Japan to impose tough cryptocurrency exchange rules to reduce risk of cyberattacks, exit scams

Japanese regulators want to prevent similar incidents to Mt. Gox and Coincheck from hurting investors in the future.

screen-shot-2018-05-08-at-12-05-44.jpg
File Photo

The Japanese Financial Services Agency (FSA) is due to impose strict standards on cryptocurrency exchanges seeking to register in the country.

Ransomware is now the biggest cybersecurity threat

Simple attacks plus user willingness to pay ransoms to get their files back means ransomware is on the rise, warn Kaspersky researchers.

Read More

The sudden collapse of Mt. Gox, bankruptcy filing, and subsequent accusations levied against former CEO Mark Karpeles of embezzlement and fraud gave cryptocurrency investors a wake-up call: exchanges are not necessarily safe havens.

Since 2014, when the exchange vanished taking millions of dollars' worth of cryptocurrency belonging to investors with it, numerous cryptocurrency trading posts have become victims of cyberattacks, have experienced data breaches, and some exchanges have been nothing more than exit scams which duped investors out of cryptocurrency.

Others have shown every intention of doing right by their investors but poor internal security standards and checks have led to cryptocurrency thefts. One recent case in this category is Coincheck, which suffered a debilitating cyberattack due to poor security standards.

Coincheck, which is based in Tokyo, then faced the ire of the FSA which demanded immediate improvements. The situation also forced Japanese regulators to scrutinize the emergence of cryptocurrency exchanges far more closely.

According to the Japanese publication Nikkei, a local FSA official said that a "new perspective" is now needed to prevent such occurrences from happening again.

Documentation only goes so far. Therefore, regulatory oversight, compliance with data protection standards and preliminary visits to organizations to make sure they are not simply schemes designed to dupe investors are all also on the table.

Nikkei reports that cryptocurrency exchanges will need to meet a set of criteria in order to legally operate.

The first is a rulebook of strict standards for system management, including the use of cold wallets rather than hot wallets. In other words, investor funds must be stored away from Internet-connected systems. In addition, multiple passwords must be imposed for cryptocurrency transfers.

Aspiring cryptocurrency exchanges must also show that they take money laundering seriously through verification protocols and customer accounts must be monitored on a daily basis for signs of suspicious activity.

Executives at the exchanges will also be under the FSA's watchful eye with new rules set in place to prevent them from using client money or cryptocurrency for their own purposes or investments.

The publication reports that cryptocurrency exchanges which allow "high levels of anonymity" will be banned at the government level due to the increased risk of money laundering and abuse.

See also: Coinsecure, not so secure: Millions in cryptocurrency stolen, CSO blamed

Finally, the regulator will require internal standards already imposed on the creation of traditional companies, such as the separation of shareholders from management.

This framework will allow the FSA to assess the legitimacy and potential risk of new and upcoming cryptocurrency exchanges.

Those seeking to invest and trade their cryptocurrency through an exchange may benefit, too, as there would be -- in theory -- less of a risk posed by a licensed exchange held to these standards.

The new rules are likely to come into force during summer.

The Coincheck fiasco was a wake-up call in light of the 'Wild West' that the cryptocurrency industry has become. Decentralization was always at the heart of virtual assets, but the slow imposition of government regulation, tax, and identity checks worldwide should be a surprise to few.

Previous and related coverage