Japan’s Financial Services Agency (FSA) is drafting new rules that would require crypto system providers to register in advance before offering their platforms to exchanges. The move follows last year’s massive DMM Bitcoin hack, where roughly ¥48.2 billion ($3 billion) worth of Bitcoin was stolen through compromised software.
The proposal, discussed this week by the Financial System Council, marks a shift in focus from regulating exchanges to monitoring the technology behind them. While current law obliges exchanges to safeguard user assets via cold walletsand other measures, the systems enabling those operations have so far faced no direct supervision.
Under the upcoming framework, only pre-approved providers would be authorized to supply management systems, ensuring stronger traceability and accountability. The change comes amid growing concern that outsourced tech partners, like DMM’s vendor Ginco, whose system was infiltrated by hackers, pose structural risks to the broader financial ecosystem.
Regulators and council members agree that relying solely on exchange-level controls is no longer sufficient. Some suggested mandating stricter disclosure standards and enhanced oversight of subcontractors to prevent similar breaches.
The FSA is expected to finalize its recommendations by year-end, paving the way for a 2026 amendment to Japan’s Financial Instruments and Exchange Act. If approved, the update would mark one of the country’s most significant steps yet toward fortifying its crypto infrastructure against systemic vulnerabilities.
