Introducing GeoRisk: A Revolutionary Risk Scoring Engine for Crypto Security

Vlightup Inc. Launches GeoRisk Beta Version

On April 13, 2026, Vlightup Inc., headquartered in Chiyoda, Tokyo, officially launched the beta version of its innovative risk scoring engine, GeoRisk. Designed specifically for cryptocurrency exchanges and stablecoin payment processors, GeoRisk aims to detect and prevent fraudulent remittances while showcasing the estimated damage that security measures have mitigated—a first-time solution that enables management to intuitively grasp the return on investment (ROI) from their security investments.

Understanding Current Industry Crises

The cryptocurrency industry faces two significant crises today:

1. Massive Hacking Incidents: In February 2025, the renowned cryptocurrency exchange ByBit experienced a staggering loss of approximately $1.5 billion (around ¥225 billion). The FBI's investigation revealed that attackers tricked the developers of the wallet management software by subtly altering the user interface. This unprecedented attack allowed perpetrators to execute fraudulent remittances at the very moment when the responsible personnel believed they were confirming legitimate transactions. Traditional authentication methods failed to prevent these attacks, which exploited genuine actions carried out by authorized individuals on legitimate devices.

2. Mandatory Internal Control Enhancements: In response to escalating hacking incidents, Japan’s Financial Services Agency (FSA) has expressed its intent to submit a revised bill for the Financial Instruments and Exchange Act to the 2026 ordinary session of the Diet. The amendments would enforce standards of internal control, equivalent to those for first-class financial products dealers, on cryptocurrency exchanges, leading to external oversight by the Securities and Exchange Surveillance Commission.

Both crises highlight a structural blind spot in traditional authentication measures that only verify who is operating but fail to ascertain the location and context.

Overview of GeoRisk Beta Version

GeoRisk serves as a real-time engine assessing the risk associated with transactions on a score from 0 to 100. Depending on the risk level indicated by the score, the system can automatically approve, require additional verification, or block transactions. It also keeps a cumulative record of the estimated damage prevented due to blocked fraud, visible on a dashboard for executive oversight.

GeoRisk utilizes three critical signals to evaluate risk effectively:

- Anomalous Locations: For instance, detecting a transaction that originates from an overseas IP address when typical operations occur locally.
- Temporal and Behavioral Irregularities: Alerts for actions such as a huge remittance made at an unusual hour that contrasts with typical user behavior.
- Device Discrepancies: Recognizing logins from unknown devices or browsers that differ from established norms.

These signals enable GeoRisk to identify ByBit-style attacks, where valid credentials are used in conjunction with deceptive interfaces.

Key Features of GeoRisk

- Damage Amount Dashboard: Displays the cumulative estimated damages from blocked fraudulent transactions, allowing management to assess security investment ROI at a glance.
- GeoRisk Score (0-100): Quickly assesses transaction risk within 200 milliseconds.
- Attack Pattern Analysis: Visualizes anomalies and documents historical attack patterns for easy reference.
- Cost-Effectiveness Report: Automatically calculates ROI by comparing prevented damages against security costs, making it usable for auditors.
- Internal Control Logs: Creates cryptographically secure records confirming who acted, when, where, and what occurred, ensuring tamper-proof audit trails.
- API Integration: Enables seamless incorporation into existing trading systems, targeting a 99.5% success rate for authentications with minimal latency.

Use Cases for GeoRisk

1. Notification for High-Value Withdrawals: Automatically triggers risk-based multi-layer approvals based on recorded anomalies for significant outgoing transactions.
2. Hot Wallet Protection: Validates operations against threats like ByBit-style fraudulent transfers through cryptographic verification of legitimate locations and devices.
3. Identifying Fraud in Stablecoin Payments: Blocks suspicious transactions during high-value payments or cross-border remittances using risk scoring.
4. Internal Control Compliance with FSA: Automates the generation of implementing evidence and documentation required to satisfy regulatory bodies.

Technological Foundation: Moving Beyond Traditional Authentication

GeoRisk is built upon Vlightup's security platform, TRUSTAUTHY, specifically leveraging its core technology GeoAuth (Location Authentication). This technology combines an operator's current location, time, and device information and completes transaction authentication only if these align with predetermined legitimate parameters.

Unlike conventional multi-factor authentication that merely verifies password and one-time code entry, TRUSTAUTHY checks for the contextual validity of the user’s environment, making unauthorized transactions extremely challenging when key parameters do not align.

In the coming future, GeoRisk aims to enhance its capabilities by incorporating machine learning alongside rule-based evaluations to finely score risks based on user behavioral patterns, identifying even unprecedented attack methods through abnormal activities.

Call for PoC (Proof of Concept) Partners

Vlightup is currently seeking Proof of Concept (PoC) partners to validate the effectiveness of the GeoRisk beta in real-world environments. The primary goal is to strengthen internal control systems in anticipation of the forthcoming Financial Instruments and Exchange Act revisions. During the beta phase, there are no charges for participation.

Future Roadmap

- April 2026: Launch of GeoRisk beta version, initiation of PoC partner recruitment.
- April 2026 - January 2027: Conducting PoC alongside more than two cryptocurrency exchanges and payment providers for real-world validation.
- 2027: Release of the official version of GeoRisk and its rollout as a compliant internal control package for enterprises.
- Post-2028: Further refinement of AI-driven behavioral profiling and global market expansion efforts in line with international compliance standards such as the FATF travel rule.

Closing Notes from Management

"With an estimated loss of ¥225 billion from ByBit and overall annual damages reaching ¥510 billion by 2025, it’s crucial to view security not merely as a cost but an investment. GeoRisk's damage dashboard addresses this structural challenge while also supporting the need for enhanced internal controls mandated by the 2026 reforms."
— Yoshio Minamoto, CEO of Vlightup Inc.

Company Overview

Vlightup Inc.

- CEO: Yoshio Minamoto
- Location: Pacific Century Place Marunouchi, 13F, 1-11-1 Marunouchi, Chiyoda, Tokyo
- Business: Development and provision of the security platform 'TRUSTAUTHY' utilizing blockchain and GNSS technology.
- Website: trustauthy.jp