The Ghost of FTX Japan is Still Online

The «Cybernews» research team has discovered that FTX Japan, a now-defunct crypto platform, is leaking the personal and financial data of over 35,000 users, more than a year after its shutdown. 

The exposed database contains over 26 million files, including financial reports and logs generated as recently as July 2024, «Cybernews» reportsAlthough FTX Japan completed customer withdrawals by February 2023, the data suggests that backend systems – such as automated reporting – may have remained active into 2024.

 FTX Japan was acquired by crypto exchange bitFlyer and rebranded as Custodiem in 2024. However, researchers note that «It is unclear whether the discovered leak belongs to the actively used Custodian infrastructure, or is an abandoned, unmodified artifact remaining after the FTX collapse.» 

What Data Was Leaked?

The leak revealed a staggering 35,668 unique user identifiers, categorized by email addresses or Auth0 user IDs, often used for login authentication in identity and access management systems. The exposed reports included sensitive financial data, such as:  

  • Usernames and real names
  • Email addresses
  • Residential addresses
  • FTX account IDs
  • Detailed transaction logs including borrowing/lending history, cryptocurrencies, collateral types, margin rates, and risk flags

Significance of This Leak

  • The data leak raises concerns about privacy and regulatory compliance. Under Japanese law, crypto exchanges are required to uphold strict cybersecurity and data protection standards.
  • Leaked data offers an in-depth view of over 35,000 users, combining personally identifiable information with highly sensitive financial activity.
  • The prolonged exposure of sensitive, unprotected data may constitute a serious breach of both domestic and international data protection standards. 
  • FTX Japan or any entity currently responsible for the infrastructure could violate data protection laws due to improper data retention.

  • To read the full research report, click here.