Let’s say, first of all, that the security of the blockchain technology itself is intact. Some may say there are possible ways to attack the Bitcoin network, but they are more of a theory rather than a real threat. The only more or less successful attempt to crack Bitcoin was made in 2010, when the swindlers exploited the core code bug and created 92 billion BTC out of nowhere. Software developers had that security leak fixed immediately, and canceled all fake transactions. That’s all. No cryptocurrency has been breached since then.
Nevertheless, real fortunes have been stolen from BTC owners since the launch of the first cryptocurrency in 2009. Why has it happened in the past, and, more importantly, why does it keep happening? Unfortunately, it is bitcoin owners who pose the greatest danger to their own assets, because they often disregard simple rules of safety. Despite all the warnings from the leading cryptocurrency experts telling them not to keep digital tokens on their exchange accounts, lots of traders are still doing this. But these recommendations are not just empty words.
See for yourself: according to the most recent and reputable statistics, more than a half of all crypto exchanges are vulnerable to cyber attacks. This is not a new problem; online platforms have always drawn fraudsters like bees to honey. Online criminals do not like to do things the hard way; on the contrary, they seek the softest spot in your defense system and break through to steal your money. Hot wallets, online cryptocurrency exchanges, and other services that have access to your tokens are these weak points. It does not mean that you should stay away from all of them and never enter a marketplace. Let’s talk about the common reasons of the exchanges’ vulnerability, and about the ways to shield your savings from being hacked.
The so-called DAO incident, which happened in 2016, can be characterized as another case of hacked blockchain protocol, but I think it is more of a human error. This security lapse was encrypted by the programmers of Ethereum, so the thief had only to take the money. The DAO, or Decentralized Autonomous Organization, was a crowdfunding project based on the smart contract. The investors bought DAO coins for ether, then their money was used to fund some companies and startups.
Anyway, they could get their ether back, and the procedure of this return was written with a mistake, which let an unknown online criminal draw 50 million USD out of the DAO system. This resulted in the hard fork of Ethereum: it erased the hack from the ledger, and made this cryptocurrency more resistant to attacks and backward-compatible. The original ethereum is now called ETC, or ethereum Classic, with the DAO incident kept in the blockchain.
Hacks in 2018
As for the hacker attacks on the cryptocurrency trading platforms, the past year was rather eventful:
As you can see, all cases of successful hacker attacks are accounted for by poor protection from online threats. Unfortunately, the founders and developers of online marketplaces do not appear to learn lessons from past experience.
The infamous case of Mt. Gox
Let’s take an example of Mt. Gox, once the largest bitcoin marketplaces. In 2011, an unknown hacker used the credentials of the Mt. Gox auditor, and dropped the nominal price of bitcoin to one cent. It resulted in a massive ask order at any price, and the hacker sold them all nominally to himself, using the exchange's software. It took minutes for the system to correct the price, but still the thief was able to walk away with almost $9 million.
Do you think they took any measures to avoid such security breaches in the future? No, in February 2014 they closed the exchange, shut down the website and even the Twitter account, and filed for bankruptcy. It appeared that around 850,000 BTC had been stolen in the period from 2011 to2014. Then, the value of the lost assets was a little less than $450 million. But if you do the math and calculate how much they would cost these days, you’ll see that this cryptocurrency crash remains the greatest in history.
Yes, they are, in fact, the most vulnerable link in the chain, which looks like this: cryptocurrency protocol — an exchange — a user’s wallet. The first is really hard to break in to, next to impossible. The wallets, meaning those that are not connected to the trading site, are also highly protected. This is why hackers choose exchanges. Indeed, just look at the figures in the report from ICORatings, I’ve mentioned it before. Here are the facts:
In fact, only 46 of 100 online marketplaces can be referred to as relatively safe, and only 4 of them really incorporate all up-to-date protection measures. The specialists say it happens all the time, because crypto brokers have never been security experts; they are businessmen, financiers, investors, etc. Unfortunately, they simply cannot keep up with hackers, who, on the contrary, are the real masters in defense technologies.
However, there is another facet of the problem. The users are oftentimes unwilling to take any actions in order to keep their tokens safe and sound. Here is what you should never do:
Anyhow, no matter how careful you are, crypto exchanges remain the weak spot. They are centralized, they execute lots of transfers, they have built-in wallets with cryptos there, and they are poorly protected. Hence, they are a honeypot for hackers.
