Widespread hacks hit stock trading accounts in Malaysia (2025)

KUALA LUMPUR (April 24): Some investors' trading accounts have been hacked and used for unauthorised share buying on Bursa Malaysia.

Responding to questions from The Edge, Bursaconfirmed that it has, together with the Securities Commission Malaysia, been informed by several brokers about the detection of unauthorised access and trading activities in certain online trading accounts.

“The extent of the incident is being ascertained. Capital market regulators and the brokers are working closely on the matter," Bursa Malaysia said.

According to a source in the stockbroking industry, the hacking primarily originated from overseas, as indicated by the associated internet protocol (IP) addresses.

The compromised accounts were reportedly those without pre-authorised internet trading access, meaning transactions for these accounts typically require execution through their respective brokerage firms.

The source also suggested that the breach predominantly occurred at the brokerage firms' systems, rather than through individual investors' login credentials.

Interestingly, a similar but smaller-scale incident occurred about six weeks earlier, leading the source to speculate that the hackers may have been conducting a test run before launching this larger attack.

Affected investors reported that the hacking primarily facilitated fraudulent transactions involving the shares of Bina Puri Holdings Bhd (KL:BPURI) and its warrant B, shares of Pos Malaysia Bhd (KL:POS), as well as certain Hong Kong structured warrants.

Bina Puri-Warrant B, which had closed at 30 sen on Wednesday, exhibited unusual trading activity starting around 3:15pm on Thursday, doubling to 60 sen by 3:30pm. It remained at that level until 4:15pm, before retreating to close at 48.5 sen — a significant increase of 61.67%.

The warrant's total trading volume of the day reached 41.17 million units, with a substantial 33.149 million transacted at the peak price of 60 sen. This suggests that about RM10 million in profits were realised at that high point.

Concurrently, trading volume for Bina Puri shares began to rise alongside its warrants, repeatedly hitting the day's high of 40 sen, representing a 15.9% gain. The stock eventually closed at 37.5 sen — up 8.7%, with a total volume of 103.68 million shares and a turnover of RM37.78 million.

Pos Malaysia’s shares also experienced strong trading interest throughout the day. By the midday break, the counter recorded a volume of 22.08 million shares, up 19.1%. This momentum continued into the afternoon session, with an additional 18.19 million shares traded. The stock closed at 29 sen, marking a substantial 23.4% jump from Wednesday's close.

Regarding the structured warrants, HSI-CWC4 recorded an unusually high trading value of RM19.36 million, significantly exceeding other warrants, which typically trade below RM3 million.

Some market observers speculated that the hacking operation might have involved prior arrangements with cybercriminals for profit-sharing.

A similar issue has been observed in Japan, where online brokerage accounts were compromised and used to manipulate penny stocks globally. The hijacked accounts were used to purchase stocks at inflated prices, allowing those who had acquired positions earlier to sell at artificially high prices.

Malaysia has two main providers of direct market access platform services for stockbroking firms: N2N Connect Bhd (KL:N2) and Excel Force MSC Bhd (KL:EFORCE).

Following the hacking incident, N2N reportedly sent a note to its clients outlining several recommended security measures, including blocking identified high-risk IP addresses and implementing geo-blocking for non-Malaysian IPs.

Industry players seek clarity on market response and liability

Industry participants are expressing deep concern regarding the actions authorities will take and who will ultimately be held responsible for the financial losses incurred.

“Can the authorities freeze the entire day’s transactions for this stock and instruct stockbrokers to withhold sale proceeds, pending investigation?” one source asked, "or should Bursa Malaysia suspend trading for the affected counters until the investigation is complete?”

One broker is said to have urged Bursa Malaysia to consider a temporary suspension of market trading until authorities can ensure the security of trading platforms and prevent similar incidents from happening again.