Cybersecurity experts from a subsidiary of bank holding giant Mitsubishi UFJ say they have found potentially incriminating evidence against Zaif exchange hackers.
Cybersecurity experts say they have found potentially incriminating evidence against the hackers of Japanese crypto exchange Zaif, according to an official statement today, Nov. 5. The experts are from Japan Digital Design Co. (JDD), a subsidiary of bank holding giant Mitsubishi UFJ Financial Group (MUFG).
As previously reported, as a result of a security breach on the Zaif exchange in mid-September, hackers succeeded in stealing 6.7 billion yen (about $59 million at press time) worth of crypto assets belonging to both users and to the exchange itself. Specifically the compromised funds consisted of 5,966 bitcoins (BTC), in addition to Bitcoin Cash (BCH) and MonaCoin (MONA).
Today’s statement outlines that since the stolen Monacoin began to be moved from Zaif Oct. 20, JDD has succeeded in identifying the source of 5 of the transactions in question and has provided information to the authorities concerning the characteristics of the transactions’ originator.
In order to track the stolen currency, JDD conducted a hackathon in late September together with local cybersecurity team TokyoWestern and security firm EL Plus, drawing upon infrastrastructure from multiple cloud services. The post states that:
“In the investigation of the stolen virtual currency, the remittance route was analyzed through a static analysis of the blockchain […] by deploying the virtual currency node at a large scale […] we verified whether we can obtain clues such as source IP address etc.”
At the end of September, the operator of Zaif, Tech Bureau, received its third business improvement order from Japan’s Financial Services Agency (FSA). The FSA indicated that it considered that Tech Bureau’s investigation into the causes of the recent hack – as well as its response to customers – were inadequate.
The financial regulator also stipulated that if the operator failed to comply with the order, the agency would potentially resort to severer means, such as a business suspension order and/or cancellation of the exchange’s registration.