Hackers Behind Zaif Crypto Exchange Theft May Have Been Exposed

Cybersecurity experts from Mitsubishi Group say they may have identified data that could locate the hackers of the Zaif crypto exchange.

AccessTimeIconNov 5, 2018 at 2:35 p.m. UTC
Updated Sep 13, 2021 at 8:33 a.m. UTC

Cybersecurity experts at Japan Digital Design, a subsidiary of Mitsubishi UFJ Financial Group (MUFG), say they've found possibly revealing information on the bad actors behind the $60 million hack of Japanese crypto exchange Zaif.

The company announced in a press release Monday, that it has been investigating the outflow of funds from Zaif since soon after the hack, in association with Takayuki Sugiura at information-security consultancy L Plus and security experts from a "capture the flag" cybersecurity team called TokyoWesterns.

Once some of the stolen funds, in the monacoin cryptocurrency, started being moved late last month, Japan Digital Design said it was able to identify the "source" of the attackers.

The team added that it has shared this information with the authorities, saying: "Since the Monacoin began moving from October 20, we estimated the source of 5 transactions in question and provided information to the authorities concerning the characteristics of the transaction originator."

While there are few specific details provided and it is also unclear how accurate the data collected is, the release further states (via online translation):

"In the investigation of the leaked virtual currency, remittance route has been analyzed through static analysis of the block chain, but with this effort, by deploying the virtual currency node on a large scale after the outflow of the virtual currency, we verified whether we can obtain clues such as source IP address etc. We also got useful data to grasp the accuracy of the information and the cost of tracking."

Zaif, a licensed crypto exchange in Japan, was hacked in September, losing cryptocurrency worth around $60 million at the time, including bitcoin, bitcoin cash and monacoin.

Last month, Japanese financial regulator, the Financial Services Authority (FSA), said it was seeking information from Tech Bureau, the operator of Zaif, including why there was a delay in reporting the hack.

Tech Bureau also revealed in October a plan to compensate users who lost funds in the attack – a move that saw it sign an agreement to transfer the Zaif exchange business to publicly listed investment firm Fisco.

Japan reportedly lost $540 million to crypto hacks in the first six months of 2018, according to the data from National Police Agency (NPA).

Tokyo image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.