A Bitcoin leak incident occurred at DMM Bitcoin, a domestic cryptocurrency exchange. Let's think about the security of the exchange based on the summary of the incident and the response afterwards.
Profile
◉ Masashi Ito
38 years old, freelance writer. Specializes in the latest technology, mainly Web 3.0. Although he has never been hacked into cryptocurrency, he has lost cryptocurrency due to mistaken transfers.
◉ Kou Ishikawa
43 years old, company manager. Works as a consultant, mainly dealing with security measures and security incidents. Although it is always better to take security measures, no one can prevent 100% of security incidents, so he believes that the most important thing is to respond after the fact.
Ito: In May, there was an incident where Bitcoin was leaked from DMM Bitcoin, one of Japan's cryptocurrency exchanges. In this article, we will talk about the summary of the incident, the response of the exchange, and the security issues of cryptocurrency.
Ishikawa: Let's look back at the summary of this incident based on the official announcement by DMM Bitcoin. First of all, the incident occurred on May 31, 2024. It was revealed that 4,502.9 BTC, equivalent to about 48.2 billion yen in Japanese yen, had been illegally leaked from DMM Bitcoin's wallet.
Ito: A wallet is software for managing crypto assets. In other words, the bitcoins held by DMM Bitcoin were leaked to the outside for some reason.
Ishikawa: This amount of damage is the seventh largest among all crypto asset-related hacking and illegal leaking incidents to date.
Ito: The damage from the Coincheck NEM leak incident in 2018 was about 58 billion yen. The damage from the hacking incident at the Mt. Gox exchange in 2011 was about 48 billion yen, so this is the second or third largest damage in Japan.
Ishikawa: After this incident occurred, DMM Bitcoin immediately announced that a damage had occurred. Also, on the day of the incident, they announced, "Please rest assured that we will procure the equivalent of the amount of Bitcoin (BTC) that was leaked with support from our group companies and fully guarantee the entire amount of Bitcoin (BTC) that customers have deposited. "
Ito: That was a very swift response.
Ishikawa: In the past, when cryptocurrency hacking incidents occurred, anxiety spread among users and the cryptocurrency market, and there have been many cases where cryptocurrency prices plummeted. This was a move that prevented that from happening quickly. After that, we secured compensation funds by borrowing from group companies and increasing capital in June.
Ito: Did it have any impact on the Bitcoin price?
Ishikawa: It seems fair to say that it had almost no impact. After the leak was discovered, the price fell by hundreds of thousands of yen, but it rose again five days after the incident. The Bitcoin price is already around 10 million yen, and fluctuations of hundreds of thousands of yen are commonplace, so it cannot be said that the incident caused the crash. It has already been about a month and a half since the incident, but there is still no indication that the incident caused the crash. After the Cointick hack, the price of Bitcoin fell by about 35% in the 10 days following the incident. In comparison, there was almost no impact this time.
Ito: Why was there almost no impact on the price?
Ishikawa: First of all, DMM Bitcoin's response was very good. They announced the facts on the same day the incident was discovered and stated that they would guarantee users' assets. They must have learned from past cases that a quick response is necessary when such an incident is discovered. The DMM Group is a major IT company in Japan, so many people predicted that it would not be impossible to raise funds from the group companies, which was a source of relief.
Another reason is that the market size of Bitcoin itself has become large, so even if a leakage incident of this scale occurs, the impact on the market is relatively small. In addition, even after many illegal leakages and hacking incidents of crypto assets in the past, the history of Bitcoin prices continuing to rise is also a support for trust.
Ito: In the past, when crypto asset leakage incidents occurred, we often heard voices such as "Bitcoin is over" or "In the end, all crypto assets are scams." This time, we have not heard many such opinions.
Ishikawa: As with past cases, we need to separate the two points: is there a problem with the Bitcoin system itself, or is there a problem with the system of the exchange that stores it?
Ito: This case is the latter, isn't it? There was no problem with the Bitcoin system itself, but with the way it was managed.
Ishikawa: There has never been an incident in which the Bitcoin system itself was hacked. It is always a problem with the people who manage it.
For example, if someone's bank account was stolen from Ito's, you would normally think that there was a problem with the bank's system or with the way Ito managed it. But even if someone said, "If my money was stolen, then the Japanese yen itself is a fraud! It's suspicious!", no one would take me seriously (laughs).
Ito: I guess the number of people who confuse the two is gradually decreasing. So even if an unauthorized leak occurs at an exchange, it won't shake people's trust in Bitcoin itself, and it won't cause the price to plummet.
Ishikawa: That's right. However, while Bitcoin has never been hacked, many other blockchains and cryptocurrencies have been hacked. Therefore, I would like to emphasize that the idea that "all cryptocurrencies and blockchains are safe" is also incorrect.
Ito: That's right. By the way, this incident was the first data leak incident in a long time at a domestic exchange. Domestic exchanges are said to be safer than overseas exchanges, but is that correct?
Ishikawa: I think it is better to separate safety from a security perspective from a psychological sense of security. Domestic exchanges are said to be safer from a security perspective because the legal framework for exchanges is more advanced, funds are managed more strictly than overseas operators, and security and sales systems are checked by the Financial Services Agency. For example, domestic exchanges store most or even 100% of the assets entrusted to them by customers in cold wallets.
Ito: A cold wallet is a wallet that is isolated from external communication environments (the Internet or intranet). In other words, it means that funds are stored in a state where there is no need to worry about them being stolen due to unauthorized access from outside.
Ishikawa: There is no doubt that domestic exchanges, including such management methods, have higher security than overseas exchanges and overseas cryptocurrency services. However, in this incident, that security was overcome and an unauthorized leak occurred. There are many ways to strengthen security, but this was an opportunity to once again recognize that 100% safety is impossible under any circumstances.
Ito: We will talk later about how the supposedly strong security was breached. Psychologically, why do you feel more secure with domestic exchanges?
