Hackers Steal $32 Million From Japan's Bitpoint Exchange

Bitpoint, a Japanese cryptoasset exchange, has suspended all services after around ¥3.5 billion ($32 million) in XRP, bitcoin and other cryptocurrencies was stolen by hackers.

The exchange revealed the theft in an official announcement through its parent company Remixpoint, saying it had lost ¥2.5 billion worth of cryptocurrencies belonging to its customers and a further ¥1 billion belonging to the company.

Hackers targeted cryptocurrencies stored in hot wallets on the exchange and alongside XRP and bitcoin, five other cryptocurrencies were taken, including bitcoin cash, ether and litecoin. Bitpoint's official announcement said the exchange's cold wallets were not affected.

Business Improvement Orders

Bitpoint was one of five virtual currency exchanges to receive business improvement orders from market regulator the Financial Services Agency in June 2018 following the $530 million hack of NEM tokens from Coincheck in January of 2018.

Along with BitFlyer, QUOINE, BitBank and BTCBox, Bitpoint was ordered to improve measures against money laundering and enhance auditing and user-protection systems.

Bitpoint responded, saying:

We sincerely apologize for any inconvenience caused to you and other concerned customers, [and will] promptly enhance and strengthen the management control system.

Other Hacks

Coincheck's $530 million loss remains the industry's record-breaking crypto-exchange hack, but the $40 million theft in bitcoins from world-leading exchange Binance in May served as a dramatic reminder that even those exchanges with hitherto lofty standards of security remain vulnerable.

Just last month two exchanges were hacked. Singapore-based Bitrue lost XRP and ADA tokens worth $5 million at the time of the theft, while Slovenia-based British exchange GateHub lost nearly $10 million worth of XRP.

Bitpoint said in its statement that it had halted all services including trading and deposit and withdrawal of all crypto assets.

'Big Spender' Bitcoin Wallet Exploit Is an 'Issue With BTC Itself', Says BCH Supporter

Michael LaVere
  • Crypto security firm ZenGo has identified a double-spend exploit dubbed "BigSpender" which affected popular bitcoin wallets.
  • Exploit allows an attacker to cancel a bitcoin transaction without the receiving user knowing. 

A crypto security firm has identified a double-spend exploit targeting popular bitcoin wallet providers. 

According to a report by ZenGo, the security firm has discovered a double and multiple spend wallet exploit for bitcoin dubbed “BigSpender.” The report claims the exploit allows an attacker to cancel a bitcoin transaction but still have it appear in a victim’s vulnerable wallet. 

The report reads, 

The core issue at the heart of the BigSpender vulnerability is that vulnerable wallets are not prepared for the option that a transaction might be canceled and implicitly assume it will get confirmed eventually.

As CryptoGlobe reported, ZenGo found that a user’s balance would be increased following an unconfirmed incoming transaction, without a subsequent decrease in the event the transaction being double-spent. The firm outlined how an attacker could use the exploit to cancel transactions of sent bitcoin while still receiving goods and services in return. 

The security firm tested nine popular cryptocurrency wallets and found BRD, Ledger Live and Edge to be vulnerable to the exploit. All three companies were notified by ZenGo of the threat and subsequently updated their products. However, the firm noted that “millions” of crypto users may have been exposed to the attack prior to the update. 

Bitcoin Cash supporter Hayden Otto told Cointelegraph the exploit is particularly concerning for bitcoin-accepting merchants. 

He said, 

The technique is facilitated by RBF (replace by fee), a so-called ‘feature’ added at the protocol level by the Bitcoin Core developers.The issue exists if you use BTC. Wallet software can only make some trade off, which results in a worse BTC user experience, in order to try to protect BTC users.

Otto claimed the exploit was derived from “an issue with BTC itself” and had little to do with wallet software. 

Featured Image Credit: Photo via Pixabay.com