How an 18-Year-Old Hacker Stole Millions of Yen from a Crypto Project

A teenage hacker stole millions of yen from a Japanese crypto project. | Source: Shutterstock

According to local publications, an 18-year-old hacker stole 15 million yen, which is equivalent to $134,640, worth of a crypto asset called Monacoin.

On Monappy, a platform that enabled Monacoin users to store their funds, the hacker initiated a large number of transactions in a short period of time to overload the system.

Between August 14 and September 1, the hacker reportedly stole funds from 7,700 users.

Why Did the Teenager Hack into a Crypto Platform?

The hacker reportedly discovered a vulnerability on the platform which was triggered when the platform received many transaction requests in an abrupt manner. | Source: Shutterstock

JapanToday reported that the hacker told the police he initiated a series of hacking attacks against the platform because he “felt like I’d found a trick no one knows and did it as if I were playing a video game.”

The hacker reportedly discovered a vulnerability on the platform which was triggered when the platform received many transaction requests in an abrupt manner.

When the system was jammed with transaction requests, the hacker took advantage of it and allegedly reallocated over a hundred thousand dollars in crypto.


Monacoin is a cryptocurrency that is most popular among Japanese crypto investors. | Source: Shutterstock

The report read:

“He took advantage of a weakness in a feature of the website that enables a user to transfer the currency to another user, knowing that the system would malfunction if transfers were repeated over a short period of time.”

Due to the usage of Tor, the police reportedly struggled in locating and identifying the figure behind the security breach of the platform.

“He used software called Tor that makes it difficult to identify who is accessing the system, but the police identified him by analyzing the communication records left on the website’s server,” the report read.

The operators of the platform are set to reimburse investors who lost their assets during the 17-day period and told investors that funds that were stored in cold wallets were not affected by the breach.

In recent years, major cryptocurrency exchanges in the likes of Coinbase and Binance have strengthened cold wallet systems to protect user funds, as they are not reachable by hackers even in the event of a security breach.

In December 2018, Coinbase moved 5% of all bitcoin, 8% of all ethereum, and 25% of all litecoin in circulation, in arguably the most massive single-day transfer of funds in the history of the cryptocurrency market.

“Last week we successfully completed an on-blockchain migration of approximately $5 Billion (as valued the week ending Dec. 7, 2018) of cryptocurrency from Generation Three to Generation Four of our cold storage infrastructure. To our knowledge, this is the largest movement of cryptocurrency (certainly in USD terms, potentially in absolute terms) ever undertaken,” the Coinbase team said.

In the months to come, more exchanges and cryptocurrency platforms are expected to adopt sophisticated cold wallet storage systems to secure user funds and prevent hacking attacks.

Japanese Financial Services Agency (FSA) on Alert

Since the high-profile Coincheck hack in January 2018 wherein more than $500 million worth of cryptocurrencies were stolen, the FSA has become significantly strict on vetting cryptocurrency exchanges.

In Japan, companies can operate as exchanges only after securing a license from the FSA.

In late 2018, reports revealed that requests from nearly 160 companies were pending, waiting for the approval of the FSA.

While the FSA has expanded its cryptocurrency review team to facilitate the growth of its local market, if security breaches and hacking attacks persist, local analysts expect the FSA to tighten policies surrounding the cryptocurrency market.

Last modified: March 4, 2021 3:20 PM

Joseph Young: Financial analyst based in Seoul, South Korea. Contributing regularly to CCN and Forbes. I have covered the stock market and bitcoin since 2013. Reach him on Twitter or LinkedIn.