Hackers Growing Smarter, But Japanese Crypto Exchanges Say They’re Fighting Back
Crypto exchanges’ past security woes are well documented. But in 20204, they continue everywhere, with multi-million dollar hacks now a seemingly regular occurrence.
Last month, Chainalysis reported a drop in overall illicit crypto transactions. But it also noted that this year has already seen a 2.8% rise in hacking attacks.
By the midpoint of this year, the cumulative value of stolen cryptocurrencies had hit the $1.58 billion mark. That represents an 84% increase compared to the same period in 2023.
Crypto Exchanges: A Top Target for Hackers?
For hackers, exchanges represent the biggest prize in the crypto world. In many cases, millions of USD worth of transactions pass through their platforms every day.
Arguably nowhere on earth has felt the pain of hacks quite as acutely as Japan. The Mt. Gox hack of 2011, and the platform’s eventual collapse in 2014 were crippling blows.
And a potential coup de grace followed in early 2018, with the Coincheck hack – then the biggest hack in crypto industry history.
These security breaches rocked the confidence of Japanese investors, once some of the most crypto-keen people on earth.
Earlier this month, a top Japanese exchange chief noted that yen-Bitcoin trades made up 50% of the global BTC market in 2017-2018.
Japan’s presence has since dwindled to a “small” and “fading” percentage of the global market share.
Surely, the only antidote to Japanese crypto crises will be proving that the sector’s security worries are a thing of the past. So how are exchanges hoping to do this?
Big Challenges for Japanese Platforms
Keisuke Igarashi, the PR Manager at the CEO’s Office at bitFlyer, hints that the task is not easy.
He concedes that hackers’ attacks on crypto asset exchanges are “becoming more sophisticated every day.”
Igarashi told Cryptonews.com:
“In addition to traditional phishing mail attacks targeting employees from the outside, hackers have been contacting employees via social networking services to gain their trust. They try to encourage them to install malicious software.”
In some cases, hackers get even more devious. They have begun hijacking the social networking accounts of former staff members. Attackers then use these accounts to contact current employees.
“There have been recent cases where people have applied for employment positions using profiles and images created by generative AIs.”Keisuke Igarashi, CEO’s Office PR Manager, bitFlyer
bitFlyer says it is responding to these rising threats by collaborating with industry associations and external organizations. These include the JC3 Japan Cybercrime Control Center and the National Police Agency.
Sharing data is another powerful tool, Igarashi said. When the platform detects an “advanced attack,” exchange staff “widely disclose the attack method.”
This tactic, Igarashi said, can help “make similar attack methods and attack codes obsolete.”
“It makes it impossible for hackers to use the same methods on other companies. So the attack methods they have developed will be wasted.”Igarashi
Igarashi noted that bitFlyer has stayed hack-free thanks to factors such as a “high level of security awareness” among its employees, the use of in-house developed wallets “with security in mind,” and “thorough” compliance protocols.
However, even measures like these will be put to the test by next-generation hackers, whose arsenal of tech tools expands by the day.
In the future, Igarashi explained, exchanges will have to deal with advanced social engineering attacks that use AI tools to infiltrate networks.
Exchanges are also concerned that “increasing geopolitical risk” may see “new attack actors” join the fray. Many of these may use “unknown attack methods,” the bitFlyer executive warned.
Some use sophisticated so-called living off the land (LOTL) attacks. These attacks typically use pre-existing software and bona fide system tools to execute malicious activities.
And that, security experts say, lets many attackers go undetected. Igarashi said:
“State-sponsored attack actors have abundant resources and tend to conduct attacks with an awareness of LOTL. That makes it extremely difficult to detect attacks. We need to develop an environment that does not allow LOTL attacks.”
Again, a concerted, industry-wide effort could provide the solution. The bitFlyer executive said that as attack codes “tend to be used for multiple platforms,” players needed “countermeasures to avoid creating weak points on different platforms.”
In Japan and nearby South Korea, strict regulations have limited the number of international tech players active in domestic markets.
This has led to the growth of a scene that is still largely dominated by domestic tech startups. However, experts have previously told Cryptonews.com that many East Asian crypto exchanges are “low-hanging fruit” for hackers.
When asked if this was still the case, Igarashi answered:
“Although it is difficult to answer this question due to the lack of accurate statistical data, one could think that there seems to be a tendency.”
Exchanges: Taking the Initiative
The Japanese industry’s painful memories of the Mt. Gox and Coincheck hacks have led domestic exchanges to take the bull by its horns.
After the events of early 2018, industry chiefs, including the bitFlyer CEO Yuzo Kano, launched a new self-regulatory body.
Named the Japan Virtual Currency Exchange Association (JVCEA), this body systematically audits its member exchanges, ensuring they comply with rules and regulations.
“The JVCEA has worked to create an environment in which transactions can be conducted with peace of mind, thereby restoring public trust.”Igarashi
Exchange staff are also working on initiatives like the Cryptoassets Governance Task Force (CGTF), a study group that tries to establish industry-wide security standards.
Kano and others say they are also working on security and investor protection methods with Tokyo officials. Igarashi concluded:
“We will continue to work with the government and industry associations. We want to improve the environment so the industry can continue to earn the trust of society.”
