In this Security Advisory issue, we will look into the recent brokerage account breaches across Japan, Malaysia, and the US and provide tips to investors on how they can prevent falling victim to such scams. [First published on 5 May 2025]
A sweeping wave of cybercrime targeting online brokerage accounts is rattling financial markets across Asia and beyond. Since February, hackers have executed unauthorised trades through compromised trading platforms, costing investors and firms nearly S$920 million (¥100 billion / US$680 million). These attacks, spanning Japan, Malaysia, and implicating markets in the United States, expose severe cracks in the global financial system’s cyber defences and demand urgent reforms in both regulation and platform security.
Japan: 100 Billion Yen in Fraudulent Trades
Japan is at the epicentre of this coordinated cyberattack. Authorities have confirmed that since early February, cybercriminals gained access to thousands of online brokerage accounts to manipulate low-liquidity (penny) stocks. Over 1,454 unauthorised stock transactions were detected across six major brokerage houses.
Trading volumes linked to these fraudulent activities have exceeded ¥100 billion, according to Japan’s Financial Services Agency (FSA). In some cases, attackers used compromised accounts to initiate buy orders, inflating prices of obscure stocks before selling at a profit—classic pump-and-dump behaviour.
Several brokerages temporarily suspended transactions involving U.S., Chinese, and domestic stocks in response to the breach. The Japan Securities Dealers Association (JSDA) has since issued a directive mandating multifactor authentication (MFA) across all retail platforms and is urging brokers to modernise surveillance systems. Still, as JSDA Chairman Toshio Morita noted, affected investors have little recourse due to a lack of mandatory compensation frameworks.
Malaysia: Hacked Accounts Used to Purchase Bursa Stocks
Similar incidents have happened recently in Malaysia, and local authorities are investigating a spike in unauthorised stock purchases on Bursa Malaysia, executed through investor accounts that were not enabled for internet trading. This suggests that breaches may have occurred at the brokerage system level, rather than through end-user credential theft—raising red flags about IT governance within financial institutions.
Affected platforms have responded by blocking high-risk IP addresses, implementing geo-restrictions, as well as advising users to re-secure credentials
Regulators are now calling for audits on brokerage cybersecurity standards, especially for legacy systems vulnerable to remote exploits.
How the Attacks Work: Advanced Phishing and Malware Techniques
Cybersecurity experts have attributed the success of these hacks to a blend of adversary-in-the-middle techniques and infostealer malware, both designed to circumvent traditional security safeguards:
Phishing campaigns trick users into clicking deceptive ads or emails that direct them to fake login portals. These counterfeit sites mimic real trading interfaces, allowing hackers to harvest credentials in real-time while executing actions on actual accounts.
Infostealers are silently embedded in malicious files or links, siphoning credentials, device fingerprints, and browser data without triggering alerts.
A report by the Macnica Security Research Centre found that more than 105,000 login credentials have already been leaked in Japan alone, some tied to active brokerage sessions.
The U.S. Connection and Cross-Border Risks
In the United States, the SEC and Department of Justice are investigating how international trading accounts—possibly compromised in Asia—were used to execute coordinated trades on US exchanges. The scale and simultaneity of the activity suggest transnational criminal networks rather than isolated bad actors.
According to Bloomberg, some of these manipulations involved trades made during non-peak hours to avoid detection, while using US penny stocks as the primary vehicle for fraud.
How Can Investors Protect Themselves
These attacks reveal a dangerous shift: cybercriminals are now weaponising individual investor accounts, often dormant or presumed secure, to wage large-scale market manipulation.
These are some tips for investors to safeguard their online accounts:
Use unique, complex passwords and update them regularly and avoid using identical credentials across platforms.
Enable multifactor authentication wherever possible.
Be wary and stay alert to prevent falling victim to phishing emails and websites, and be sceptical of unsolicited communications tied to financial products.
Never share your account information and passwords.
Routinely check trading history for unexpected activity, and enable alerts/notifications for account logins and transactions.
Cybersecurity at iFAST
The brokerage account breaches across Japan, Malaysia, and the US mark a turning point in financial cybercrime. No longer confined to phishing emails or isolated frauds, today’s attacks are methodical, systemic, and cross-border, exploiting lapses in both technology and policy.
iFAST Corp is committed to safeguarding customers’ online transactions and has implemented security measures across its wealth management platforms and digital banking services. Transactions are processed with strict security protocols and end-to-end encryption, aligning with the global security standards used by leading financial institutions.
iFAST Corp has implemented multi-layered authentication across its platforms and enforced Two-Factor Authentication (2FA) login since 2015, preventing unauthorised access and transaction modifications. Over the years, security features have evolved to include biometric authentication, allowing customers to use fingerprint or facial recognition for secure logins and transactions.
To further protect customers from unauthorised access to their accounts, the Company has introduced enhanced email notifications. Customers logging in from a new device, an incognito session, or a private browser tab receive real-time email alerts, notifying them of the new login attempt and enhancing account security monitoring.
Recent Scam Alerts
The scam targeted FSMOne Malaysia by cloning its Facebook page and brand identity to mislead users.
Key takeaways: By recognising red flags such as incorrect logos and any abnormalities, investors can better protect themselves from falling victim to scams. Always take a moment to assess the credibility of the message, post or website, and when in doubt, reach out to us via our official customer support channels for verification.
References:
The Straits Times – Hackers manipulate stocks in $920 million illicit trading spree; URL Link: https://www.straitstimes.com/business/companies-markets/hackers-manipulate-stocks-in-920-million-illicit-trading-spree
The Edge Malaysia - Widespread hacks hit stock trading accounts in Malaysia - URL Link: https://theedgemalaysia.com/node/752877
Bloomberg - Hackers Manipulate $700 Million Illicit Trading Spree – URL Link: https://www.bloomberg.com/news/articles/2025-04-23/hackers-manipulate-markets-in-700-million-illicit-trading-spree
Bloomberg – Japan Brokerages to Tighten Authentication After Accounts Hacked – URL Link: https://www.bloomberg.com/news/articles/2025-04-16/japan-brokerages-to-tighten-authentication-after-accounts-hacked
Jiji Press - 1,454 Stock Transactions via Hacked Accounts Found in Japan – URL Link: https://jen.jiji.com/jc/eng?g=eco&k=2025041800927
The official URL link of iFAST Corporation Ltd. is www.ifastcorp.com
To find out more about iFAST Corp, contact us at (65) 6535 8033 or visit our website at www.ifastcorp.com
Singapore • Hong Kong • Malaysia • China • UK