Zaif’s operator Tech Bureau has yet to reveal a schedule for compensating client’s for losses incurred due to the recent hack attack.
The compensation strategy and a payout schedule were supposed to have been published by the end of September, but Tech Bureau, the Osaka-based operator of the compromised cryptocurrency exchange Zaif, said that it needed more time to finalize the compensation framework, Nikkei Asian Review reports. The company stopped accepting new users to speed up the process.
Hackers stole about $60 million worth of customers’ digital assets stored online on September 14, though the company realized that the money was missing only on September 17 and notified the Japanese Financial Services Agency about the incident. The security breach and the heist were publicly announced on September 20.
Japanese public company Fisco Digital Asset Group promised to provide $44.59 million for customer compensation payouts in exchange for the majority stake in the cryptocurrency exchange. However, the companies reached a “basic agreement” while the details of the deal have not been finalized yet.
Hot wallet issue
Zaif is not the first Japanese exchange to fall victim to a hacking attack this year. Coincheck lost about $60 billion of clients’ money in January due to sloppy security practices. Both incidents involved unauthorized access to customers’ money kept in hot wallets or on an account with a constant internet connection, which indicates a structural problem of virtual currencies.
“Exchange operators should overhaul their security, including hot wallets. We are well past the point of handling massive amounts of funds with the mindset of startups,” Naoyuki Iwashita, a professor at Kyoto University commented.
Meanwhile, the self-regulatory Japan Virtual Currency Exchange Association (JVCA) looks to tighten asset management rules to ensure better protection for customer assets. The Association plans to cap the funds kept in hot wallets at 10-20% of the total amount of customer assets.