paint-brush
Cryptocurrency Security Threats: Lessons from Top Exchange Hacksby@stylianoskampakis
642 reads
642 reads

Cryptocurrency Security Threats: Lessons from Top Exchange Hacks

by Stylianos KampakisNovember 19th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Since the emergence of Bitcoin, the loss due to theft within the system has surpassed $1 billion. As digital currencies become more valuable, the security threats are increasing. The digital nature of Bitcoin makes it vulnerable to hacking. Exchange hacks are by far the greatest threat to crypto security because when they occur, multiple wallets in the network are affected. Binance, the most popular crypto exchange, was breached on May 7, 2019, led to the loss of an estimated 7000 BTC – about $56 million today.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Cryptocurrency Security Threats: Lessons from Top Exchange Hacks
Stylianos Kampakis HackerNoon profile picture


The digital nature of Bitcoin makes it vulnerable to hacking. While traditional banks holding fiat currencies are not exempt from breaches, incidents happen more frequently with cryptocurrencies. Since the emergence of Bitcoin, the loss due to theft within the system has surpassed $1 billion. As digital currencies become more valuable, security threats are increasing.


Digital currency is mostly built on the blockchain or similar data structures such as directed acyclic graphs (DAGs), all of which are difficult to hack. So when cybersecurity comes up, the blockchain or currencies are not the problem. The real problem lies in the systems created around these technologies, such as cryptocurrency exchanges, wallets, custodians, security companies, and ICO platforms.


Exchange hacks are by far the greatest threat to crypto security because when they occur, multiple wallets in the network are affected. Since the first digital currency exchange hack exposed the vulnerabilities of cryptocurrency transactions in 2011, attackers have evolved and continue to try new approaches. These days, an exchange breach could be caused by anything from phishing to discovering a bug in the security code. Cryptocurrency security threats are global, with a new variety of cases every year.

MT. GOX

On June 19, 2011, hackers stole 2609 BTC from Japan-based Bitcoin exchange Mt. Gox by using the auditor’s credentials. The Bitcoins were transferred to a different account that the exchange couldn’t access. This was the first major exchange hack, and it signaled the first major flaw with the Bitcoin security system. It became clear that although the blockchain itself couldn’t be hacked at the time, the systems built around it could. This was bad news because there was no way to create mainstream access with the reach and convenience of exchanges.

Fortunately, after suspending its operations for a couple of days, the exchange was back on its feet. In 2014, the exchange took another blow. This time, more than 750,000 BTC was stolen and the exchange closed down and filed for bankruptcy.

BINANCE

The problem of cloud security in the crypto ecosystem became even more apparent when Binance, the most popular crypto exchange, was breached. The malicious attack, occurring on May 7, 2019, led to the loss of an estimated 7000 BTC. This was the equivalent of about $40 million at the time – about $56 million today.


The exchange promptly released a statement explaining the situation, which read:


We have discovered a large-scale security breach today, May 7, 2019 at 17:15:24. Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. The hackers were able to withdraw 7000 BTC in this one transaction


Binance also assured its users it would replace all the lost funds and none of their accounts would be affected.

BITFINEX

On August 2, 2015, Bitfinex suffered a bad breach, second to only Mt. Gox. The attack resulted in the theft of 119,756 BTC, worth about $66 million at the time. Due to the magnitude, it caused a plunge in the price of Bitcoin. The breach was caused by a flaw in the structure of Bitfinex accounts. It was also attributed to the exchange’s use of BitGo as a part of its security protocol.

In February 2019, Bitfinex announced that the U.S government had recovered and returned 27.66270285 BTC believed to be a part of the stolen funds. Nothing more was heard of the case until April 2019, when 300 of the stolen Bitcoins were moved for the first time to 13 new wallet addresses.

BITSTAMP

In January 2015, hackers targeted six Bitstamp employees through phishing attempts. One of the employees accidentally downloaded a file which led to a data breach. In the process, about 19,000 BTC ($5 million) were stolen.  An in-depth report published by Reddit user u/coinleakanm, is believed to have been drafted by the exchange.


Concerning the incident, the report read:

Shortly after the attack was discovered, Bitstamp made an expensive but necessary decision to rebuild our entire trading platform and ancillary systems from the ground up, rather than trying to reboot our old system. We did this from a secure backup that was maintained (according to disaster recovery procedures) in a ‘clean room’ environment.


The exchange was not as forthcoming with information and allegedly lost customers. According to the report:

“Bitstamp has lost customers, including major clients engaged in providing merchant services in bitcoin, and has suffered significant damage to its reputation, which we are unable to quantify exactly at this point, but which we believe exceeds $2 million.

Market impact of crypto thefts

When these breaches happen, not only is the general outlook of cryptocurrency negative, it also affects the market. Usually, the stolen currency sees a steep drop in price which may stabilize after some time. In the case of Bitfinex, the price of BTC fell by almost 20%, going from $550 to about $480.


Insecurity is a major hindrance to the adoption of cryptocurrencies like Bitcoin since people are scared of losing their money. A common mental shortcut called availability heuristic also plays a role in this, since people think more about the possibility of exchange hacks than about the millions of wallets that have never been hacked.

Security solutions to cryptocurrency insecurity

The frequency of attacks is causing investors to lean toward exchanges with financial backing so they are certain their funds are insured against theft. Exchanges, on the other hand, are leaning toward more airtight security protocols. The goal is to achieve better security without additional centralization in the process. If cryptocurrency access becomes safe but restricted, then the purpose of even having digital currencies in the first place would be defeated.


Soon, the exchanges that are able to provide higher levels of financial security to their users will be at the top of the food chain. One such example is the FT Exchange, which is backed by Alameda Research and offers investors a high level of security. Others are gradually emerging and evolving into safer spaces for people to trade. Another option is for exchanges and users to store all funds in hard wallets, but this goes against the whole point of digital currency. It shows they can’t be safely stored anywhere else.

Final Thoughts

Depending on how soon the exchanges and digital currency platforms can get their security measures in order, the future of cryptocurrency may thrive or deplete. However, one thing is for sure: the average person isn’t going to invest in a digital currency knowing that there’s a new exchange hack every month.


Not only is there a possibility that new people won’t adopt the technology, but these data breaches may also discourage the users it already has. Exchanges must find ways to bring the banks and other financial institutions on board to offer financial protection for users’ assets. Apart from making the exchanges safer, this will give them credibility and create trust between them and their users.



Also published here.