White-hat hackers set “traps” for the suspected cryptocurrency exchange hackers. (Tatsuya Sudo)

Japanese white-hat hackers set up an online “stakeout” that uncovered IP addresses of attackers who stole billions of yen in cryptocurrency from the Zaif exchange.

The six-member team, led by security expert Takayuki Sugiura, created a large number of transfer points for Monacoin, one of three cryptocurrencies taken, believing that it would increase the likelihood that the culprits would access them.

Osaka-based Tech Bureau Corp.'s Zaif cryptocurrency exchange had been hacked to the tune of 7 billion yen ($63 million) in September.

Officials of the company said most of the stolen Bitcoin, Bitcoin Cash and Monacoin was illicitly transferred from so-called hot wallets connected to the Internet.

Assuming that the culprits would attempt to spread out the snatched cryptocurrency to a large number of accounts to avoid detection, the team created about 220 nodes for Monacoin at once, compared to the 200 that already existed, meaning that more than half were snares.

"The name of the game is whether the culprits will access those nodes," Sugiura thought at the time. "We've done everything we can, so we'll leave the rest to fate."

About one month later, the culprits resumed their cryptocurrency transactions, as expected, using three of the nodes set up by the team.

"Monacoins have started moving," Sugiura said to his team members on Oct. 22 through a messaging system.

The white-hat hackers watched as about 700 million yen in the cryptocurrency started being transferred to other accounts.

The successful trap led to the identification of three IP addresses believed to be used by the thieves, as Monacoins had been transferred through two nodes in France and one in Germany.

The nodes were found to be on computers belonging to server rental companies. If an investigative authority makes an inquiry, such companies are highly likely to disclose the user of the IP address.

Information uncovered by the team has been shared with the Financial Services Agency and police and could help ultimately identify the thieves. The Osaka prefectural police are currently investigating the case.

The idea to set up a raft of nodes was generated by Sugiura, who is known for having created a mechanism to track senders of pirated videos and other content on Japanese file-sharing software Winny.

As cryptocurrency networks work in a similar way, Sugiura's prior experience turned out to be useful.

Other team members included Masanori Kusunoki, chief technical officer (CTO) of Japan Digital Design, a subsidiary of Mitsubishi UFJ Financial Group, grad student Ryo Ichikawa and two other students who are members of the world-renowned Tokyo Westerns hacker team.

"I wanted to give it a shot and see how far my skills and ideas could go," said Ichikawa, 24, who participated in the project from the United States via voice chat.

Speaking positively about the mechanism developed by the team, Sugiura expressed hope that it could be used in similar cases in the future.

"It has become increasingly possible to identify culprits in thefts of cryptocurrency, which has been known for enabling anonymous transactions," he said. "Now that the mechanism exists, it could serve as a deterrent against future incidents."

Sugiura pointed out that the team had only a limited ability to look into crimes such as cryptocurrency hacks, saying, "I hope the Financial Services Agency and the investigative authorities also tackle the issue seriously."