- FTX shut down in 2021, but continued to generate data in the backend
- Contact information on more than 35,000 FTX Japan users found leaking
- The company could face regulatory pressure as a result
FTX Japan, the Japanese arm of the dead cryptocurrency exchange FTX, leaked sensitive data on more than 35,000 users, putting them at risk of phishing and identity theft, experts have warned.
Researchers at Cybernews said they found an exposed database with 26 million files, including usernames and real names, email addresses, postal addresses, FTX account IDs, and detailed transaction logs including information on borrowing and lending, cryptocurrencies, collateral, margin rates, and risk flags.
The files are relatively fresh, too, as some of the logs were apparently generated in July 2024.
Troubling implications
Explaining how it’s possible that an exchange that shut down in late 2021 was still generating, and thus leaking files, as early as 2024, Cybernews said FTX Japan completed its bankruptcy and withdrawals in February 2023, but its backend systems probably remained active throughout 2024.
Following the fallout of FTX, its Japanese subsidiary was acquired by another Japanese crypto exchange called bitFlyer, and was rebranded to Custodiem in 2024.
“It is unclear whether the discovered leak belongs to the actively used Custodiem infrastructure, or is an abandoned, unmodified artifact remaining after the FTX collapse,” the Cybernews researchers explained.
The implications are troubling, since cybercriminals can use the information to target people who already lost a lot in the bankruptcy. For example, Celsius customers (another crypto company that went bankrupt at approximately the same time), are being bombarded with phishing emails in which crooks impersonate the company and claim the victims are eligible for withdrawals.
At the same time, the company itself is risking further regulatory pressure, and possibly fines, as a result.
Cybernews also said that the data leak raises concerns about privacy and regulatory compliance, since under Japanese laws, crypto firms need to uphold to high standards.
How to stay safe
The breach means cybercriminals could have a field day with the leaked data, which should be more than enough of sensitive information to launch highly personalized, successful phishing campaigns, leading to identity theft, wire fraud, and even ransomware attacks.
If you’re concerned you may have been caught up in the incident, don’t worry – there are a number of methods to find out. HaveIBeenPwned? is probably the best resource only to check if your details have been affected, offering a run-down of every big cyber incident of the past few years.
And if you save passwords to a Google account, you can use Google’s Password Checkup tool to see if any have been compromised, or sign up for one of the best password manager options we’ve rounded up to make sure your logins are protected.