Japan to tighten requirements for crypto exchanges: FSA introduces mandatory reserves

The regulator is preparing a reform that will change the rules for storing customer assets and strengthen oversight of infrastructure

Japan to require crypto exchanges to create reserves to cover losses from hacks

25.11.2025 - 08:40

234

4 min

Key points:

In 2026, the FSA will introduce a bill requiring crypto exchanges to hold reserves to compensate customers for losses from cyberattacks.
The new requirements will repeal the current exemption from storing all funds in cold wallets and introduce procedures for returning assets in the event of bankruptcy.

Japan is preparing to change the rules for crypto exchanges after a series of major hacks. The regulator intends to require companies to maintain reserves that will cover customer losses in the event of cyberattacks. Currently, exchanges avoid such requirements by storing assets in cold wallets, but the FSA considers this model insufficient. The new law is planned to be submitted to parliament in 2026.

The regulator notes that the system will resemble the requirements for traditional brokers. In the financial sector, companies hold reserves ranging from $12,7 million to $255 million, depending on trading volumes. There is still no such mechanism in the crypto industry, which increases the risks for users and complicates the procedures for returning assets in the event of an exchange’s bankruptcy.

How your cryptocurrency will be stolen: top 5 popular schemes

Scammers use a set of ready-made schemes to deceive unsuspecting cryptocurrency owners and obtain their assets

New rules

The draft provides for the creation of formal procedures for compensation payments. In the event of bankruptcy, the court will be able to appoint administrators to handle the return of assets. The exemption for cold wallets will be abolished, which should reduce the industry’s dependence on a single type of storage.

In a separate point, the FSA is considering allowing exchanges to purchase insurance instead of holding full reserves. This should reduce the burden on companies while maintaining a sufficient level of user protection.

Earlier, the regulator began working on a rule that would require developers of crypto wallet software to notify the FSA before launching their products.

The initiative came amid a series of incidents. In 2014, hackers stole 850 000 BTC from Mt. Gox, driving the exchange into bankruptcy. Payments to customers have been extended until 2024 and will continue until October 2026. After that, in 2024, DMM Bitcoin lost 4 502 BTC — about $305 million — after an employee of Ginco, a wallet software developer, was compromised.

Six months after the $1,5 billion Bybit hack. How the incident changed the industry

North Korean hackers behind the Bybit hack had to invent new ways to launder cryptocurrency because they found themselves in a situation unique to the industry

Implications for the market

According to Chainalysis, Asian countries are among those most affected by crypto hacks, and Japan is seeking to cement its reputation as one of the most secure markets.

In September, the number of crypto hacks fell by 22%, but hackers continue to actively exploit smart contract vulnerabilities. During the month, $127 million was stolen, and the volume of transactions through Tornado Cash increased, drawing greater attention from regulators to money laundering.

Author: