Supporting Japan FinTech Week has become a Fireblocks tradition. This March, we, as many in the ecosystem, chose to re-contextualize planned contributions and engagements as the week-long Tokyo event was the first significant global gathering of both regulators and industry after the Bybit hack.
Across no less than eight public presentations, and many more thought-provoking client and industry friends conversations, team Fireblocks is grateful to have found ourselves in the right place, at the right time on a matter so close to our origins.
Digital Assets Innovation vs. Security in Japan
Each year, FinTech Week comes with a pro-innovation political statement, but until 2025 Tokyo has been slow in scaling institutional crypto adoption. Japan does have 29 licensed crypto exchanges regulated by the Japan Financial Services Agency (JFSA), and a stablecoin law since 2021. Yet no bank has issued a stablecoin in Japan.
This is changing. In time for FinTech Week, an update to the Payment Services Act was submitted to ease stablecoin reserve requirements for Trust Banks. In parallel, crypto gains are to be taxed at 20%, down from 55%.
Many on the market expect that – like in other matters of innovation – once the Japanese industry and regulators commit to digital assets, they will outcompete other markets.
This pattern is what made Japan a purveyor of cutting-edge technology, renowned for its innovations in electronics, robotics and in the automotive industry, with the likes of Sony and Toyota now household names globally.
Japan’s established banking, corporate, and digital ecosystems is why we are expecting Japan to become a hotbed for blockchain innovation and adoption.
This new momentum, however, happens in the shadow of the Bybit hack – the latest in a series of cybersecurity exploits.
Operational risk and AML have, and will remain, a top concerns in Tokyo.
Japan’s vibrant tech ecosystem has also been a target for cyberattacks, and in particular, state-sponsored cybercrime. Over the last decade, the country has witnessed high-profile crypto hacks resulting in significant financial losses, which has led to heightened concerns around security, custody, and regulation.
In this piece, we will draw a line between some of the major cryptocurrency exchange hacks that have rocked the country, discuss why state-of-the-art custody architecture and end-to-end security solutions are non-negotiables, and issue a call to action for exchanges to embrace off-exchange settlement.
From Mount Gox to Bybit: The Evolving Threat Landscape
The story of Mount Gox, once the world’s largest Bitcoin exchange, has now been etched in history as one of the crypto industry’s most infamous hacks.
Once handling over 70% of Bitcoin transactions at its peak, Mount Gox halted withdrawals in 2014 and announced that approximately 850,000 Bitcoins (worth about $500 million at the time) had been stolen. Investigations revealed that poor management and security practices led to the hack.
Just four short years after Mount Gox filed for bankruptcy, Coincheck, one of Japan’s largest crypto exchanges, reported losing approximately $534 million worth of NEM tokens, making it one of the largest crypto heists at the time.
Most recently, in 2024, DMM Bitcoin suffered a $308 million loss, with the attack targeted at an employee of crypto wallet company Ginco, providing the hackers with access to its communications system. The social engineering tactics used by North Korea-sponsored group TraderTraitor (also known as Lazarus Group) were similar in nature to what happened at Safe.
State-sponsored attacks linked to North Korea (or the Democratic People’s Republic of Korea) were tied to half of the crypto stolen in 2024, amounting to the tune of $1.34 billion — more than double what it stole the year before ($660 million). The Japanese authorities first alerted for preparedness in the face of Lazarus attacks in 2022.
Fast-forward to today. The recent Bybit hack of nearly $1.5 billion — the largest crypto heist in history — was more than what North Korea had stolen in the entire year prior.
The Bybit attack is unprecedented in magnitude, but not in nature.
The attackers exploited three main vulnerabilities:
- They accessed the systems of the multi-signature Safe{Wallet} by subjecting its engineers to social engineering, similar to what we saw at DMM Bitcoin.
- This allowed them to deploy real-time transaction manipulation and UI deception, similar to what we saw in the 2024 hacks on WazirX and Radiant Capital.
- They exploited blind signing on Ledger devices, preventing victims from detecting the malicious transaction before approval.
The Ask of Industry and Policymakers
Japan has been on high-alert for state-sponsored crypto cyberattacks since the DMM hack. For now, the JFSA expects industry participants and their trade bodies to conduct self-inspections.
The Japan Virtual and Crypto Assets Exchange Association has been asked to ensure its member crypto exchanges assess their vulnerability to North Korean cyberattacks, focusing on wallet management, in the wake of the DMM Bitcoin hack and its subsequent liquidation.
In practice, both industry participants and their supervisors need to rapidly switch to an end-to-end system security mentality, and the ability to demonstrate and ascertain the effectiveness of such architecture.
When ‘Secure’ Systems Aren’t Secure Enough
In efforts to secure their ecosystems, regulators, particularly those in APAC, have issued sophisticated and detailed rules on digital asset custody technologies, including mandating Hardware Security Module (HSM) usage or requiring at least 90% of assets to be stored in cold wallets.
The important lesson learned from the Bybit hack was that both these technologies were deployed by the exchange, and yet $1.5 billion was siphoned to North Korea.
A system-wide approach to security would consider protecting transactions from its policy on access and approval, through origination, processing and signing, to execution. At each step, layers of safety tools and techniques can be deployed. And at each step, zero trust can and should be assumed.
For instance, critical in the context of Bybit, would have been the ability of the signing HSM device to display enough context of the transaction being signed.
This incident also demonstrates the importance of enterprise-grade security, where Custody Technology Providers are able to supply 24/7 support, certifications, and testing to their customers.
With attackers finding increasingly sophisticated ways to launch attacks, exchanges must look to adopt zero trust architecture end-to-end. Fireblocks’ multi-layer security—built on MPC wallet infrastructure, secure enclaves, enterprise governance, and real-time transaction verification—decreases these risks substantially, offering proactive protection against future attacks.
We appreciate our responsibility to both clients and policymakers to rebuild confidence in the digital assets ecosystem by finding effective ways to tell when secure systems are, or are not, secure enough.
On-shoring Intermediary Risk
A less discussed issue in the aftermath of the attack is the reality that today policymakers can only demand strong cybersecurity from intermediaries on their territory. But citizens and investors have a low barrier to accessing third-country providers.
This calls for reliance on off-exchange settlement solutions, which allow traders to maintain custody of their assets in segregated accounts while mirroring balances on the exchange. Such arrangements mitigate counterparty risks, enhance on-chain transparency, and protect against hacks, fraud, and mismanagement.
Fireblocks Off Exchange offers a robust framework for this approach, enabling secure trading without the need to pre-fund exchange accounts, thereby safeguarding institutional assets and maintaining uninterrupted trading operations.
