Cryptocurrency is known for several things. Some of the aspects are good, such as the trustless, decentralized nature of the tokens. On the other hand, however, some are less than appealing, such as the volatility associated with token prices as well as the potential of scam projects emerging and cryptocurrency exchange being hacked into.
How to steal cryptocurrency assets
There are several methods that cyber hackers use to steal cryptocurrency from trading platforms. Some of these take advantage of vulnerabilities found within the exchanges’ security while others target individual customers hoping to plunder personal assets from the exchange.
Cybercriminals target customers on an individual level through fraudulent methods. Phishers use fake but not obvious websites, emails, texts, and messages which look identical to the genuine site to lure customers into providing login credentials. Usually, the fake site asks for details related to your account and confirmation of your password. When the criminals have the necessary information, they log in to your account and empty your funds into their wallets.
How to avoid phishing scams:
- Avoid opening emails from unreliable or unfamiliar sources
- Do not give any of your personal information to sites you don’t know
- Double check all sites related to your assets and only fill in information if you trust the site completely
- Make sure any “official” emails or messages are definitely from the source – and not from a similar looking location
Hacking a cryptocurrency exchange
When a cryptocurrency exchange platform is hacked and users lose their funds, the impact is felt by both the company and the customers hard. The initial punch is the loss of the funds. That’s then made worse because of how near-impossible it is to track the funds and try to identify the hackers.
Three prominent cryptocurrency exchanges have been hacked and had millions of dollars worth of digital assets stolen from their platforms:
- Mt. Gox
The Mt. Gox attack
Mt Gox launched in July 2010 and became known as the biggest Bitcoin exchange at the time. Not only did the Japanese-based platform manage to capture the Asian market, but it also started focusing on the global market. When it started picking up as the leading exchange, disaster struck.
A year later, in June of 2011, a hacker secured the login details of one of the Mt Gox auditors and stole 2609 Bitcoins. The stolen assets were sent to a private address over which the exchange had no authority. The funds were gone and couldn’t be claimed back.
Although this was the first hack, it was not the final attack that Mt Gox experienced. In 2014, the platform had regained its position as one of the leading exchanges and was dealing with over 70% of all Bitcoin transactions across the globe. Once again, the company was targeted and over 750,000 Bitcoins were stolen.
In February 2014, Mt Gox announced that all trading on the platform was suspended after the hack. Shortly after, the website closed, all exchanges services were halted, the company filed for bankruptcy and the liquidation process initiated.
The Bitfinex hack
Bitfinex faced major exploitation of its systems and saw the loss of $72 million worth of Bitcoin as a result.
In this attack, hackers took advantage of a weakness found in the architecture of the mutlisig wallets of the company. Regrettably, for the public, the weight of the attack was felt most by the customers who lost their funds that were kept in the storage of the exchange. The platform managed to retain the trust of its user base by offering Bitfinex tokens (BFX) which could be converted to US dollars to those who were affected by the attack.
Currently, Bitfinex is rated in the top 50 cryptocurrency exchanges in terms of market cap and is now trading with better, more secure systems in place.
The Coincheck heist
In January 2018, Japanese-based Coincheck faced an attack which cost the company and its clients $532 million worth of NEM.
Founded in 2014, Coincheck was looking to make its way into the Asian market. This intention was halted by the attack which occurred owing to a breach of security. The company has not disclosed the details of the breach, but insist that the hack was not an inside job. The use of hot (online) wallets rather than more secure cold wallets also led the exchange down a dangerous – and vulnerable – path.
Not only did the thief take off with millions of dollars worth of assets, but they also labelled the eleven untraceable addresses of the accounts with a tag: “coincheck_stolen_funds_do_not_accept_trades:owner_of_this_account_is_hacker“.
How to avoid a hacked cryptocurrency exchange
In order to avoid putting your funds into a cryptocurrency exchange which might face hacking and safety vulnerabilities, make sure that you consider several points related to the platform:
- Credibility and reputation: The cryptocurrency exchange needs to be able to prove that it is trustworthy to invest in and offer a place trade and store your assets
- Fees and payment: Although all exchange platforms have different fee structures in place, you should know exactly what you are signing up for before putting any money in. Also, make sure you are aware of the methods of payment accepted by the exchange, such as central or national banking, credit card acceptance or Paypal.
- Regulation limits: There are countries which are crypto friendly and the government is on board with digital currencies. Other countries are less happy with cryptocurrencies and will not legally accept cryptocurrency exchanges as businesses. Ensure that your exchange is based within the legal regulations of a country otherwise there is the risk of illegal activity as well as the vulnerability of your funds.