Cybersecurity has become a significant issue in the crypto market and with good reason. CyberTrace estimates that nearly $927 million in cryptocurrency was stolen in 2018 alone. With Bitcoin being launched in 2009, it’s hard to say precisely how much has been lost due to crypto hacks. As more people are being drawn in and more substantial sums are being taken, security has become the main focus of exchanges everywhere. To get a better gauge on what we’ve learned and where we’re going in security, we have to take a look back at some of the largest crypto hacks and what we’ve learned from them.
In 2015, Bitstamp was hacked following a phishing scam that successfully obtained login information from exchange employees. Approximately 18,866 BTC was stolen, value at the time around $5 million. While Bitstamp was able to repay all that was lost to its users and were able to fix the vulnerabilities, we still learned a lot from this hack.
In this hack, we learned that even the employees of a cryptocurrency exchange are vulnerable to basic hacking strategies. It’s important to know how to protect yourself from those who would be willing to manipulate you for their own personal gain. Educating yourself is the best thing that you can do. As far as crypto exchanges go, having fail-safes in place will help to hinder any potential threat.
In 2016, there was a hack to Bitfinex’s security system, specifically the “keys” used for account authentication used by the exchange. While users had one key, Bitfinex had the other two remaining keys, one stored offline, to help boost security. The hackers were able to take the keys and access the multi-signature accounts. Almost $70 million was lost in the hack.
Fingers were pointed in all directions following this hack, but the main culprit seems to be a failure of the multi-signature authentication system. It was known to have vulnerabilities, but they were failed to be addressed. Identifying the holes in the system and working tirelessly to fill them, especially for a problem that’s widely acknowledged, could have helped to prevent it.
While Bithumb was hacked twice, we’re going to be focusing on the second, more massive hack. In 2018, the largest of the two crypto hacks occurred. The staff noticed that $32 million was missing. Thanks to their quick action, $14 million was able to be recovered, but they still lost around $18 million in the hack. It’s still unknown as to who is the culprit, but because of the incident, Bithumb has downsized significantly, losing their status as one of the top 10 crypto exchanges in the world.
The hackers were able to compromise Bitumb’s hot wallet, stealing a variety of different crypto in the process. The thought is that the crypto was taken to be later laundered on a different crypto exchange. Adding more regulations on exchanges, specifically on those markets that allow for these practices, like the Russian and North Korean markets is crucial. Without these regulations, those thefts can be hidden by a sleight of hand conversion of the assets to another form, either digitally or in fiat currencies.
This has been, so far, the largest crypto hack in history, which happened last year right at the start of the year. The Coincheck hack loss netted the hackers a grand total of more than $500 million in assets. Not only that, but the hackers made away with more than 250 thousand users’ personal data. While Coincheck did take full responsibility for the attack, it took almost a full year for them to get back on their feet, but only after being acquired by Monex, Inc.
The loss happened because Coincheck had embarrassingly stored all of one type of crypto in a single hot wallet and didn’t use the recommended multi-sign authentication for larger transfers. These poor financial practices lost them more money than any other hack in history to date. If they had even had one more level of security, it could have slowed or stopped the hack before the assets were lost.
It can be daunting to hear about all the security holes in the system, but from failures, we learn how to prevent it from happening again in the future. With the enormous strides being made in cybersecurity, human error is still one of the most devastating weaknesses we have in the system. If we can learn how to mend these holes, we can create a safer marketplace for our assets and build a stronger market for all of us.