It is true. And the breach does not have to be even notable. I’ve told you about the Coinrail hack, which ended with a huge BTC drop. The currency shed $900 from its initial price, and dragged down other altcoins. Here are some other examples of the major cryptocurrency plunges:
There is no need to recite all cases of the crypto exchange hacks here, but all of them lead to severe crypto market cap slumps.
This is no good both for the digital assets and investors. Unfortunately, exchanges bear the least responsibility for poor protection of their websites. Every time criminals find the Achilles heel in their defense system, it creates panic among traders and causes massive selloffs. Prices go down, markets shrink, and lots of people lose their money not because it was stolen by hackers, but because their assets become devalued. This is why the developers of the crypto exchanges must improve their firewalls and security protocols ASAP.
Unfortunately, it doesn’t. The programmers may do a lot to improve security, implement 2FA, and require strong passwords and confirmations, but the main problem is yet to be solved. I’ve mentioned it above in passing, almost all major crypto exchanges are centralized structures with one entity in the lead, and one or several central servers to facilitate all operations and store crypto tokens. Imagine how much enticement there is for cyber criminals! Breaking into one server, they get the access to millions worth of digital tokens. All the more, this structure is also prone to attacks from national banks and governments. It is much easier to control an institution that is operated from one location by a certain group of people.
The solution is to make the trading platforms decentralized, as is inherent in the entire concept of cryptocurrencies. And such exchanges already exist — OpenLedger, IDEX, Waves Platform, and OasisDEX to name but a few. This way, there is no one central person, server, or entity to hack or compromise, and thieves, figuratively speaking, have no door or window to break in. The same goes for control from governmental institutions; it becomes simply impossible.
If you want to secure your funds from being stolen, you should take all responsibility and control over their security. As you can see from above, it is not possible when you keep your money on the exchange account. Cold digital wallets are a different story. USB flash drives with your bitcoins kept there, like Trezor and Ledger Nano, or even printouts with the QR code, are the best way to keep assets away from hackers, simply because they are not connected to the internet and save all your data, including private and public keys, offline.
At the same time, this responsibility may seem a disadvantage to some users. This way, they will not be able to restore the access to the wallet and have their money back in case they lose the password or the backup phrase. In addition, it is rather inconvenient to plug in the USB device every time you want to transfer some BTC to another wallet, or receive coins. And still, I think these small disadvantages are far outweighed by the benefits of cold storage of bitcoins and altcoins. You can never have too much security, and everyone — regular users together with exchange founders and developers — should take all possible measures to improve it. Then, the hacking stats will go down very quickly, and bitcoin trading will not be that risky.
Looking for a safe exchange? We offer unbiased crypto exchange ratings. Curious about Initial Exchange Offerings (IEOs)? Visit our IEO list.
Author: John Ryan has been a cryptocurrency writer for 4 years. His main focus is new tendencies and analysis in the cryptocurrency world. He always seeks for development and ideas to give people valuable content.
Nevertheless, real fortunes have been stolen from BTC owners since the launch of the first cryptocurrency in 2009. Why has it happened in the past, and, more importantly, why does it keep happening? Unfortunately, it is bitcoin owners who pose the greatest danger to their own assets, because they often disregard simple rules of safety. Despite all the warnings from the leading cryptocurrency experts telling them not to keep digital tokens on their exchange accounts, lots of traders are still doing this. But these recommendations are not just empty words.
See for yourself: according to the most recent and reputable statistics, more than a half of all crypto exchanges are vulnerable to cyber attacks. This is not a new problem; online platforms have always drawn fraudsters like bees to honey. Online criminals do not like to do things the hard way; on the contrary, they seek the softest spot in your defense system and break through to steal your money. Hot wallets, online cryptocurrency exchanges, and other services that have access to your tokens are these weak points. It does not mean that you should stay away from all of them and never enter a marketplace. Let’s talk about the common reasons of the exchanges’ vulnerability, and about the ways to shield your savings from being hacked.
Let’s recall the largest cases
The so-called DAO incident, which happened in 2016, can be characterized as another case of hacked blockchain protocol, but I think it is more of a human error. This security lapse was encrypted by the programmers of Ethereum, so the thief had only to take the money. The DAO, or Decentralized Autonomous Organization, was a crowdfunding project based on the smart contract. The investors bought DAO coins for ether, then their money was used to fund some companies and startups.
