Vulnerabilities of transaction via hot wallets

On July 12, 2019, Tokyo-headquartered cryptocurrency exchange Bitpoint promptly suspended its services after noticing an error in the outgoing funds transfer system. Soon, an official announcement followed, revealing that the trading platform had lost around 3.5 billion yen (roughly $32 million) as a result of a security breach. 

The exchange’s administration has managed to find a portion of the missing funds since the initial announcement was published. Nevertheless, the security breach seems to continue the streak of hacks targeting Japan-based exchanges.  According to the breakdown of the hack published by Bitpoint’s parent firm, Remixpoint Inc., Bitcoin (BTC) accounted for the highest share of total losses. The total amount of stolen BTC (1,225) is worth over 15 billion yen (just over $138 million). Further, over 28 million XRP (10 billion yen, or $92 million) and 11,169 ETH (3.3 billion yen, or $30 million were taken away by the hackers. Additionally, the fraudsters stole 1,985 Bitcoin Cash (BCH) and 5,108 Litecoin (LTC), worth 1,2 billion yen, or $11 million. 

The breach occurred due to unauthorized access to the private keys of its hot wallet, Remixpoint Inc. indicated in the document. Bloomberg has reported that shares of the company shed 19% after the news of the incident surfaced and became untraded in Tokyo at some point due to what the publication called “a glut of sell orders.”  Later, on July 14, local English-language publication The Mainichi reported that Bitpoint has discovered over 250 million yen (around $2.3 million) in cryptocurrency on overseas exchanges that were using a trading system provided by Bitpoint Japan. The exchange’s spokesperson reportedly told The Mainichi that the recent discovery brings the total sum of lost founds down from 3.5 billion yen (about $32 million) to 3.02 billion yen (approximately $28 million). 

Genki Oda, founder and CEO of Bitpoint, told Cointelegraph that his platform is going to compensate its users, although without mentioning any specific time frame. Additionally, Oda said it was in touch with fellow exchanges Binance and Huobi regarding the freezing of stolen funds that have allegedly ended up in their wallets following the security breach. Such collaboration with other trading platforms is a common method of mitigating cryptocurrency hacks, as it prevents fraudsters from cashing-in on their loot. “If you know other way for locking or getting back the hacked crypto, please let us know the ways,” Oda added.  Moreover, Bitpont has announced it is going to compensate customers in cryptocurrencies rather than in their equivalent fiat value. 

Link: https://cointelegraph.com/news/bitpoint-hack-shows-that-regulators-scrutiny-does-not-equal-safety