An Overview of Cryptocurrency Crimes in Japan and its Regulatory Framework
The first half of 2021 has been a prosperous time for the blockchain ecosystem while cryptocurrencies are gaining momentum globally, not only because of the overall expanding market cap, but due to the increase in worldwide adoption as well.
Stimulating news like the fact that Mastercard is bringing crypto onto its network, El Salvador looking to become the world’s first country to adopt Bitcoin as legal tender or local communities in Switzerland will accept tax payments in cryptocurrencies are only a few of the significant signs indicating that blockchain and cryptocurrencies have moved from a speculation status to an uptrend with powerful value. Some recent reports even go as far as saying that “by 2030, blockchain technology is expected to be a significant contributor to the global GDP, lifting it up by close to USD 2 trillion”.
The State of Cryptocurrencies in Japan
As one of the most innovative regions in the world, Japan has played a tremendous role in the growth of blockchain technology and cryptocurrencies across Asia. Japan has the world’s third-largest economy, having achieved remarkable growth and is maintaining its position as one of the world’s leaders in technology and innovation despite its more reticent general approach.
The country is also currently known as one that offers the world’s most progressive regulatory climates for cryptocurrencies. Although it is a land recognized to be the world’s most crypto-averse, Japan saw more than 7 times the number of crypto deposits this year in comparison to 2020. At the same time, it recognizes Bitcoin and other virtual currencies as legal property under the Payment Services Act (PSA).
As a result, in February 2020, crypto assets worth about 650 billion yen were traded in kind, but by the end of February 2021, it jumped to more than 4,170 billion yen and perhaps one of the most significant news of the year for the region came from Rakuten, a Japanese electronic commerce and online retailing company based in Tokyo, when they announced that starting with February 2021, users will be able to top-up their Rakuten Cash balance, an online e-currency provided by the Rakuten Group, with Bitcoin and other cryptocurrencies.
The main cyberthreats related to cryptocurrency in Japan
Japan is an interesting market to look at in terms of cryptocurrency cyberthreats and regulations, as the country has suffered the two biggest exchange hacks in history — the Mt. Gox and CoinCheck incidents.
As of today, there are 29 cryptocurrencies being traded on 27 licensed exchanges.
In January 2018, Japanese cryptocurrency exchange CoinCheck suffered one of the biggest hacks losing close to 533 Million USD. The hackers penetrated into their networks through a malicious email attachment that caused a sequence of malicious processes to run inside victim machines and steal private keys. Our investigation reveals the details of the sequence of malicious processes and the operation techniques used by North Korean APT group “Lazarus” to conduct the attack. Using the same technique, we also found other targeted exchanges in South Korea such as Upbit and Bithumb.
Additionally, another memorable incident that took place in Japan was in September 2018 when Zaif Exchange experienced a hack that led to the loss of approximately 60 Million USD worth of cryptocurrencies at that time.
Since Uppsala Security was in full operational mode during that unfortunate event, we instantly got involved and initiated our own investigation to support both the Zaif Exchange as well as its users during that critical time. Moreover, we released a comprehensive article covering our key findings; this was possible because of our dedicated in-house investigatory team and our revolutionary in-house tools which are now available for use by government agencies, enterprises, and other organizations.
Despite the significant exchange hacking cases, current concerns consider, not only hacking as a severe issue, but also the malicious actions caused by scamming, impersonation and fraud, which account for a serious number of the crypto assets loss. Impersonations, social media related scams, phishing websites and fraudulent activities on dating apps are all very real threats within Japan and the rest of the crypto world and those factors have caused irreversible financial damage. On the bright side, there are already several protective measures that can help prevent such damages, like, for example, UPPward, our Internet browser extension; it is compatible with use on Chrome, Brave, Edge and Firefox browsers and acts as a security shield against various online cyberthreats, and is available without any fee.
The Japan Regulatory Framework
Japan was the first country in the world to have enacted a law defining “crypto asset” as a legal term while at the same time imposing restrictions and guidelines in the area. Some might argue that this came as a plan to slow down the adoption of these revolutionary digital assets but actually, in the long term, regulations are extremely important for the overall health of an economy and can prevent many unwanted activities such as malicious crimes, tax evasion due to uncertainty or confusion in terms of the legality of certain activities.
Further recent regulations of cryptocurrencies in Japan include amendments to the Payment Services Act (PSA) and to the Financial Instruments and Exchange Act (FIEA), which took effect in May 2020. Part of the amendments was the introduction of the term “crypto-asset” instead of “virtual currency”, placing more significant restrictions on administering users’ virtual assets, and more firmly regulating crypto derivatives trading. Under the new laws, cryptocurrency custody service providers fall under the scope of the PSA while cryptocurrency derivatives businesses fall under the scope of the FIEA.
