Crypto exchanges and software keep getting hacked. Here’s what you should know

Four months later, the hackers stole at least $ 150 million from the Bitmart crypto exchange. According to an analysis, unidentified hackers used a stolen private key to open two “active wallets” and extract funds.

Security incidents like these are not new to the world of cryptocurrencies, but the size of these hacks appears to be growing as cryptocurrency prices have risen over the past year, attracting more widespread attention.

Five of the 10 largest crypto thefts of all time have occurred this year, according to data compiled by consumer website Comparitech.. And these incidents can only continue due to increased use of cryptocurrencies, according to fintech experts.

Here’s what you need to know about what’s going on and how to keep your digital assets safe.

What’s happening?

The top two targets for crypto hacks currently are centralized exchanges and decentralized finance services (DeFi), according to Tom Robinson, chief scientist at London-based crypto compliance firm Elliptic.

Centralized exchanges have been the main target of hacking groups for several years. These exchanges store a user’s assets in “active wallets” or digital wallets that are connected to the Internet. This makes them more accessible to users, but also potentially more vulnerable to expert hackers.

The recent BitMart hack was one such example. Another is the Coincheck attack in 2018, in which roughly $ 530 million was stolen, making it the biggest crypto heist in history – all the way to Poly Network. this year’s incident, according to Comparitech data.

DeFi services are a newer part of the world of cryptocurrencies. DeFi software applications eliminate all exchanges as they run directly on top of blockchain platforms, and attacks on these services are generally due to coding errors or problems with application design, according to Robinson. Prime examples include the Poly Network, as well as a more recent hack of Badger DAO, a platform that provides users with vaults on which to store bitcoin and make a profit. The Badger DAO hack resulted in the loss of $ 120 million.

“What is clear from most of these attacks this year is that a vulnerability is often being exploited,” says Rebecca Moody, head of research at Comparitech. “With the industry growing at an exponential rate and relying on open source technology, this leaves platforms open to exploitation when hackers can find a weakness in the code.”

What do you really risk losing?

Just because an exchange is under attack doesn’t necessarily mean it loses all its money.

Each encryption service has different levels of resources to cover attacks. BitMart, for example, agrees to cover all stolen assets.

According to TRM Labs crypto crime analyst Joe McGill, if an entity does not have the ability to compensate affected users, there is still a chance that law enforcement, such as the IRS’s Cyber ​​Criminal Investigations Unit, could recover the stolen funds. .

But there is no guarantee. While many banks generally offer deposit insurance up to a certain amount, there is no such promise when holding crypto assets on a third-party service. Some companies may have insurance to cover losses, but the level of coverage, if any, varies by platform.

As for the stolen cryptocurrency, it could be gone forever. “Most of the time, hackers get away with stolen funds as cryptocurrency is virtually untraceable and easily disguised by washing it through wallets within minutes,” said Adam Morris, co-founder from Crypto Head, to CNN Business.

How can cryptocurrency holders protect themselves?

When using a crypto wallet or exchange, experts say users should analyze the scale and professionalism of the company behind it.

“Do they have people responsible for cybersecurity? Does the company have a good track record? What is the size of the company? How many employees does it have? Those are all indicators that you can be confident that that company is going to protect your assets. “. responsibly, “says Robinson.

There are also basic security measures that users can take when accessing their crypto account. McGill recommends two-factor authentication or hardware keys, which are essentially passwords that are stored on offline devices. It also recommends requesting approval for all cryptocurrency withdrawals as well as whitelisted addresses, allowing only certain addresses on your contact list to receive crypto funds from your account.

“There is no 100% guarantee of avoiding cybercrime,” McGill cautions, but said it is important to understand the exchanges being used, their history with cybercrime, and the response systems in place.

Another way to protect one’s crypto assets, according to Morris, is to use a hardware wallet, known as “cold storage”, rather than storing it with a service. While considered the most secure method of storing cryptography, this route places all responsibility on the user for storing private keys. If those keys are stolen or lost, there is no larger financial institution to offer support.


Leave a Comment