Hackers Behind Zaif Crypto Exchange Theft May Have Been Exposed

Cybersecurity experts from Mitsubishi Group say they may have identified data that could locate the hackers of the Zaif crypto exchange.

AccessTimeIconNov 5, 2018 at 2:35 p.m. UTC
Updated Sep 13, 2021 at 8:33 a.m. UTC

Cybersecurity experts at Japan Digital Design, a subsidiary of Mitsubishi UFJ Financial Group (MUFG), say they've found possibly revealing information on the bad actors behind the $60 million hack of Japanese crypto exchange Zaif.

The company announced in a press release Monday, that it has been investigating the outflow of funds from Zaif since soon after the hack, in association with Takayuki Sugiura at information-security consultancy L Plus and security experts from a "capture the flag" cybersecurity team called TokyoWesterns.

Once some of the stolen funds, in the monacoin cryptocurrency, started being moved late last month, Japan Digital Design said it was able to identify the "source" of the attackers.

The team added that it has shared this information with the authorities, saying: "Since the Monacoin began moving from October 20, we estimated the source of 5 transactions in question and provided information to the authorities concerning the characteristics of the transaction originator."

While there are few specific details provided and it is also unclear how accurate the data collected is, the release further states (via online translation):

"In the investigation of the leaked virtual currency, remittance route has been analyzed through static analysis of the block chain, but with this effort, by deploying the virtual currency node on a large scale after the outflow of the virtual currency, we verified whether we can obtain clues such as source IP address etc. We also got useful data to grasp the accuracy of the information and the cost of tracking."

Zaif, a licensed crypto exchange in Japan, was hacked in September, losing cryptocurrency worth around $60 million at the time, including bitcoin, bitcoin cash and monacoin.

Last month, Japanese financial regulator, the Financial Services Authority (FSA), said it was seeking information from Tech Bureau, the operator of Zaif, including why there was a delay in reporting the hack.

Tech Bureau also revealed in October a plan to compensate users who lost funds in the attack – a move that saw it sign an agreement to transfer the Zaif exchange business to publicly listed investment firm Fisco.

Japan reportedly lost $540 million to crypto hacks in the first six months of 2018, according to the data from National Police Agency (NPA).

Tokyo image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.