Japan Regulator Moves To Mandate Liability Reserves For Crypto Exchanges

Japan’s financial regulator is planning legislation to require crypto exchanges to maintain liability reserves to protect customers against hacks or security breaches.

A report by The Nikkei said the Financial Services Agency (FSA) plans to submit legislation to parliament in 2026. 

The legislation would require crypto exchanges to meet requirements similar to those for securities firms, which currently hold reserves ranging from $12.7 million to $225 million, depending on trading volume.

Until now, crypto exchanges were able to work around reserve requirements by storing a portion of customer assets in cold storage, which are wallets that are not connected to the internet. 

The new framework will create formal procedures for returning assets to clients in the event a crypto exchange enters bankruptcy. It will include allowing court-appointed administrators to handle customer repayments. 

To ease the financial burden, the FSA is considering allowing exchange platforms to purchase insurance rather than holding full cash reserves. 

Japan Has Been Rocked By A Series Of Crypto Hacks

The planned mandate follows a series of security breaches that targeted Japanese crypto exchanges. 

Perhaps the most notable hack, which Japan is still recovering from, is the collapse of now-defunct platform Mt. Gox. Hackers had drained 850,000 BTC from the platform in 2014, which had pushed the exchange into bankruptcy. Some repayments only started a decade later, with repayments now running through October 2026.

At the start of 2018, Coincheck suffered one the largest crypto exchange hacks at the time after approximately $530 million worth of NEM tokens were stolen. Shortly after the incident, the FSA raided Coincheck’s Tokyo Office.

In September that same year, the platform Zaif was hacked for around $62 million. Japan’s FSA went on to issue a business improvement order, citing insufficient explanation of how the hack occurred. The regulator also highlighted the platform’s shortcomings in risk management. 

More recently, DMM Bitcoin lost 4,502 BTC valued at approximately $305 million in May last year. With this incident, North Korean hackers had compromised an employee at Ginco, which was the wallet software provider DMM had contracted for transaction management.

Just last month, an estimated $21 million in Bitcoin and other cryptos was stolen from addresses linked to SBI Crypto, a mining pool owned by SBI Group. Blockchain investigations had identified laundering activity via the transaction mixer Tornado Cash as well as potential North Korean connections. 

Earlier this month, Japan’s FSA started weighing a rule that would require any firm that provides crypto-management systems, such as the software that was used by DMM Bitcoin prior to its breach, to file prior notice with regulators. 

Asia Ranked Second In Bitcoin Thefts, Japan Has One Of Highest Victim Counts

On-chain analytics firm Chainalysis said in a mid-year report that Asia ranked second for Bitcoin thefts and had a record-breaking number of digital heists.

Top 10 countries by value stolen per victim (Source: Chainalysis)

It said that Japan, Indonesia, and South Korea rank among the top countries for victim counts, while Asia ranks third in terms of Ethereum losses.