Japanese cryptocurrency exchange Bitpoint’s parent company Remixpoint has just revealed that the operator has lost 3.5 billion yen ($32 million) to hackers, as reported by the Nikkei Asian Review.
¥3.5 billion hacked from Bitpoint cryptocurrency exchange https://t.co/zbdqXgFCIO
— The Japan Times (@japantimes) July 12, 2019
Customer funds worth 2.5 billion yen have been stolen by hackers during the attack. Remixpoint has clarified that it will be compensating those customers who have lost their funds. But that didn’t stop the Bitpoint parent’s stock to plunge as much as 18% on the Tokyo Stock Exchange at one point.
The details of the Bitpoint hack
In a press release (Japanese) revealing the details of the hack, Bitpoint said that it “detected an error related to Ripple remittance,” and on further investigation, it was found that the Ripple tokens were “leaked illegally.”
Further investigation of the hack led Bitpoint to the revelation that Ripple wasn’t the only cryptocurrency being targeted. The company said that it detected “fraudulent outflows of virtual currency stored in BPJ-managed hot wallets” on the night of July 11. The virtual currency stored in Bitpoint’s hot wallet included bitcoin, bitcoin cash, ethereum, and litecoin as well.
Once the hack was detected, Bitpoint put web transactions on hold early this morning before stopping all services at 10:30 am. It is not clear at this point as to when Bitpoint will resume operations once again.
A disaster waiting to happen
Japan’s Financial Services Agency had issued an operational improvement order to Bitpoint last year. The agency believed that the cryptocurrency exchange had poor internal controls, and wanted Bitpoint and a few other exchanges to ensure the enforcement of proper measures to protect users.
The order was lifted at the end of June. So it didn’t take long for bad actors to get into the scene and cripple Bitpoint once again.
Bitpoint’s hack adds to the numerous attacks cryptocurrency exchanges have witnessed this year. Bad actors have stolen as much as $1.2 billion in the first quarter of 2019 through cryptocurrency scams, theft from exchanges, fraud, and misappropriation of funds. Of this, cryptocurrency thefts and scams alone accounted for $356 million.
Cryptocurrency thefts, fraud hit $1.2 billion in first quarter: report #Cryptocurrency thefts alone reached $356 million in first quarter of 2019; Cross-border payments from US exchanges to offshore exchanges increased 45% #AML #FATF https://t.co/ktlIzUCud3
— CipherTrace (@ciphertrace) May 1, 2019
For comparison, the total loss from cryptocurrency thefts and scams last year came in at $1.7 billion, so we are on track to see a massive spike in that number in 2019.
CipherTrace, the cybersecurity firm that came up with this data, has blamed mismanagement and poor regulations for the massive spike in cryptocurrency thefts and fraud this year. CipherTrace CEO Dave Jevans had said:
“I would also add that insider issues such as fraud or theft have grown mostly due to operations outside of the U.S. where regulations are poor, or simply due to greed and mismanagement by young management teams at these cryptocurrency companies that are managing hundreds of millions or even billions of dollars.”
The fact that Bitpoint was attacked just after the operational improvement order was lifted indicates that the cryptocurrency exchange didn’t do much to improve its internal controls.
Such lapses could wreck investor confidence and sabotage the impressive rally that the likes of bitcoin have delivered this year. This is why exchanges need to bring their A-game as far as protection of consumers’ money is concerned.