On May 1, 2025, renowned investor Tesuta (@tesuta001) revealed that his Rakuten Securities account had been hacked, sparking concerns among investors about the security of their trading accounts. Tesuta's alarming announcement came after he discovered unauthorized transactions while checking his account following a suspicious two-factor authentication email that morning.
According to Tesuta, the trouble began when he received an unexpected two-factor authentication confirmation email, which prompted him to check his account. To his shock, he found unauthorized transactions that had occurred the previous night. Despite being logged into his account during the unauthorized activity, the transactions ceased only after he changed his login password. He quickly contacted Rakuten Securities to report the incident and requested an immediate freeze on his account.
As of 3:00 PM on the same day, the cause of the breach remained unclear, raising alarm not only for Tesuta but also for the broader investment community. "I received a two-factor authentication confirmation email in the morning, suspected someone was trying to log in, and confirmed unauthorized order history. There was an order history from the night before," Tesuta explained in a series of posts on his X account (formerly Twitter).
This incident highlights a troubling trend; the Financial Services Agency (FSA) reported a sharp increase in unauthorized access incidents at various securities firms across Japan since March 2025. The FSA noted that the number of cases involving unauthorized transactions skyrocketed from just 33 in February to 685 in March, with 736 cases reported in just the first half of April—an increase of over 20 times.
The FSA took action by issuing a warning to investors on April 18, 2025, emphasizing the importance of vigilance against unauthorized access and transactions. Finance Minister Kato also addressed the issue during a press conference on April 22, instructing securities firms to respond sincerely to customer inquiries and to take measures to restore any damages incurred by investors.
In response to the growing crisis, Kato mentioned that the Japan Securities Dealers Association and individual securities companies are currently discussing compensation for victims. The FSA has pledged to monitor these discussions closely to ensure that appropriate compensation is provided to affected customers.
However, despite the implementation of security measures such as two-factor authentication, Tesuta, who has been a vocal advocate for such protocols, expressed his dismay at their ineffectiveness in his case. "I think people who are doing what the securities companies are saying are probably feeling safe. But I was doing it, and I actually had orders placed. I think that's scary," he stated, emphasizing the need for heightened security measures.
On social media, Tesuta noted that he had been using dual virus software and conducting daily scans without discovering any issues. "The source of the leak is completely unknown, but other securities companies' email addresses have also been changed," he mentioned, indicating that the problem might extend beyond his account.
As the situation continues to unfold, many investors are left questioning the security protocols in place at their trading platforms. A user on X reported on April 27 that securities accounts are being targeted despite the presence of device authentication and two-step verification. This user estimated that the financial damage from these breaches could exceed 100 billion yen, with over 2,000 cases reported.
Concerns have been raised that many of these attacks are originating from China, leading to calls for more robust protections and a review of current security measures. The user also pointed out that the login information for trading accounts may have been leaked, leading to unauthorized transactions.
In light of these events, investors are urged to remain vigilant and consider withdrawing their funds from trading accounts until security measures can be assured. One user suggested that investors should withdraw all funds by May 30, 2025, as the backup site for SBI Securities, which only requires a username and password for login, is set to be closed on that date.
Criticism has also been directed at the slow response from securities firms and the Tokyo Stock Exchange regarding the implementation of more stringent security measures. Users have pointed out vulnerabilities in the systems and have called for immediate action to address these security gaps.
As the financial landscape continues to evolve with increasing cyber threats, the case of Tesuta serves as a stark reminder of the importance of cybersecurity in the investment world. With the stakes so high, both investors and securities firms must prioritize security to protect against potential breaches and unauthorized transactions.
In the aftermath of the incident, Tesuta remains cautious but relieved that he was able to act quickly enough to prevent significant financial damage. "If I had not noticed for half a day or a day, I would have suffered damages in the tens of millions of yen," he reflected, underscoring the critical nature of prompt action in such situations.
As the investigation continues, the focus will be on determining the source of the breach and ensuring that measures are put in place to prevent future incidents. The financial community is watching closely, hoping that lessons will be learned and that stronger protections will be implemented to safeguard investor assets.
