Pierluigi Paganini
December 03, 2024
DMM Bitcoin is a cryptocurrency exchange based in Japan, operated by DMM Group, a large Japanese e-commerce and entertainment conglomerate. Launched in 2018, the platform allows users to trade various cryptocurrencies, including Bitcoin, Ethereum, and Ripple, through spot trading and leverage trading services.
In June, the Japanese cryptocurrency exchange announced that cybercriminals stole 4,502.9 Bitcoin (BTC), approximately $304 million (48.2 billion yen), from its wallets.
“At approximately 1:26 p.m. on Friday, May 31, 2024, we detected an unauthorized leak of Bitcoin (BTC) from our wallet. We are still investigating the details of the damage, but the following is what we know at this stage. We have already taken measures to prevent the unauthorized leak, but we have also implemented restrictions on the use of some services to ensure additional safety.
The company has not disclosed details about the attack, threat actors, or the stolen funds’ whereabouts.
At the time, cryptocurrency security firm Elliptic reported that this incident would be the eighth-largest crypto heist of all time, and the largest since the $477 million hack suffered by FTX, in November 2022. Elliptic also confirmed it has identified the wallets involved in the attack.
Japan’s Financial Services Agency, who investigated the incident, found severe issues in DMM Bitcoin’s risk management, including inadequate oversight, lack of independent audits, and poor security practices. The company failed to prevent crypto theft, violated rules on transfers, and lacked proper logging for investigations. The Agency also issued a “business improvement order.”
This week, DMM Bitcoin announced it is going to transfer all customer accounts and company assets to the Japanese cryptocurrency exchange SBI VC Trade, which is a operated by SBI Holdings, a major financial services company in Japan — a subsidiary of Japanese financial services giant SBI Group.
“But we have determined that allowing this situation to continue for a long time would significantly impair customer convenience,” reads a statement issued by the company and reported by The Record Media.
“In light of this situation, and with the protection of our customers as our number one priority, we have decided to transfer all accounts and assets held with us to another company. We sincerely apologize for the inconvenience caused to you over such a long period of time. As a result, the Company plans to discontinue its business once the transfer is complete.”
SBI VC Trade published a notice regarding the basic agreement on the transfer of accounts and assets held by DMM Bitcoin.
“Under this agreement, all assets held by customers in accounts already opened with DMM Bitcoin (Japanese yen, cryptocurrency) are scheduled to be transferred to the Company around March 2025. In addition, the Company plans to start handling 14 cryptocurrency spot trading items that are currently not handled by the Company but are handled by DMM Bitcoin before the transfer of the assets held by the Company is accepted.” reads the notice. “This agreement is the transfer of customers’ accounts, assets held by the Company, and the associated rights, and does not include the transfer of systems or organizational personnel. The two companies will continue to hold discussions to conclude a contract regarding the transfer of accounts and assets under custody. Once the specific transfer date, transfer method, and other matters to be disclosed regarding this matter have been decided, they will be announced promptly.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Bitcoin)
