I guess we shouldn’t be all that surprised. But still, they did say it would be practically impossible.
The Japan-based cryptocurrency exchange Zaif suffered a major hack last week. It issued a statement on Thursday stating that approximately $59 million worth of bitcoin, bitcoin cash, and MONAcoin had been stolen by unidentified criminals. This, obviously, is not good. What makes it perhaps worse is the company’s past insistence that it applied the “maximum effort” possible to keep its customers’ funds safe — and that hacking it would be “practically impossible.”
Like many exchanges, Zaif has a page on its website where it details the precautions taken to secure customer funds. With tens (or potentially hundreds) of millions of dollars worth of cryptocurrency at stake, it makes sense to let everyone know that you’re taking this security stuff seriously.
Take, for example, the webpage titled “About the Zaif usage risk and security system.” It lays out six points “in order to ensure maximum safety and security.”
Under the third point, “Reinforcement of system infrastructure robustness,” we are given the following bit of reassurance.
“We externally block the exchange system at multiple levels, and we are building a system security environment where hacking into the internal system is practically impossible. Therefore, all outside access to the database, etc. is impossible.”
According to a company statement detailing the hack, translated from the original Japanese (via Google translate), “it turned out that some of the deposits and withdrawal hot wallets were hacked by unauthorized access from the outside, and part of the virtual currency managed by us was illegally discharged to the outside.”
Now, the crypto that was stolen was reportedly in a so-called “hot wallet” — a wallet that is connected online which allows customers to withdraw or transfer funds immediately — and not a more secure cold wallet. Perhaps it was the company’s cold wallet that’s “practically impossible” to hack?
This Zaif debacle is just another in a long line of breached exchanges. The most notable of which, the 2014 Mt. Gox hack, resulted in the theft of around 850,000 bitcoins. In January of this year, another Japan-based exchange, Coincheck, was also hacked for roughly 500 million NEM — worth approximately $424 million at the time.
It’s almost as if it’s not practically impossible to hack an exchange at all.