. For this well-established exchange, the loss of $300 million, while substantial, is still within a controllable range, which is a silver lining for investors.

Asset Management Measures of the Exchange

The involved exchange belongs to a well-known comprehensive entertainment group in Japan. This group entered the financial market in 2009 and quickly grew to become one of the top forex brokers globally. In recent years, the group has gradually transformed and ventured into the rapidly developing Crypto Assets field.

Learning from the lessons of predecessors, the exchange has established strict protection and regulatory mechanisms for Crypto Assets. According to professional analysis, the exchange has taken the following measures:

1. Physically isolate and manage customer assets.
2. More than 95% of customer assets are stored in cold wallets.
3. The transfer from cold wallet to hot wallet requires approval from multiple departments.
4. The transfer operation is ultimately executed by a team consisting of two people.

These measures should have provided a considerable degree of security for customer assets, so how did such a serious security incident occur?

Innovative Attack Techniques of Hackers

Although the exchange has not disclosed the specific reason for the incident, blockchain data analysis excludes the possibility of insider wrongdoing. It is likely that the trading personnel accidentally fell into a new type of address fraud trap. In short, the exchange's operators may have mistakenly transferred assets to a false address that is very similar to the correct one.

This attack method may seem simple, but it is very effective. It does not rely on system vulnerabilities or complex technical means, but rather takes advantage of human errors in operation.

Hackers may carry out attacks in the following ways:

1. Use computers to generate massive public key addresses
2. Look for addresses similar to those commonly used by exchanges in the generated addresses.
3. Use the similarity of addresses to confuse exchange operators

For example, the real address of the exchange might be:

1B6rJ6ZKfZmkqMyBGe5KR27oWkEbQdNM7P

And the similar addresses generated by hackers might be:

1B6rJRfjTXwEy36SCs5zofGMmdv2kdZw7P

If the operator only checks the beginning and end of the address, it is very likely that the assets will be mistakenly transferred to an address controlled by hackers.

Follow-up on the Event

Currently, professional institutions have traced the stolen assets to 10 different addresses, which have been marked as involved addresses. The exchange has reported the case to the police, and the investigation is underway.

Compared to similar incidents in the past, the handling of this exchange shows a significant improvement in the industry's crisis management capabilities. The exchange proactively issued an announcement, pledging to bear user losses, which effectively stabilized market sentiment and avoided potential panic selling. This approach not only reflects the exchange's sense of responsibility but also indicates the continuous improvement of the Crypto Assets industry in compliance and risk management.