Bursa Trading Accounts Hacked | Check if Your Trades Are Hijacked!

A serious cyberattack has hit Bursa Malaysia, where hackers gained access to several investors trading accounts and used them to buy shares without permission.

Bursa Malaysia confirmed that it has been working with the Securities Commission Malaysia after being alerted by several brokers. These brokers reported suspicious trading activity and unauthorised logins to some online trading accounts. Investigations are ongoing, and both regulators and brokers are cooperating closely to understand the full extent of the attack.

According to a source in the stockbroking industry, the hacking appears to have come from overseas. The IP addresses involved in the attack suggest the activity was launched outside of Malaysia. The compromised accounts were mostly those not approved for online trading, meaning trades for these accounts would normally go through brokers manually.

It is believed that the breach happened through the brokerage firms systems, rather than from stolen login details of individual investors. Interestingly, a similar incident happened around six weeks earlier, but on a smaller scale. Industry sources now suspect that the earlier event may have been a test before this larger attack.

The hackers used the access to buy specific shares and warrants in large volumes. The affected securities included Bina Puri Holdings Bhd, its Warrant B, Pos Malaysia Bhd, and a few Hong Kong structured warrants.

Unusual price movements were seen, especially in Bina Puri-Warrant B. On the day of the attack, its price jumped from 30 sen to 60 sen in just 15 minutes during the afternoon session. It later closed at 48.5 sen, up by over 60%. The trading volume hit 41.17 million units, with most trades happening at the peak. At 60 sen, its estimated that around RM10 million in profits could have been made.

Bina Puri shares also showed a spike. They climbed as high as 40 sen during the day and closed at 37.5 sen, up 8.7%. A total of 103.68 million shares were traded, with a turnover of RM37.78 million.

Pos Malaysia shares saw heavy trading as well. By the end of the day, more than 40 million shares had changed hands, pushing the price up by 23.4% to 29 sen.

Among the structured warrants, HSI-CWC4 saw an unusually high trading value of RM19.36 million, far more than the average warrant, which usually stays below RM3 million.

Some in the market believe the attack may have involved coordination with cybercriminals who helped with the breach in exchange for a share of the profits. Similar hacking tactics have been seen in Japan, where attackers used compromised accounts to push up penny stock prices and then sell at inflated levels.

In Malaysia, two companies provide the trading platforms used by most brokers: N2N Connect Bhd and Excel Force MSC Bhd. After the incident, N2N advised its clients to strengthen security by blocking certain high-risk IP addresses and using geo-blocking to stop access from outside Malaysia.

Brokers and investors are now waiting to see what action regulators will take. There are questions about whether Bursa Malaysia should suspend trading in the affected stocks or freeze the days transactions while the investigation continues. One broker suggested halting the entire market temporarily to ensure trading systems are secure before resuming.

As the investigation progresses, market players are demanding clear answers and urgent action to restore confidence and prevent future breaches.