I just returned from Bitcoin Seoul 2024

On the last day of my stay, there was a major hacking incident at the Japanese exchange called "DMM Bitcoin," and this has become a hot topic within the local community.

Since I just talked about the Bitcoin industry in Japan and its surrounding environment at the conference, I will comment on the impact of this incident and its implications for domestic and overseas Bitcoin companies.

TLDR;

1. This incident will not have a significant long-term impact on the Bitcoin industry and regulations in Japan.

2. Given the environment around local exchanges and custody providers, an incident like this was likely inevitable and may present an opportunity for more established overseas custody companies.

3. Unfortunately, the push for self-custody has not been actively discussed in the community due to a lack of resources on the latest self-custody solutions.

A summary of what happened and what we know so far:

• One of the major domestic exchanges, DMM Bitcoin, lost approximately $300 million worth of Bitcoin.
• DMM has announced that it plans to fully reimburse users' funds through external funding (DMM is one of the large conglomerates in Japan, FYI).
• The loss occurred from a cold wallet, and how the Bitcoin was stolen from a multi-signature wallet is still under investigation and unclear.
• Some people in the Bitcoin community have also analyzed on-chain data and suspect an address poisoning attack, potential internal involvement, and so on.

https://www.coindesk.com/business/2024/05/31/japanese-crypto-exchange-dmm-bitcoin-suffers-305m-hack/

My take on this: First, I predict that the impact of this incident will not be very significant in the long term.

Unlike the massive hacking incident at Coincheck in 2018, which I commented on during the Seoul conference, I don't think this will deteriorate the general public's perception of Bitcoin or significantly alter regulations or the industry.

For one, the reimbursement of user funds has already been announced. Also, despite Bitcoin's price reaching new highs this year, ordinary Japanese investors had not been paying much attention to Bitcoin yet. Therefore, this incident has not become a scandal involving the general public, and there is no sign of overreaction from the community either.

The other thing this incident revealed is that security measures and operational flows for crypto custody in Japan were likely outdated and unable to defend against sophisticated attacks like this. This may call for crypto regulation to be updated to better protect investors. However, stricter enforcement does not guarantee better security and may only result in creating even more burden for local exchanges and startups, which is one of my personal concerns.

On the other hand, this incident might present an opportunity for overseas custody companies. Although the specific cause of the incident is not yet clear, it’s believed that DMM Bitcoin used a domestic custody provider.

While domestic providers are easier to collaborate with in terms of compliance and communication, it’s not easy for them, especially small-scale providers, to keep up with increasingly sophisticated attacks. In other words, I feel that an accident like this was likely inevitable and may happen again in Japan in the future. As a point of comparison, I have heard before that Korean exchanges mainly use major overseas custody providers like BitGo, which is actually quite different from the situation in Japan, where local exchanges prefer domestic partners. (I believe this is still true today.)

Incidents like this may lead Japanese companies to consider switching to overseas providers, potentially creating business opportunities for overseas custody providers and benefiting local investors as well. Another interesting point is that, despite this incident, the topic of self-custody has hardly come up within the community in Japan.

Usually, when such incidents occur, the importance of self-custody is often revisited with phrases like "Not your keys, not your coins," but so far, I haven't seen much of this. One reason is that there are no convenient self-custody solutions available that are easy for Japanese people to use.

In fact, there is still little information translated into Japanese about the latest self-custody best practices using hardware wallets or multisig. Even worse, some people claim that buying hardware wallets from trustworthy sellers is not easy in Japan now.

This situation may present a business opportunity for some self-custody providers such as Nunchuk and Casa. After all, Japan was a significant market for hardware wallet providers back in the day, and it could still become an attractive market for companies offering Bitcoin self-custody solutions.