A Tokyo cryptocurrency exchange has halted services after losing 3.5 billion yen (the equivalent of $32 mln) in what was apparently a hack attack on virtual currencies, Bitcoin included, reports The Guardian.
Tokyo-based Remixpoint, which runs the BITPoint exchange as well as travel, used car and energy businesses, stated about two-thirds of the losses affected customers, while the rest of the missing assets belonged to Remixpoint.
All transactions have been halted, as Remixpoint said it would compensate customers for their losses.
An alarm was raised once an error surfaced in the firm’s outgoing funds transfer system on Thursday night.
The cryptocurrency reportedly went missing from a so-called hot wallet, connected to the internet. According to them, currencies held in cold wallets that were offline were not affected by the alleged hack.
The exchange handles various virtual currencies, including Bitcoin, Ethereum and Ripple. Remixpoint said an investigation was under way.
The incident comes as the latest in a succession of hack attacks involving cryptocurrencies.
In a hacking incident last year, Japan’s Coincheck lost around $500mln-worth of digital currency, and South Korean exchange Youbit had to be closed down in 2017 and filed for bankruptcy after two devastating hack attacks.
The Tokyo-based MtGox exchange was shut down in 2014 after hackers got away with 850,000 Bitcoins then worth half a billion US dollars.
Bitcoin has been a legal form of payment in Japan since April 2017, with the country relatively open to cryptocurrencies.
Security has been a fundamental concern for digital currencies since their launch, as they are decentralised, meaning they are not overseen or regulated by any one administrator, like a government or bank.
Although Bitcoin itself is difficult to hack, largely due to the blockchain technology which supports it, security risks at various stages of the trading process still exist.
Bitcoins are held in wallets and traded through digital currency exchanges like Coinbase. There are various inherent security risks in each of these two components.
In the transaction process two-factor identification is used as a security measure, and if a transaction is linked to an email address or a cell phone number it means a hacker able to get hold of one’s non-cryptocurrency-related personal information may be able to infiltrate the transactions.