A worrying trend has emerged in Japan, where hackers are exploiting online brokerage accounts to manipulate the prices of penny stocks worldwide.
This fraudulent activity, which has already caused around ¥100 billion (approximately $710 million) in transactions, shows no signs of slowing down.
The attacks are believed to target low‑cap stocks in Japan, the US, and China, where the manipulated prices offer significant profit to those behind the scam.
Cybercriminals gain access to clients' brokerage accounts, often by stealing login details through phishing emails or fake websites.
Once inside, they buy small‑cap stocks—thinly traded securities in Japan, China, or the US—driving up their value.
These inflated prices allow the criminals or their accomplices to cash out before the market corrects itself.
In response to these fraudulent activities, Japanese securities companies have taken action, halting new buy orders for certain small‑cap stocks, particularly those linked to China and the US.
Despite these measures, the scale of the issue continues to rise.
Eight major online brokerage firms in Japan, including Rakuten Securities Inc. and SBI Securities Co., have confirmed that their platforms have been used for these unauthorised transactions.
Rakuten Securities has posted a prominent warning banner alerting customers to the sharp rise in fraudulent trading. (translated image)
This breach has exposed vulnerabilities in Japan’s cybersecurity practices, drawing concern from both regulators and investors.
The Financial Services Agency (FSA) has been involved, but the issue highlights gaps in the country's efforts to protect online trading platforms.
The impact on investors has been both baffling and costly.
Mai Mori, a 41‑year‑old part‑time worker from Aichi Prefecture, found her Rakuten retirement account had been used to purchase Chinese shares worth ¥639,777 ($4,500), nearly 12 percent of her total savings.
When she contacted Rakuten, the company advised her to file a police report.
Mori recalled,
“The police told me that in most fraud cases, the victims often end up having to just quietly accept the loss. Basically, there's not much that can be done.”
Other victims have experienced similar frustrations, with several still struggling to understand how their accounts were compromised.
Despite these troubling cases, brokers like Rakuten and SBI Securities claim they are investigating each case individually, with a promise to respond in good faith.
The scale of suspicious trading activity in Japan has skyrocketed in recent months.
According to the FSA, reports of unauthorised logins rose from 43 in February to 1,847 by mid‑April, while cases involving fraudulent transactions increased from 33 to 736 over the same period.
The number of reported cases has surged dramatically in less than two months, with unauthorised access incidents increasing more than 40 times from February to April, and fraudulent transactions rising over 20 times in the same period.
The surge in fraudulent transactions could have significant consequences for Japan's economy and its ongoing campaign to encourage households to invest more in the stock market.
Experts believe that the hackers are using a combination of “adversary‑in‑the‑middle” (AiTM) attacks and infostealer malware to gain access to brokerage accounts.
The first technique involves tricking victims into visiting fake websites that collect their login credentials while disguising the scam as a legitimate trading platform.
These sites often redirect users to authentic brokerage sites, where attackers can capture session data like login cookies.
Source: duo.com
Illustration of how AiTM works (Source: duo.com)
Alternatively, infostealers are malicious programs that secretly harvest sensitive information, including usernames and passwords, from infected devices.
Source: cyber.gov.au
Once the data is obtained, it is sent directly to the attackers.
Yutaka Sejiyama, deputy director at Macnica Security Research, pointed out that the preference for desktop browsers over mobile apps creates additional vulnerability.
He said,
“If people switched to apps, many of these thefts could have been stopped.”
Despite rising concerns and the government's efforts to encourage compensation, many victims of the scam are still without financial redress.
Finance Minister Katsunobu Kato urged securities companies to engage in “good‑faith” discussions with affected customers about compensating them for their losses.
However, so far, few investors have received reimbursement for their stolen funds.
The Japan Securities Dealers Association has been pushing brokerages to adopt more secure practices, including mandatory multi‑factor authentication, in response to the increasing number of fraudulent activities.
Still, the process for addressing these breaches remains inconsistent across firms, leaving many victims feeling disillusioned and vulnerable.
As Japan faces these mounting challenges, the impact on both individual investors and the broader financial ecosystem remains a concern, with experts calling for swift action to prevent further breaches.
Miss AI debuted as the first beauty contest with AI models and AI-generated judges just last month. The top 10 shortlist is now out, but are we pushing AI too far and distorting societal beauty standards?
Kikyo
AlexBybit navigates regulatory challenges by shifting operations from Singapore to Dubai, reopening registration for Chinese users amidst concerns, while facing accusations of operating without a license in France.
AnaisAddressing the community's view that "Ethereum currently lacks a clear overall development direction," Ethereum founder Vitalik Buterin responded yesterday and also expressed his strong dissatisfaction with the recent celebrity coin experiments.
MiyukiMass adoption in the cryptocurrency field has long been a narrative troubling the market. Many applications lose users due to the collapse of their economic models after achieving mass adoption. This article uses UXLINK and NOTCOIN as case studies to analyze the requirements that today's popular social projects need to meet.
WeiliangThe Virtual Asset User Protection Act of South Korea will take effect on July 19. Among its provisions, one law mandates that banks entrusted by cryptocurrency exchanges must pay interest on crypto deposits. This law significantly impacts K-Bank, the digital bank entrusted by Upbit, the largest exchange in South Korea.
AlexChina has seen its first criminal case involving the issuance of virtual currency. The case has sparked controversy over whether withdrawing liquidity, resulting in trading losses, constitutes fraud.
MiyukiA $10 billion lawsuit in the UK Court of Appeal pits Bitcoin SV (BSV) holders against major exchanges, alleging collusion and missed fortunes following BSV's delisting in 2019. The case, involving six defendants and a complex legal battle, could reshape how cryptocurrency exchanges operate and set precedents for future disputes.
WeatherlyWithin a week of its launch, Iggy Azalea's MOTHER token achieved a market cap exceeding $200M. However, the recent trend of celeb meme coin releases has drawn criticism from Vitalik Buterin. Will MOTHER’s momentum last?
CatherineTelegram has introduced Telegram Stars, an in-app currency for purchasing digital goods and services within the platform, and developers can convert these Stars to TON cryptocurrency via Fragment. This system reduces commission fees, incentivizing developers to create and promote apps on Telegram, furthering its ambition to become a comprehensive super app.
Weatherly