Stolen 48.2 billion yen! DMM Bitcoin exchange announces closure.
(Crypto City) Previously reported that Japan's DMM Group's cryptocurrency exchange DMM Bitcoin was hacked at the end of May, losing approximately 48.2 billion yen (about 10 billion NTD) in Bitcoin, possibly related to a North Korean hacking group.
After the incident, the official announced that they would raise 55 billion yen through financing and subordinated loans and would also submit an investigation report to the Financial Services Agency.
Even though some remedial measures were proposed, DMM Bitcoin ultimately abandoned the restructuring of operations.
According to a report from the Nikkei today (12/2), DMM Bitcoin announced its impending shutdown, expecting to transfer user assets worth 96.2 billion yen to SBI VC Trade around March 2025, with the latter paying 3 to 5 billion yen as consideration for the asset transfer.
It is understood that DMM Bitcoin holds two major licenses from the Kanto Finance Bureau and operates as a legally compliant exchange in Japan, currently having about 450,000 users. SBI VC Trade is a cryptocurrency exchange under Japan's SBI Group, currently having about 700,000 users. Through this asset acquisition decision, it will further expand its market scale.
A few months after the hack at DMM exchange, DMM subsidiary DMM Crypto also announced the closure of its blockchain gaming platform Seamoon Protocol and terminated the issuance plan for the cryptocurrency $SMP, leading to the direct demise of its chain game (Corporate Girl RE:BLOOM). Another new project (KamiYagura) also announced that the decision on issuance and listing time will be reconsidered.
Source: Shutterstock. Japan's cryptocurrency exchange DMM Bitcoin announces its impending shutdown.
Financial Services Agency reveals two major oversights: private keys only require one signature.
At the time of announcing its closure, the Financial Services Agency also revealed two major operational oversights of DMM Bitcoin:
1. Serious flaws in asset private key management.
The Financial Services Agency pointed out that DMM Bitcoin has significant oversights in managing user asset security. The official previously promised that when assets are to be transferred from cold wallets to hot wallets, two people must operate together, but in reality, only one person is responsible for signing the private key, contrary to the multi-signature system, and did not adhere to the Financial Services Agency's guidelines.
2. Executives focus on operational efficiency, neglecting cybersecurity risks.
What is even more concerning is that the executives at DMM Bitcoin seem completely unaware of cybersecurity risks.
The Financial Services Agency criticized DMM Bitcoin for lacking senior executives dedicated to system management, and other executives did not prioritize system risk management, lacking necessary awareness and discussions regarding the risks of cryptocurrency outflow. The company's internal monitoring mechanisms are almost non-existent, with cybersecurity management authority highly concentrated in the hands of a few, and the independence of internal audits has completely disappeared.
According to a report from Toyo Keizai, a relevant person from the Financial Services Agency revealed that many vulnerabilities were found during the inspection of DMM Bitcoin's internal management. The DMM Group seems to have simply thrown the problem to the management, which is overly focused on operational efficiency, neglecting basic security measures.
After the hacking incident, DMM Group rapidly adjusted its management team. Currently, 5 of the 8 directors are new members dispatched from DMM Group after late June, including the CFO and CTO from DMM.com, while Nobuki Matsuda from DMM FinTech serves as the representative director.
Source: DMM Bitcoin President Hitoshi Taguchi. Japan's Financial Services Agency criticizes DMM Bitcoin for asset private key management and executive issues.
Is this the second largest hacking incident since Coincheck? Have Japanese exchanges not learned their lesson?
DMM Bitcoin had previously promised to fully compensate users and raised 55 billion yen through capital increases and loans in just a few months, somewhat alleviating users' losses and panic. User funds will be smoothly transferred to SBI VC Trade in March 2025.
However, the hack incident at DMM Bitcoin is the second large-scale cryptocurrency exchange hack in Japan after the Coincheck incident, raising questions from reporters at Toyo Keizai about whether Japanese exchange operators have learned any lessons.
Centralized exchanges come with risks; self-custody of assets is very important.
For seasoned players in the crypto space, the incidents of Mt.Gox, Bitfinex, FTX, and JPEX being hacked or suddenly shutting down or running away are still fresh in memory.
Ten years have passed since 2014, and hacking incidents and internal issues at centralized exchanges still occasionally occur. These events repeatedly remind investors of the importance of self-custody of assets, because in the world of cryptocurrencies, Not your keys, not your coins.
Further reading:
Be cautious when using centralized exchanges! A review of the top 10 exchange hacking incidents, did even Binance get hacked?
What is a cold wallet? A comprehensive analysis of the functions and usage guide for cold wallets.
‘Stolen 48.2 billion yen! Japan's DMM exchange directly announces closure, what should users do?’ This article was first published in 'Crypto City'.
