A serious cyberattack has rocked Bursa Malaysia, with multiple trading accounts hacked and used by cybercriminals to execute unauthorized share purchases. Investors are now being urged to check if their trades have been hijacked and to take urgent action to secure their accounts.
Bursa Malaysia, in collaboration with the Securities Commission Malaysia (SC), is currently investigating the breach after several brokers flagged suspicious activity. These brokers reported unauthorized logins and trades on investor accounts, sparking fears of a widespread compromise.
Offshore Hackers Exploit Brokerage Systems
According to sources within the stockbroking industry, the attack likely originated from outside Malaysia, with foreign IP addresses linked to the breach. Notably, many of the compromised Bursa trading accounts were not approved for online trading—indicating that the breach happened through brokerage firms’ systems, rather than through stolen investor login credentials.
This isn’t the first sign of trouble. A smaller, similar incident occurred six weeks prior, now believed to have been a dry run for the latest, larger-scale attack.
Which Stocks Were Targeted?
Hackers used the compromised accounts to aggressively buy specific shares and structured warrants, likely in an attempt to manipulate prices for profit. The targeted securities included:
- Bina Puri Holdings Bhd and Warrant B
- Pos Malaysia Bhd
- Several Hong Kong structured warrants, including HSI-CWC4
On the day of the breach, Bina Puri-Warrant B saw a dramatic price spike from RM0.30 to RM0.60 in just 15 minutes before settling at RM0.485—marking a 60% gain. The trading volume surged to 41.17 million units, with estimated profits hitting RM10 million. Similarly, Pos Malaysia shares jumped 23.4%, and HSI-CWC4 recorded RM19.36 million in trade value—well above typical levels.
Coordinated Cybercrime?
Some in the industry believe the attack may have involved coordination between insider traders and external cybercriminals, mimicking similar schemes seen in Japan. These tactics involve using hacked trading accounts to manipulate penny stock prices and cash out at inflated levels.
Who Provides the Trading Platforms?
Most Malaysian brokers rely on trading systems developed by N2N Connect Bhd and Excel Force MSC Bhd. Following the breach, N2N urged clients to step up security measures, including blocking risky IP addresses and implementing geo-blocking to restrict access from outside Malaysia.
What Should Investors Do Now?
If you have a Bursa trading account, here’s how to check if your trades are hijacked:
- Review your recent trade history for any unfamiliar transactions
- Change your passwords immediately
- Enable 2-factor authentication (2FA) if available
- Contact your broker if you notice suspicious activity
- Use IP restrictions or location-based security features if supported
What’s Next?
The incident has raised serious concerns about market integrity and system security. Some brokers are calling for temporary market suspension or freezing of the affected trades until the full scope of the hack is known. Investors are now waiting for decisive action from regulators to rebuild trust and prevent future intrusions.
