Japanese cryptocurrency exchange Zaif announced today that it lost $60 million worth of company and user funds during a security incident that took place last week.
The company said it discovered the hack on Monday, September 17, and confirmed it a day later, when it reached out to authorities and reported the incident.
The Zaif team suspended user deposits and withdrawals earlier today, while its staff is making sure the hacker(s) is out of their network for good.
Investigators are still gathering details, but Zaif said the hack took place on September 14, between 17:00 and 19:00 local time, when the attacker siphoned off three types of cryptocurrencies from the company’s “hot wallets.”
A “hot wallet” is a term used to describe a cryptocurrency addresses with light security measures where a cryptocurrency exchange keeps funds for immediate transactions, such as cryptocurrency-to-cryptocurrency or cryptocurrency-to-fiat (and vice versa) operations. The opposite of a hot wallet is a cold wallet, where an attacker needs to pass through multiple authentication systems to get access to funds.
Zaif says the hacker stole Bitcoin, Bitcoin Cash, and MonaCoin from its hot wallet, all three worth 6.7 billion Japanese yen (roughly $59.67 million) when combined.
Of the $60 million, $37.8 million were Bitcoin funds(5,966 BTC). Zaif is still investigating the hacked server to determine the exact amount of stolen Bitcoin Cash and MonaCoin.
Of the 6.7 billion stolen yen, 2.2 billion yen –32 percent– were Zaif funds, while 4.5 billion yen were customer funds.
Zaif plans to secure a 5 billion yen loan to pay back affected customers but has not revealed any other details. Earlier this year, Japan’s financial regulator intervened and forced Coincheck to pay back customers after a $530 million 2017 hack.
In February Zaif was involved in a glitch that resulted in free bitcoin given away to users.
Zaif is a cryptocurrency exchange established in 2014, based in Osaka, Japan.