- FTX closed down in 2021 but continued to generate data in backend
- Contact information about more than 35,000 FTX Japan users found leaking
- The company can face regulatory pressure as a result
FTX Japan, the Japanese arm of the dead cryptocurrency exchange FTX, leaked sensitive data on more than 35,000 users, putting them in danger of phishing and identity theft, experts have warned.
Researchers on Cygenerws Said they found an exposed database of 26 million files, including usernames and real names, e -mail addresses, postal addresses, FTX accounts and detailed transaction logs, including information on borrowing and lending, cryptocurrencies, security, margin prices and risk layers.
The files are also relatively fresh as some of the logs were apparently generated in July 2024.
Worrying implications
To explain how it is possible that an exchange that was closed by the end of 2021 still generated, thus leaking files as early as 2024 Cygenerws Said FTX Japan completed its bankruptcy and withdrawal in February 2023, but its backend systems probably remained active in the entire 2024.
Following the fall of FTX, its Japanese subsidiary was acquired by another Japanese crypto exchange called Bitflyer, and was redirected to Custodiem in 2024.
“It is unclear whether the discovered leak belongs to the actively used depot infrastructure, or is an abandoned, unmodified artifact back after the FTX interruption,” Cygenerws Scientists explained.
The consequences are worrying as cyber criminals can use the information to target people who have already lost a lot in the bankruptcy. For example, Celsius customers are bombarded (another cryptic business that went bankrupt at about the same time), with phishing -e emails where Crooks mimics the company and claims that the victims are justified for withdrawal.
At the same time, the company itself risks further legislative pressure and possibly fines as a result.
Cybergenws also said the data leak raises concerns about privacy and regulatory compliance, as crypto companies under Japanese laws need to maintain to high standards.
How to remain safe
The violation means that cyber criminals could have a field day with the leaked data, which should be more than enough of sensitive information to launch very personalized, successful phishing campaigns, leading to identity theft, thread fraud and even ransomware attacks.
If you are worried, you may have been caught in the incident, don’t worry – there are a number of methods to find out. Do i have? is probably the best resource only to check if your details have been affected, offering a wear and tear of any major cyber event in the last few years.
And if you save passwords to a Google account, you can use Google’s password tool to see if anyone has been compromised, or sign up for one of the best password administrator settings we’ve rounded off to make sure your login is protected.
