By CCN.com: Crypto exchanges are a straightforward place to keep cryptocurrency when trading. Cash out fees accrue less quickly, and trades can be made much faster than having to transfer currencies from another wallet. The downside to keeping your funds on an exchange? More than $500 million was stolen exclusively from Japanese exchanges in 2018 alone. The funds stolen have left governments with a serious need to intervene.
Japan was the first country to formalize crypto exchange regulation, and they have taken these breaches very seriously. Previously, storing funds in a cold wallet – offline crypto storage wallets that are less vulnerable to hackers – was enough, but internal theft has also been pinpointed as a reason for the loss of funds. Exchanges like CoinCheck, Mt. Gox, Zaif, and more have lost funds—both client and internal funds—due to hacks.
To combat this, the Japanese FSA has is establishing new regulations for cold storage security as well as hot wallet security.
Any exchanges who stores client crypto will be affected by the FSA’s new exchange regulation. Part of the requirement for operating an exchange in Japan is keeping client crypto in cold storage—failure to do so may result in regulatory backlash.
Several things must change for cold wallet security, but the first changes made by the FSA with their new exchange regulations follow a reasonably straightforward narrative:
Don’t leave all of the funds with one person on one wallet. Keep the wallet changing hands consistently.
To date, one of the largest cold wallet hacks was executed against Trade.io. The company reported $8 million lost, but some sources speculate as much as an $11 million loss . Thieves stole funds from a cold wallet that was present in a bank safety deposit box.
Similar hacks have happened previously, with one person reporting more than $30,000 lost to a Man-in-the-Middle (MitM) attack—attackers managed to steal the seed phrase and load it onto another device, then take the funds.
Japanese regulators are pushing crypto exchanges to ramp up their security for even cold wallets. By changing the person in-control, it can become harder to carry out a MitM attack and other nefarious attacks such as Fansmitter, which broadcasts the information, unencrypted, using fan speed noise.