Anyway, they could get their ether back, and the procedure of this return was written with a mistake, which let an unknown online criminal draw 50 million USD out of the DAO system. This resulted in the hard fork of Ethereum: it erased the hack from the ledger, and made this cryptocurrency more resistant to attacks and backward-compatible. The original ethereum is now called ETC, or ethereum Classic, with the DAO incident kept in the blockchain.
Hacks in 2018
As for the hacker attacks on the cryptocurrency trading platforms, the past year was rather eventful:
- In January, one of the biggest Japanese online trading websites, Coincheck, became a target of cyber criminals, who broke into the exchange and took crypto worth $500 million. Forbes wrote about it, and their analyst says this is not a big surprise, because security flaws are common for Japanese companies. He accounts for this by citing their unique hierarchy, which highly affects professional life, too. Oftentimes, the security specialists are simply afraid to tell their bosses that the protection of their companies is hopelessly outdated. Many of them prefer to keep it that way so as not to jeopardize their career.
- Italian BitGrail reported in February that 17 million Nano tokens had been stolen from this exchange. However, I have to tell you that there is a prevailing opinion that the founder of the marketplace is simply trying to cover his own skulduggery. One way or another, crypto owners have lost their assets.
- A Korean trading platform Coinrail became easy prey for hackers in June. The sum stolen from this website was relatively small, only $40 million, and no one would have noticed it, but it happened at the same time as the so-called “Bloody Sunday,” when the total value of BTC lost over 40 billion USD.
- The developers of another crypto exchange based in South Korea, Bithumb, and also in June, tweeted that they had to stop all deposits and withdrawals, and change their wallet system, because online heisters had breached the defense and took over $30 million worth of crypto.
- A Switzerland-based decentralized exchange Bancor was plundered a little later. A tweet issued on the 9th of July said that the company lost more than $20 million.
As you can see, all cases of successful hacker attacks are accounted for by poor protection from online threats. Unfortunately, the founders and developers of online marketplaces do not appear to learn lessons from past experience.
The infamous case of Mt. Gox
Let’s take an example of Mt. Gox, once the largest bitcoin marketplaces. In 2011, an unknown hacker used the credentials of the Mt. Gox auditor, and dropped the nominal price of bitcoin to one cent. It resulted in a massive ask order at any price, and the hacker sold them all nominally to himself, using the exchange's software. It took minutes for the system to correct the price, but still the thief was able to walk away with almost $9 million.
Do you think they took any measures to avoid such security breaches in the future? No, in February 2014 they closed the exchange, shut down the website and even the Twitter account, and filed for bankruptcy. It appeared that around 850,000 BTC had been stolen in the period from 2011 to2014. Then, the value of the lost assets was a little less than $450 million. But if you do the math and calculate how much they would cost these days, you’ll see that this cryptocurrency crash remains the greatest in history.
Crypto exchanges are really vulnerable
Yes, they are, in fact, the most vulnerable link in the chain, which looks like this: cryptocurrency protocol — an exchange — a user’s wallet. The first is really hard to break in to, next to impossible. The wallets, meaning those that are not connected to the trading site, are also highly protected. This is why hackers choose exchanges. Indeed, just look at the figures in the report from ICORatings, I’ve mentioned it before. Here are the facts:
- Almost half of all crypto trading websites allow too-weak passwords
- Five of one hundred do not require email confirmation, let alone a phone number
- There are still some exchanges that do not use 2-factor authentication (2FA)
In fact, only 46 of 100 online marketplaces can be referred to as relatively safe, and only 4 of them really incorporate all up-to-date protection measures. The specialists say it happens all the time, because crypto brokers have never been security experts; they are businessmen, financiers, investors, etc. Unfortunately, they simply cannot keep up with hackers, who, on the contrary, are the real masters in defense technologies.
However, there is another facet of the problem. The users are oftentimes unwilling to take any actions in order to keep their tokens safe and sound. Here is what you should never do:
- Expose your personal information, including the maiden name of your mother, card numbers, CVVs, phones, address, date of birth, nothing! Trespassers can use it to hijack your passwords to your mailbox, bank account, and more. All they need to do is call the phone company and pretend to be you, then everything is simple.
