Throughout the history of cryptocurrencies, there have been several instances of cryptocurrency exchange hacks. Perhaps you may have even heard of some, such as the infamous Mt. Gox (which is actually an acronym for Magic: The Gathering Online eXchange). We intend to take a look at some of the prominent incidents, identify common patterns, and offer best practices for cryptocurrency traders.
A Brief History of Cryptocurrency Hacks
August 2010, Bitcoin protocol hack: In August 2010 a hacker exploited a bug in Bitcoin’s code, and was able to create a single block in the underlying blockchain with a transaction of 184 billion Bitcoins! Bitcoin developer Jeff Garzik was able to identify it within a couple of hours. It took 3 hours to patch the bug and deploy a hard fork. No funds could be stolen.
March 2014, Mt. Gox hack: Perhaps the most infamous of the cryptocurrency exchange hacks, Mt. Got was the largest exchange at the time. The hack was a result of substandard coding practices. The CEO of the Mt. Gox exchange insisted that he be the only person to affect changes to the code. As a result, the code couldn’t be kept up to date with the ever-changing security requirements. Hackers made off with US $473 million worth of Bitcoin. The exchange was declared bankrupt after just a few months.
January 2015, Bitstamp hack: A ‘hot’ storage wallet, i.e. the kind of cryptocurrency wallets that reside on the central server of the exchange, was hacked, and US $5.1 million in Bitcoin was stolen. This was because an administrator had fallen prey to a phishing attack, which is a form of cyber-attack involving the attacker duping the victim to part with sensitive information such as login credentials.
June 2016 DAO hack: DAO, i.e. Decentralized Autonomous Organization, was an Ethereum-based exchange running on smart contracts. A community of coders wrote smart contracts to run the organization and an Initial Coin Offering (ICO) followed to raise necessary funds. With this, the community members could vote to decide which projects the organization would take. Unfortunately, the smart contract code had a weakness, and hackers stole US $3 million in Ethers, the digital currency of the Ethereum platform. To recover, the Ethereum foundation implemented a hard fork (What is a fork?) to move the stolen funds to a new address. This divided the Ethereum community into Ethereum and Ethereum Classic which issue two independent currencies today.
August 2016, Bitfinex hack: Bitfinex’s exchange provided users with multi-signature verification to protect the wallets. Bitfinex partnered with BitGo, another major cryptocurrency company. In this arrangement, Bitfinex would hold 2 of the 3 keys for every wallet and BitGo would hold the other key. Bitfinex’s intention to reduce usage of cold storage wallets, i.e. wallets that store the cryptocurrency offline, was a critical error. Hackers managed to make both Bitfinex and BitGo approve the withdrawals, and stole US $ 72 million in Bitcoin.
July 2017, CoinDash hack: Hackers manipulated an address posted on CoinDash’s website informing ICO investors where to exchange Ether for CoinDash tokens. US $ 7 million worth of Ether was stolen.
January 2018, Coincheck hack: Cybercriminals hacked the Japanese cryptocurrency exchange Coincheck and US $ 530 worth of cryptocurrencies were stolen. In terms of monetary value, this is the largest cryptocurrency exchange hack thus far.
The above incidents demonstrate that those hacks were of centralized exchanges because funds were stored in hot wallets (wallets stored on the centralized server of the exchange). With only one database to target, the job of the hackers became much easier. Had the users stored their currencies in hard wallets, or had they used separate wallet services, they would likely have their funds today. Decentralization is key to the security of cryptocurrencies, and having a vast amount of sensitive information in one centralized server is a recipe for disaster.
[bctt tweet="Decentralization is key to the security of cryptocurrencies" username="byteacademyco"]
So, what can you do to protect your cryptocurrencies?
- Be adequately prepared and knowledgeable: If you aren’t reasonably tech-savvy, cryptocurrency trading is not for you. You don’t need to be a mathematical genius, but you should know the difference between hot wallets and cold storage wallets and be able to back-up your computer regularly. You also need to be able to encrypt your data and identify good anti-virus solutions, at the minimum. If you aren’t up to par check out classes such as Byte Academy.
- Backup your machine: Have multiple backups, and offsite backup is non-negotiable. Get good external hard drives, including good USB drives.
- Encrypt your data, and use reliable encryption solutions for this.
- Invest in cryptocurrency wallets: We’ve seen how hackers exploited hot wallets, and by now you shouldn’t doubt the importance of cold storage wallets. Before you invest in cryptocurrencies, you need to have a core wallet, and you need to buy a stable one, with a company that is likely to remain in the market. This is because when you want to access your coins later, the wallet should still work with a new version of operating system. Consider hardware wallets like Nano Ledger. Be sure to set a strong password for your wallet, and encrypt it.
- Use mobile wallets only for a very small amount of money.
- Consider having a separate computer for managing your cryptocurrencies, and invest on a Linux, running preferably on VMWare Workstation. These are safer than average Windows machines. If you must use Windows, use an administrator account only when you install important software, and then demote your access to the regular user. Malware can be installed on your windows machine only when the administrator account is being used, so use that privilege sparingly. Also, do not browse the internet using the machine for managing your cryptocurrencies.
- Invest in powerful anti-virus software.
- Use two-factor authentication.
In summary, while cryptocurrencies can “free” you from the control of central banks and associated middlemen, you really need to be that much more responsible for the security of your money. It’s imperative that you keep abreast of latest technological developments in the crypto and cyber-security spaces.