Crypto AML & Compliance Solutions available in Japan
Uppsala Security built the world’s first crowdsourced Threat Intelligence Platform, powered by A.I., blockchain, and machine learning technologies, and has been active in the Japanese market since its establishment in early 2018 when we began providing both B2B and B2C unique, leading-edge cybersecurity solutions.
„New technical solutions are being developed every day, however, the ability to ensure full compliance is still questionable for most of them. Our products enable users and organizations to have the tools needed to show how global regulation together with our security solutions for Virtual Assets Service Providers enable consumers, governments, and enterprise to have confidence in both the stability and the security of their digital assets, for institutions to invest, and for the industry to grow and expand successfully.” — John Kirch, Sales and Business Development, Senior Vice President, Uppsala Security.
The AML and Compliance solutions offered by Uppsala Security have been readily adopted and implemented by well respected organizations to comply with some of the strictest cryptocurrency regulations in the world. One example of this is a digital asset proprietary trading firm, based in Singapore, utilizing our products called Crypto Analysis Transaction Visualization (CATV) and Crypto Analysis Risk Assessment (CARA) tools to meet the latest rules and regulations of Singapore’s Payment Services Act (PSA). The PSA is in itself compliant to the global standards of the “Travel Rule” as prescribed by the Financial Action Task Force (FATF). A piece discussing the use of our products and services for achieving “regulatory compliance” can be found in the thorough Use Case that we released in the first half of 2021.
Also, earlier this month we announced a Reseller Agreement with Terilogy Worx, a leading provider of advanced Cyber Security solutions and services in Japan, a partnership which will assist and support Japanese organizations interested in having ready access to easy-to-use, advanced software tools for crypto regulation compliance that can facilitate their efforts to detect, analyze, and prevent crypto crime. Those products include the following:
1. The Interactive Cooperation Framework -API (ICF-API)
The Interactive Cooperation Framework-API (ICF-API) is a RESTful API designed to integrate with financial software applications or real-time querying services to enable real time protection of digital assets, including cryptocurrencies, from malicious threats, scams, and fraudulent transactions. The capabilities of the ICF-API include direct real time access to Threat Intelligence Data with over 60 Million Threat Indicators along with real-time data queries and ready access to well defined crypto asset risk scores and labels.
2. The Crypto Analysis Transaction Visualization (CATV)
The software solution called Crypto Analysis Transaction Visualization (CATV) is a forensics tool providing crypto transaction flows, of both upstream and downstream transactions, of a selected user’s wallet. With CATV, a user can track, analyze, monitor, audit, and visualize crypto transactions graphically displaying the flow of tokens and the types of wallets those tokens have interacted with. Users can leverage CATV via its GUI and its API.
3. Crypto Analysis Risk Assessment (CARA)
The software tool called Crypto Analysis Risk Assessment (CARA) is an intuitive, easy to use solution that generates a Risk Score for a user selected crypto address by applying Machine Learning algorithms that leverage knowledge learned from behaviors exhibited by known malicious wallets and normal safe wallets. Users with an active annual subscription can access CARA on an on-demand basis and enter queries about a specific wallet address using its UI and its API. The tool is also compliant with the Risk-Based Approach (RBA), as recommended by the Financial Action Task Force (“FATF”).
4. Threat Reputation Database On-premise Management System (TOMS)
Delivering services for today’s leading hyperconnected organizations, one of our most recently released products is TOMS, a unique solution created to satisfy an increased demand by Regulators and Developers for “on-premise solutions” that meet the latest and strictest regulatory compliance requirements in the digital assets space. TOMS is platform agnostic and can be deployed on any organization’s network and integrated with its applications and services via a RESTful API. This solution can scale to provide additional data and run in isolation.
“As blockchain technology continues to evolve and offer greater capabilities for addressing the technological challenges such as scalability, decentralization and tokenization of assets, we expect to see more solutions based on artificial intelligence, machine learning, and big data. At Uppsala Security we are all about helping our clients to be well-prepared and ready when regulators decide to impose new measures and guidelines on revolutionary technologies; we already have a rich security platform composed of products that can quickly help, not only enterprises and corporations, but also government bodies to stay one step ahead of the bad actors leveraging insights, speed, and cutting-edge products and solutions.” — Patrick Kim, Founder & CEO, Uppsala Security.
