Bitcoin Theft Worth $308 Million Leads to Closure of Japanese Crypto Platform

DMM Bitcoin, a well-known cryptocurrency exchange in Japan, has announced its closure less than six months after it became the target of a devastating cyberattack that saw hackers steal over $300 million worth of digital assets. The company revealed on Monday that it would be transferring all customer accounts and assets to SBI VC Trade, a subsidiary of the prominent Japanese financial services group, SBI Group. This move, though aimed at protecting customer interests, comes as a result of the massive theft of 4,502.9 bitcoins in May 2023, valued at around $308 million at the time, but now worth more than $429 million. DMM Bitcoin emphasized that it has continued to restrict customer withdrawals and purchase orders while investigating the breach, but decided that the prolonged suspension of these services would significantly affect its users’ convenience and security. Therefore, it decided to transfer all operations and assets to SBI VC Trade, a more secure platform that is expected to provide a safer environment for its customers going forward.

The decision to transfer assets is part of DMM Bitcoin’s strategy to minimize further customer inconvenience and ensure that the company continues to prioritize its users’ interests. The company also expressed regret for the prolonged inconvenience caused by the breach, which resulted in the suspension of key services. DMM Bitcoin, which was established in January 2018, signed an agreement with SBI VC Trade on November 29, 2023, with the aim to transfer all customer accounts and assets by March 2025. Despite the ongoing efforts to resolve the issue, DMM Bitcoin’s platform has been under heavy scrutiny since the incident. The breach forced the company to secure a substantial loan to cover the stolen funds, which included a 55 billion yen loan (approximately $367 million) in June 2023. However, DMM Bitcoin has failed to provide a detailed explanation of the cyberattack, including the identity of the hackers, the methods used in the attack, or the whereabouts of the stolen funds.

In addition to the investigation into the breach, Japan’s Financial Services Agency (FSA) has intervened and conducted a comprehensive review of DMM Bitcoin’s operations. The FSA’s investigation revealed serious issues with the company’s internal risk management systems and its handling of cryptocurrency assets. The agency found that DMM Bitcoin had not implemented a proper risk management structure, with the key responsibilities for security, risk management, and development consolidated in the hands of a small group of individuals. The FSA also noted that there were no independent audits of the company’s systems, and its departments were self-auditing, which is a serious regulatory violation. Moreover, DMM Bitcoin was found to have violated several rules surrounding cryptocurrency asset transfers, including failing to preserve transaction logs that would have helped investigators trace the stolen funds. The agency issued a “business improvement order” to the company, but it remains unclear whether any additional penalties will be imposed.

Following the breach, blockchain security firms, including Elliptic, reported that the stolen funds were quickly split and moved across at least 10 different wallets. In July, prominent cryptocurrency researcher ZachXBT suggested that the attack was likely carried out by Lazarus Group, a North Korean state-sponsored hacking operation known for a series of cyberattacks targeting cryptocurrency platforms and financial institutions. ZachXBT also noted that some of the stolen funds were laundered through Huione Guarantee, a controversial Cambodian platform linked to organized crime and reportedly associated with Cambodia’s ruling family. These details have raised concerns about the increasing sophistication of cybercriminal operations and the role of state-sponsored groups in targeting the cryptocurrency sector.

This breach is part of a troubling trend in the cryptocurrency industry, which has seen a sharp increase in cyberattacks over the past year. According to blockchain research company Chainalysis, cybercriminals stole nearly $1.6 billion from cryptocurrency platforms in the first half of 2024 alone, a significant rise from the $857 million stolen during the same period in 2023. Other major incidents this year include thefts of at least $230 million from India-based cryptocurrency platform WazirX, $44 million from Singapore’s BingX, and $27 million from Singapore-based Penpie. These incidents highlight the growing risks that cryptocurrency exchanges face, particularly as they continue to be targets for increasingly sophisticated cybercriminals.

In response to the crisis, DMM Bitcoin has announced that it will complete the transfer of all accounts and assets to SBI VC Trade by March 2025. The company has reassured customers that it will take every necessary step to ensure a smooth transition and secure the protection of their assets. However, the closure of DMM Bitcoin and the massive theft of funds underscore the vulnerabilities that still exist within the cryptocurrency ecosystem. This incident highlights the importance of robust risk management systems, comprehensive security protocols, and regulatory oversight to protect users and ensure the integrity of the crypto industry.

DMM Bitcoin’s closure and the subsequent transfer of assets to SBI VC Trade are seen as a necessary step in the aftermath of the attack, but they also serve as a cautionary tale for other cryptocurrency platforms. The breach has revealed significant gaps in the company’s internal processes and risk management, raising questions about the broader security standards in the cryptocurrency industry. As the sector continues to mature, exchanges will need to address these issues and invest in stronger security measures to maintain user trust and protect against future cyber threats. The incident also reinforces the importance of regulatory frameworks that can hold cryptocurrency platforms accountable for ensuring the security and safety of users’ assets, as well as the need for independent audits and transparency in how these platforms operate.