A Japanese teenager hacked a cryptocurrency platform because it was a fun thing to do. Now, he will have much less exciting experience behind bars.

The Japanese police detained an 18-year-old teenager from the city of Utsunomiya for stealing approximately 15 million yen ($134,300) worth of cryptocurrency from Monappy, a cryptocurrency platform that allowed users to store and transact the digital currency Monacoin, a local media outlet reports.

The boy, whose name is not disclosed because he is still a minor, breached the Monappy system and stole coins from over 7700 users of the platform between Aug 14 and September of last year.

The boy admitted his guilt. He said it was like playing a video game when you know the cheat that no one else knows. After the theft, the teenager withdrew the stolen monacoins to multiple accounts on several cryptocurrency exchanges, converted them into other digital coins, and used to buy a smartphone and other items.

The police reported that the suspect used software called Tor to hide his identity. This tool employs a so-called ‘onion’ routing technique that allows for the establishment of a secure and anonymous network connection. However, the police cybersecurity experts tracked him down by analyzing communication logs provided by the developers of the compromised platform.

Monappy Has Not Recovered

Meanwhile, Monappy developers confessed that the boy exploited a system vulnerability related to gift-code functionality that was introduced in 2017. It enables users to transfer digital currency to each other. The young hacker overloaded the system with numerous transfer requests to his own account. Repeated transfers with one gift code made within a short period caused system malfunction and allowed him to register more money in his account than he actually owned.

The Monappy team promised to compensate the affected users for losses. However, it was forced to suspend operations until a security audit carried out by external experts to confirm that all vulnerabilities are eliminated.

The platform is still offline at the time of writing with no recent updates from the team.

Hot Wallet Issue

According to the Monappy platform operator, the stolen coins were kept is hot wallets that are always connected to the Internet. Naturally, the assets stored offline were out of the hacker’s reach. This case is just another reminder of hot wallets’ major vulnerability and why they are one of the riskiest ways to store cryptocurrencies. All recent cryptocurrency heists involved poor security in hot wallet systems and users neglecting two-factor authentication.

In light of these developments, the Japanese self-regulatory body for cryptocurrency exchanges — the Japan Virtual Currency Exchange Association (JVCEA) — proposed limiting the number of digital currencies managed online. The JVCEA suggested that it would be wise to only store about 10 to 20 percent of clients’ deposits online.

Japan is no stranger to cryptocurrency heists and hacks. The country has been exposed to a series of high profile scandals in recent years, including the now-defunct cryptocurrency exchange Mt. Gox debacle in 2014 and the more recent Coincheck heist.

However, the 18-year-old guy will make it into history as the first Japanese hacker charged with a cybercrime that led to cryptocurrency losses.

The system is as strong as its weakest link. Is there any way to protect yourself when you trade with such services as Monappy? How can users make sure that the system they entrust their cryptocurrencies to won’t be hacked by some clever kid? Let us know what you think in the comments below.

Image courtesy of Shutterstock.