Stalling Mass Adoption Vol. III: The Year of Hacks
Our previous pieces examined why exchanges are such an integral part of the cryptocurrency environment. We now turn to a three-part series which will analyze the harmful impact put on investors, traders and unknowing hodlers who keep a significant part of their digital assets on exchanges.
It is hard enough when you lose money trading but it’s a completely different story with ultimately effect on market confidence when you lose your funds via hack or funds loss on the exchange’s side.
- Stalling Mass Adoption Vol. I: Read more here.
- Stalling Mass Adoption Vol II: Read more here.
We begin today by looking at what dominates the headlines and is the most obvious problem users encounter regarding exchanges — the already decade-long history of hacks and fraudulent activity that has resulted in billions lost.
Dark Ages: Never-ending Narrative of Hacks
There was an intangible cost of doing business on crypto exchanges since they began to emerge. Crypto trading platforms and digital wallets (hot or cold) represent a tempting target for Internet-roaming thieves.
It is relevantly easy to move and spread digital assets quickly over the internet. Moreover, you can do it in a private manner by choosing to select one of the privacy coins as a vehicle for your operations.
To make matters even more charming for cybercriminals — the coins themselves were up on a steep value rise up until December 2017.
Furthermore, because crypto is yet to enter the sphere of regulation, historically many exchanges have opted for the path of least resistance. More often than not this means little to no AML/KYC procedures, high screening thresholds and too many inidentifiable actors in the ecosystem.
As a result, a lot of these exchanges have been created and led by parties who are often lacking in experience of successfully running an exchange.
However, we must also cut these guys some slack — the crypto market practically exploded in the timespan of 6 months during which the whole industry went crazy. Even the biggest household names like Bittrex, Bitfinex and others had to suspend user registration and took measures of similar fashion.
These and other factors have accumulated and have led to multiple hacks that struck the industry and which have cost investors consequential sums of money. There’s an observable pattern of losses that extends almost as far back as Bitcoin itself.
Some of the most notable hacks include:
Ex. #1 — B&B at 2012: Bitcoinica and Bitfloor
2012 saw Bitcoinica and Bitfloor hacked, losing 85,000 BTC in the process (then valued at around $1m, now worth some $500m+). Bitfloor suffered a DDoS attack, during which the hackers used private keys they had previously hacked to withdraw all funds. Bitcoinica actually suffered a duo of hacks with the first in March the result of a security hole in their web host. Neither site survived the hacks, both were subsequently lacking the reserves in BTC to continue operating.
Ex. #2 — Failed Defense Against the Dark Arts: Mt. Gox case
The most infamous exchange hack in history occurred in 2014 — the largest exchange Mt. Gox suffering a loss of 850,000 BTC which were siphoned from the site over an unknown period of time. Worth $500m at the time, the BTC stolen would now be worth nearly $6bn — and some $18bn at BTC’s peak.
The hack sent BTC’s price into a lengthy bear market and continues to impact Bitcoin price to this day. Mt. Gox bankruptcy administrator is selling off significant amounts of recovered BTC to repay creditors.
Reports since the hack have pointed the finger at the general lack of security on the trading platform at that time. The exchange was lacking any type of version control.
For a long period, the exchange didn’t even provide any test environment, meaning changes were immediately live. As such, it is unsurprising that hackers were able to access the firm’s private keys. Mark Karpeles, the CEO, would end up in jail following the collapse.
Hacking Medley Continues…
There are a number of hacked exchanges which are able to continue operations including Poloniex, Bitstamp, and Bitfinex which were hacked in 2014, 2015 and 2016. All survived, losing with Bitstamp and Bitfinex losing c. $5m and $75m respectively. Poloniex lost 12.3% of all funds.
Bitstamp fell prey to the most obvious of attacks, with an employee opening a file by email from an unknown sender with the subsequently downloaded malware providing the hacker access to Bitstamp’s private keys. Investors absorbed the losses.
Bitfinex survived due to an involuntary haircut imposed on investors, as all users with funds on the site (not just those with stolen BTC, with even those simply holding fiat affected) took a 36% hit. Users were given a token which they were ultimately able to redeem on Bitfinex.
However, exchange hacks are far from in the past with 2018 seeing the largest crypto exchange hack of all time. In January, Coincheck, a leading Japanese exchange lost $534m of NEM.
While most exchanges now store deposits on cold wallets (one that is not connected to the internet and therefore at less risk of a remote hack), Coincheck had all of its NEM funds on a hot wallet. Bad luck follows stupidity.
One more thing perfectly illustrating the amateurish business and security practices of CoinCheck is the fact that usually hot wallets with considerable sums of digital assets held inside are often protected by ‘multi-signatures’, meaning that multiple keys are required to unlock access. Coincheck lacked this provision.
Just one month after Coincheck was hacked, so too was BitGrail, this time for $195m of NANO (then XRB, or RaiBlocks). This hack was swiftly followed by $40m being taken from the Korean exchange Coinrail in June and a further $60m lost in September on Zaif.
Although many exchanges are now far more secure than ever before, there is no doubt that investor’s willingness to use untested and unproven exchanges will lead to more losses in the future.
There is no doubt that while 2017 can be called the year of ICOs, 2018 then should be appointed with a rather less prestigious name — the year of crypto hacks. A gazillion amount of tokens, bitcoin and ethereum has been illegally possessed by industries black hats and shady individuals.
CoinStruction Stepping In: No Threats Allowed
To paraphrase a long-standing quote from W. Buffet: it takes time and hard work to build areputation, but you can ruin it in a matter of seconds. There’s a lot on the line for our project therefore, we put the security of our protocols and data at the forefront of priorities because we understand that there will not be a second chance.
Having a lot of experience working with payments, API integrations and security threats we know what form can security issues take and which direction they are likely to flow.
More often than you’d expect, the biggest vulnerabilities are represented by third-party companies and individuals that you can put your trust in.
That’s why we run a very tight ship at CoinStruction. CoinStruction’s security policy strictly outlines that all ends to our and client data should be under full control by our team without any foreign actor access. We develop our solutions, stress test them in a closed environment and only after an extensive and vigorous audit process is complete, we launch them publicly.
Tune in the next time you get a notification about CoinStructions new publication: we’re going to be talking about the fraudulent activities exchanges engage in and how to counteract them.
More about the author:
CoinStruction is creating the ultimate liquidity framework of the cryptocurrency industry. It aims to achieve its goal by aggregating valid and internally verified cryptocurrency buy and sell orders from exchanges integrated into its architecture.
Cleared orderbooks will give the users access to the best spot rates from around the world and allow the optimization of trading activities through the provision of a secure digital liquidity gateway open at all times.
Currently, CoinStruction ecosystem consists of two functional cryptocurrency trading platforms ExMarkets and CoinSupply, a digital wallet CoinAM and a digital OTC desk CoinStruction PRO to be launched by Q1, 2019.
CoinStruction — the world’s largest crypto orderbook!
Website | Telegram | Twitter | Facebook |Reddit | Instagram |
