Zaif exchange operator shutting down after refunding hack victims

The company behind the embattled Zaif cryptocurrency exchange has announced it will close down its exchange business after it finishes refunding its customers, putting an end to speculation about its future.

Osaka-based Tech Bureau Corp., ex-operator of Zaif exchange, said it would no longer offer exchange services after it had returned funds to customers who lost money during a sizeable hack of the platform in September 2018, The Mainichi reported.

In response to the attack, the firm was forced to transfer its ongoing operations to another firm, Fisco Cryptocurrency Exchange Inc. The hack followed a series of warnings by Japanese regulators, including orders to improve internal management and security processes.

Nevertheless, the Osaka-based firm was hit with the JPY7 million (US$65 million) theft as a result of unauthorized access to its platform.

Registered with the Japanese Financial Services Agency (FSA), the closure of Zaif marks a first for a regulated operator, and serves as a warning to those who continue to fall short of the compliance demands of the regulator.

Meanwhile, Tech Bureau is still working through its backlog of affected clients, with the firm pledging to return funds to all of those impacted by the hack.

According to a statement from the company, account holders will be refunded in Japanese yen between September and the end of November, for users that have not moved their accounts to Fisco.

The Zaif hack came a matter of months after the Coincheck hack in January 2018, which took out one of Japan’s leading cryptocurrency exchanges at the time. The hacks raised the profile of concerns around cryptocurrency exchanges and security, and underlined the need for investors to exercise caution when dealing with exchange companies.

With Zaif itself regulated by the FSA, its closure means that even regulated institutions are vulnerable to attack — despite the best efforts of the regulator.

More recently, a hack at Bitpoint Japan Co. in the sum of JPY3.25 billion reaffirmed that these risks are still present, and that exchanges still have lessons to learn to afford basic security to their user accounts.