- Open suspicious emails, and even if you’ve opened one, do not follow links there. First, check all details — the recipient, the sender, how they address to you. The websites they suggest to visit may be phishing sites, which means that you may disclose your login and password to thieves there.
- When you are on the web page where you need to enter your credentials, you should attentively look at what is in the address bar. Fraudsters frequently change one or two letters in the address, so you think that you are logging into your account, but instead you let criminals in.
Anyhow, no matter how careful you are, crypto exchanges remain the weak spot. They are centralized, they execute lots of transfers, they have built-in wallets with cryptos there, and they are poorly protected. Hence, they are a honeypot for hackers.
Hacks lower the value of cryptocurrencies
It is true. And the breach does not have to be even notable. I’ve told you about the Coinrail hack, which ended with a huge BTC drop. The currency shed $900 from its initial price, and dragged down other altcoins. Here are some other examples of the major cryptocurrency plunges:
- The famous Gox incident relieved 36% from the Bitcoin total market capitalization.
- Bitfinex, one of the most visited marketplaces, was cracked in August 2016, and thieves grabbed about 120,000 BTC. The weakness was in the coding of the crypto wallet, connected to the exchange. This hack toppled bitcoin by one fifth of its price.
- When the felons broke into Coincheck, they took only NEM tokens. Nevertheless, this was the reason of a significant dip of the total crypto value. Such currencies as XEM, ripple, BTC, and others also fell after this security breach.
There is no need to recite all cases of the crypto exchange hacks here, but all of them lead to severe crypto market cap slumps.
This is no good both for the digital assets and investors. Unfortunately, exchanges bear the least responsibility for poor protection of their websites. Every time criminals find the Achilles heel in their defense system, it creates panic among traders and causes massive selloffs. Prices go down, markets shrink, and lots of people lose their money not because it was stolen by hackers, but because their assets become devalued. This is why the developers of the crypto exchanges must improve their firewalls and security protocols ASAP.
Does security get better?
Unfortunately, it doesn’t. The programmers may do a lot to improve security, implement 2FA, and require strong passwords and confirmations, but the main problem is yet to be solved. I’ve mentioned it above in passing, almost all major crypto exchanges are centralized structures with one entity in the lead, and one or several central servers to facilitate all operations and store crypto tokens. Imagine how much enticement there is for cyber criminals! Breaking into one server, they get the access to millions worth of digital tokens. All the more, this structure is also prone to attacks from national banks and governments. It is much easier to control an institution that is operated from one location by a certain group of people.
The solution is to make the trading platforms decentralized, as is inherent in the entire concept of cryptocurrencies. And such exchanges already exist — OpenLedger, IDEX, Waves Platform, and OasisDEX to name but a few. This way, there is no one central person, server, or entity to hack or compromise, and thieves, figuratively speaking, have no door or window to break in. The same goes for control from governmental institutions; it becomes simply impossible.
Are there any alternatives to cryptocurrency exchanges?
If you want to secure your funds from being stolen, you should take all responsibility and control over their security. As you can see from above, it is not possible when you keep your money on the exchange account. Cold digital wallets are a different story. USB flash drives with your bitcoins kept there, like Trezor and Ledger Nano, or even printouts with the QR code, are the best way to keep assets away from hackers, simply because they are not connected to the internet and save all your data, including private and public keys, offline.
At the same time, this responsibility may seem a disadvantage to some users. This way, they will not be able to restore the access to the wallet and have their money back in case they lose the password or the backup phrase. In addition, it is rather inconvenient to plug in the USB device every time you want to transfer some BTC to another wallet, or receive coins. And still, I think these small disadvantages are far outweighed by the benefits of cold storage of bitcoins and altcoins. You can never have too much security, and everyone — regular users together with exchange founders and developers — should take all possible measures to improve it. Then, the hacking stats will go down very quickly, and bitcoin trading will not be that risky.
Looking for a safe exchange? We offer unbiased crypto exchange ratings. Curious about Initial Exchange Offerings (IEOs)? Visit our IEO list.
Author: John Ryan has been a cryptocurrency writer for 4 years. His main focus is new tendencies and analysis in the cryptocurrency world. He always seeks for development and ideas to give people valuable content.