Our Blog and Media Coverage

What can we learn from the DMM Bitcoin “leak”?

DMM Bitcoin

It was already Friday afternoon in Japan when crypto exchange DMM Bitcoin released a statement saying that it had lost over 4,500 bitcoin or just over $300 million. The statement euphemistically called it an “unauthorized leak”.

The original statement in Japanese can be found here.

Posting on X, Chainalysis described it as “the biggest hack since Dec 2022 and the 7th largest crypto hack ever.”

Tweet from Chainalysis

Japanese regulations say that a Crypto Asset Exchange Services Provider (CAESP) must “manage at least 95% of users’ Crypto Assets in wallets that are not connected to the Internet.” Within hours, news sites were reporting that “the leaked BTC may have originated from hot wallets and isolated cold wallets.”

GK8’s CEO Lior Lamesh offered this comment, “We know that most cold custody solutions out there remain vulnerable to digital asset theft when they connect to the internet to receive digital input from the blockchain network. Japan’s regulators require that these systems never connect to the internet, but despite claims from various custody companies, this is often not the case.”

Any wallet which connects to the internet, however briefly, presents an attack vector, through which assets can be stolen. Hackers have shown themselves willing to invest significant resources to breach these systems.

Lior continued, “We urge financial institutions entering this space to recalibrate their perceptions of current cold storage offerings, to proactively review their approach to custody, and to implement genuinely offline solutions to ensure the security of their digital assets.”

Schedule a demo to learn more about GK8’s unique custody solutions for preventing digital asset theft.

Legal Disclosure: This document, and the information contained herein, has been provided to you by Galaxy Digital Holdings LP and its affiliates including GK8 (“Galaxy Digital”) solely for informational purposes. This document may not be reproduced or redistributed in whole or in part, in any format, without the express written approval of Galaxy Digital. Neither the information, nor any opinion contained in this document, constitutes an offer to buy or sell, or a solicitation of an offer to buy or sell, any advisory services, securities, futures, options or other financial instruments or to participate in any advisory services or trading strategy. Nothing contained in this document constitutes investment, legal or tax advice or is an endorsement of any of the digital assets or companies mentioned herein. You should make your own investigations and evaluations of the information herein. Any decisions based on information contained in this document are the sole responsibility of the reader. Certain statements in this document reflect Galaxy Digital’s views, estimates, opinions or predictions (which may be based on proprietary models and assumptions, including, in particular, Galaxy Digital’s views on the current and future market for certain digital assets), and there is no guarantee that these views, estimates, opinions or predictions are currently accurate or that they will be ultimately realized. To the extent these assumptions or models are not correct or circumstances change, the actual performance may vary substantially from, and be less than, the estimates included herein. None of Galaxy Digital nor any of its affiliates, shareholders, partners, members, directors, officers, management, employees or representatives makes any representation or warranty, express or implied, as to the accuracy or completeness of any of the information or any other information (whether communicated in written or oral form) transmitted or made available to you. Each of the aforementioned parties expressly disclaims any and all liability relating to or resulting from the use of this information. Certain information contained herein (including financial information) has been obtained from published and non-published sources. Such information has not been independently verified by Galaxy Digital and, Galaxy Digital, does not assume responsibility for the accuracy of such information. Affiliates of Galaxy Digital may have owned or may own investments in some of the digital assets and protocols discussed in this document. Except where otherwise indicated, the information in this document is based on matters as they exist as of the date of preparation and not as of any future date, and will not be updated or otherwise revised to reflect information that subsequently becomes available, or circumstances existing or changes occurring after the date hereof. This document provides links to other Websites that we think might be of interest to you. Please note that when you click on one of these links, you may be moving to a provider’s website that is not associated with Galaxy Digital. These linked sites and their providers are not controlled by us, and we are not responsible for the contents or the proper operation of any linked site. The inclusion of any link does not imply our endorsement or our adoption of the statements therein. We encourage you to read the terms of use and privacy statements of these linked sites as their policies may differ from ours. The foregoing does not constitute a “research report” as defined by FINRA Rule 2241 or a “debt research report” as defined by FINRA Rule 2242 and was not prepared by Galaxy Digital Partners LLC. For all inquiries, please email contact@galaxydigital.io. ©Copyright Galaxy Digital Holdings LP 2023. All rights reserved.