In brief
- Japan’s FSA is preparing rules that would require crypto exchanges to hold liability reserves and end the cold-wallet exemption, with legislation planned for 2026.
- The move follows a series of major breaches as Japan continues working through the long aftermath of the Mt. Gox collapse.
- The FSA is also weighing new rules for vendors that provide wallet-management systems, reflecting concerns that outsourced software has become a critical weak link.
Japan’s financial regulator is moving to mandate that crypto exchanges in the country maintain liability reserves to protect customers from losses stemming from hacks and security breaches.
The Financial Services Agency plans to submit legislation to parliament in 2026 that would require exchanges to set aside reserves for compensating customers in the event of losses from cyberattacks or other incidents, The Nikkei reported on Monday.
The proposed system would mirror requirements for traditional securities firms, which currently hold reserves ranging from $12.7 million to $255 million (¥2 billion to ¥40 billion) depending on trading volume.
While exchanges currently avoid reserve requirements by storing customer funds in offline cold wallets, the new framework would scrap that exemption and create formal procedures for returning assets in a bankruptcy, including allowing court-appointed administrators to handle customer payouts.
String of breaches
The push for stricter oversight follows a string of security breaches targeting Japanese exchanges.
Japan’s crypto sector still bears the scars of Mt. Gox’s 2014 collapse, when hackers drained 850,000 BTC and pushed the exchange into bankruptcy, with some repayments only beginning in 2024 and now running through October 2026.
Last May, DMM Bitcoin lost 4,502 BTC valued at roughly $305 million when North Korean hackers compromised an employee at Ginco, the wallet software provider DMM had contracted for transaction management.
And just last month, approximately $21 million in Bitcoin and other cryptocurrencies was stolen from addresses linked to SBI Crypto, a mining pool owned by SBI Group, with blockchain investigators identifying laundering activity via Tornado Cash and potential North Korean connections.
Musheer Ahmed, founder and managing director of Finstep Asia, told Decrypt that the reserve requirement could help restore users’ confidence.
Liability reserves could function the same way insurance works when it comes to bank accounts, he added, though the extra capital obligation “will make it relatively more expensive to operate crypto exchanges.”
He said the industry urgently needs “high-grade security setups, at least at the same level as traditional finance,” and that derivative-style insurance products could serve as an interim solution to protect users against the risk of loss.
To ease the financial burden, the FSA is considering allowing exchanges to purchase insurance rather than holding full cash reserves.
Earlier this month, Japan’s FSA began weighing a rule that would require any company providing crypto-management systems, like the software used by DMM Bitcoin before its breach, to file prior notice with regulators, The Nikkei reported.
Blockchain analytics firm Chainalysis reported in its mid-year 2025 update that the Asia-Pacific region now ranks second globally in crypto thefts, with Japan, Indonesia, and South Korea among the countries with the highest victim counts.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Source: https://decrypt.co/349929/japans-fsa-crypto-exchanges-hold-liability-reserves-hacks
