Fraudulent Trading by Hackers Surges More Than 10-Fold in Japan

The Japanese financial sector is grappling with a cybersecurity crisis as unauthorized trading linked to hacked brokerage accounts has surged over 10-fold since early 2025. According to Japan’s Financial Services Agency (FSA), fraudulent transactions involving stolen customer credentials have reached alarming levels, with total losses exceeding $710 million as of April 2025. This article examines the scale of the crisis, its implications for investors, and the regulatory response.

The Scale of the Surge

Between February and April 2025, unauthorized trading activities soared:

• February 2025: 33 fraudulent transactions totaling $700,000 in sales.
• March 2025: A 20-fold increase to 685 transactions, with sales hitting $90 million.
• April 2025 (first 16 days): 736 transactions, pushing sales to $260 million.

Cumulative losses from February to mid-April reached $350 million in sales and $315 million in purchases, with over 3,300 unauthorized account accesses reported. The FSA warns that these figures likely understate the true scale, as many cases remain undetected.

How Hackers Operate

The attacks rely on phishing schemes targeting brokerage customers. Fake websites mimic legitimate platforms, tricking users into entering login credentials. Once inside accounts, hackers:
1. Sell existing stocks.
2. Use proceeds to buy Chinese equities, which remain in the account post-attack.

This method obscures losses, as victims often discover discrepancies only after reviewing transactions. The FSA attributes the surge to weak cybersecurity practices, including reused passwords and lack of multi-factor authentication (MFA).

Affected Sectors and Companies

The crisis has hit major Japanese financial institutions:

• Rakuten Securities (part of Rakuten Group, 4755.T)
• Nomura Holdings (8604.T)
• SMBC Nikko Securities (part of Mitsubishi UFJ Financial Group, 8303.T)
• SBI Holdings (8473.T)

These firms have faced reputational damage and operational costs from system upgrades. For example, SBI Holdings saw its stock dip 15% in March 2025 amid compliance concerns. Conversely, firms like Mitsubishi UFJ (8303.T), which invested early in biometric authentication, have maintained resilience.

Regulatory and Industry Responses

1. FSA Mandates:
2. Brokers must cover customer losses.
3. Customers are urged to enable MFA and avoid phishing links.
4. Japan Securities Dealers Association (JSDA):
5. Proposed mandatory MFA for all brokerage accounts.
6. Draft guidelines require layered authentication (e.g., passwords + biometrics).
7. Global Standards:
8. The FIDO Alliance reported that MFA reduces account compromise by 99%, driving Japan’s push for adoption.

Market and Investment Implications

The crisis has broad ripple effects:
- Investor Confidence: Retail investors may reduce trading activity amid fear of account breaches.
- Compliance Costs: Brokerages face cumulative expenses of ¥50–100 billion ($350–700 million) by 2026 for system upgrades.
- Sector分化: Firms with robust cybersecurity (e.g., Mitsubishi UFJ) are outperforming laggards, reshaping industry dynamics.

Conclusion

The surge in fraudulent trading in Japan underscores a systemic cybersecurity challenge in the financial sector. With losses exceeding $710 million and attacks escalating by over 10-fold since February 2025, the crisis demands urgent action. Investors should prioritize firms with advanced security measures and monitor regulatory updates. The FSA’s push for MFA and the JSDA’s guidelines signal a turning point—failure to adapt could erode trust and profitability. Meanwhile, stocks like Mitsubishi UFJ (8303.T), which have invested in biometric authentication, may outperform peers in the coming quarters.

The path forward hinges on collaboration between regulators, institutions, and customers to fortify defenses against evolving cyber threats.