In short
- Japan’s FSA is preparing rules that will require crypto exchanges to maintain liability reserves and end the cold wallet exemption, with legislation planned for 2026.
- The move follows a series of major breaches as Japan continues to work in the long aftermath of the Mount Gox collapse.
- The FSA is also considering new rules for vendors offering portfolio management systems, following concerns that outsourced software has become a crucial weak link.
Japan’s financial regulator plans to require crypto exchanges in the country to maintain liability reserves to protect customers from losses due to hacks and security breaches.
The Financial Services Agency plans to introduce legislation to parliament requiring this in 2026 exchanges set up reserves to compensate customers in the event of losses due to cyber attacks or other incidents, The Nikkei reported on Monday.
The proposed system mirrors the requirements for traditional securities firms, which currently maintain reserves ranging from $12.7 million to $255 million (¥2 billion to ¥40 billion), depending on trading volume.
While exchanges currently avoid reserve requirements by storing customers’ funds in offline cold wallets, the new framework would remove that exemption and create formal procedures for returning assets in the event of bankruptcy, including allowing court-appointed administrators to handle payouts to customers.
A series of violations
The push for stricter surveillance follows a series of security breaches targeting Japanese stock exchanges.
Japan’s crypto sector still bears the scars of Mount Gox’s 2014 collapsewhen hackers emptied 850,000 BTC and bankrupted the exchange, with some refunds not starting until 2024 and ongoing now until October 2026.
Last May, DMM Bitcoin lost 4,502 BTC It was valued at about $305 million when North Korean hackers compromised an employee of Ginco, the wallet software provider that DMM had contracted for transaction management.
And just last month it brought in about $21 million Bitcoin and other cryptocurrencies were stolen from addresses linked to SBI Crypto, a mining pool owned by SBI Group, with blockchain researchers identifying money laundering activities through Tornado Cash and potential North Korean connections.
Musheer Ahmed, founder and director of Finstep Asia, said Declutter that the reserve requirement could help restore users’ confidence.
Liability reserves could function similarly to insurance when it comes to bank accounts, he added, although the additional capital requirement “will make it relatively more expensive to operate crypto exchanges.”
He said the industry urgently needs “high-quality security institutions, at least on par with traditional financing,” and that derivatives-style insurance products could serve as an interim solution to protect users from the risk of loss.
To ease the financial burden, the FSA is considering allowing exchanges to take out insurance rather than maintain full cash reserves.
Earlier this month, Japan’s FSA began weighing a rule that would require any company providing crypto management systems, such as the software used by DMM Bitcoin before the breach, to provide advance notice to regulators. The Nikkei reported.
Blockchain analytics firm Chainalysis reported in its mid-year 2025 update that the Asia-Pacific region is now ranks second worldwide in the field of crypto thefts, with Japan, Indonesia and South Korea among the countries with the highest number of victims.
Daily debriefing Newsletter
Start every day with today’s top news stories, plus original articles, a podcast, videos and more.
