Defunct FTX Japan exposes 35K users

More than a year after shutting down, the crypto platform FTX Japan has been spotted leaking the personal and financial data of over 35,000 users.

An exposed Amazon S3 bucket linked to the defunct crypto platform FTX Japan has revealed that backend infrastructure may still be running and exposing more than 35,000 users, years after the exchange officially ceased operations.

The bucket, discovered on May 12th, 2025, contained over 26 million files, including HTML-formatted financial reports, logs, and user data generated as recently as July 4th, 2024.

Leaked data suggests that automated reporting systems tied to FTX Japan remained operational long after the platform had fulfilled its customer withdrawal obligations and was assumed to be fully shut down.

Originally operating as Liquid by Quoine, the exchange was one of the first to be licensed under Japan’s crypto regulations. It was acquired by the infamous FTX in 2022, just before the global collapse and founder Sam Bankman-Fried's 25-year prison sentence for fraud.

FTX Japan was able to segregate customer funds, allowing it to return user balances even after FTX went bankrupt in November 2022. That process concluded in early 2023, with FTX Japan expected to wind down shortly.

What data was exposed?

The leak revealed a staggering 35,668 unique user identifiers, categorized by email addresses or Auth0 user IDs, often used for login authentication in identity and access management systems.

The exposed reports included sensitive financial data, such as:

Usernames and real names
Email addresses
Residential addresses
FTX account IDs
Detailed transaction logs including borrowing/lending history, cryptocurrencies, collateral types, margin rates, and risk flags

Some reports also contained account status indicators, including liquidation warnings and margin risk triggers, raising concerns about the extent to which attackers or malicious actors could gain insight from the data.

FTX Japan acquired by another crypto exchange

While FTX Japan officially completed customer withdrawals by February 2023, months after the global FTX collapse in November 2022, these newly uncovered files suggest that backend processes, such as automated reporting, continued operating well into 2024.FTX Japan was acquired by another crypto exchange, bitFlyer, in 2024 and rebranded as Custodiem. The new owner was expected to transfer FTX Japan customer accounts to bitFlyer’s infrastructure.

“It is unclear whether the discovered leak belongs to the actively used Custodiem infrastructure, or is an abandoned, unmodified artifact remaining after the FTX collapse,” the Cybernews research team explained.

“Therefore, it's also not clear if the personal data belongs to the users of Custodiem, or if the data belongs to customers of FTX Japan, who may have refused to transfer to Custodiem after the collapse,” added researchers.

The data leak also raises concerns about privacy and regulatory compliance. Under Japanese law, crypto exchanges are required to uphold strict cybersecurity and data protection standards.

Don’t miss our latest stories on Google News.

The prolonged exposure of sensitive, unprotected data may constitute a serious breach of both domestic and international data protection standards.

FTX Japan or any entity currently responsible for the infrastructure could be in violation of data protection laws due to improper data retention, failure to decommission systems after business closure, lack of data anonymization or encryption, and inadequate safeguards for personally identifiable information (PII) and financial records.

Cybernews has contacted the company regarding the data leak. However, the company had not responded by the time of publication.