Zaif cryptocurrency exchange has been hacked, so what now?
Author: Nobel Tan, Security Research Manager
According to news article by Cointelegraph, Zaif, Japanese Exchange encountered a major security breach which led to the loss of USD$59 million dollars’ worth of cryptocurrencies.
This was a result of a security breach that took place last Friday, September 14, where hackers managed to steal not only from users’ hot wallets (worth of 4.5 billion yen) but also, the exchange’s assets, which equivalents to 2.2 billion yen.
Sentinel Protocol was notified based on a report raised by a member of the Sentinel Team in Japan and kickstarted the investigation. The cases as seen below concerns three different addresses for three different cryptocurrencies used by the hackers — Bitcoin (BTC), MonaCoin (MONA) and Bitcoin Cash (BCH).
- Case 78825 — The following BTC wallet address was reported to have received a total of 5,966 BTC, which is valued at estimated US$38 million dollars.
2. Case 78827 — The following MONA wallet address was reported to have received a total of 6.236.810 MONA coins, which is valued at estimated US$5.5 million dollars.
3. Case 78828 — The following Bitcoin Cash wallet address was reported to have received a total of 42,327 BCH, which is valued at estimated US$18 million dollars.
“The security research team at Sentinel Protocol is currently verifying the case to validate if tokens really exist in the wallet addresses that were being reported as well as the volume that was stated to be hacked. We are tracking the movement of tokens and investigating the wallet addresses to ensure it does not belong to any crypto exchange. If the information is proven to be accurate, the wallet addresses will be marked as Blacklisted in our Threat Reputation Database, TRDB which sits on blockchain.
TRDB’s unique feature is that it can prevent hackers from monetizing even after completion of a hack. This can be achieved by blocking wallets and addresses during malicious activities. The integration with UPPward Chrome Extension allows every cryptocurrency exchange in the partner ecosystem to be notified of the possible coin laundering. In an ideal situation, if the exchange stops the transaction of coin, we can successfully demotivate malicious behavior and eradicate theft by hacking. In the future, tracing of hacker’s wallets or transaction will be made simple and more sophisticated with automated machine learning.
The crypto community should remain vigilant against hacks and are not recommended to conduct any transaction with blacklisted wallet address to prevent any further loss,” said Nobel Tan, Security Research Manager, Sentinel Protocol.
Until further information regarding the investigation is released, users can stay safe by using the UPPward Chrome Extension by Sentinel Protocol (https://uppward.sentinelprotocol.io), where wallet addresses can be verified. User can also report hacks, scam and fraud by using the “Report now” feature on the extension.
Zaif is part of the top 150 exchanges in terms of volume according to Coinmarketcap. Earlier this year, it also suffered from a “system glitch” which allowed users to temporarily trade yen for cryptocurrencies at an exchange rate of 0 yen per coin.
