A Perfect Storm – Hacks and Bitcoin

by Gintautas Scerbavicius.

The crypto-world is quite a turbulent one. Over the years, we have not only witnessed magnificent ICOs crumbling down like a house of cards, but we have also seen many violations, hacks, frauds, and lots of money disappearing overnight. It’s a major challenge for transparent businesses around the globe that finds itself competing with criminals on equal terms.

Now would be the right time to address the issue of crypto custody solutions. The last barrier that stands between crypto-projects and large institutional investors. It is important to understand why investors remain reserved towards investing in crypto-businesses, and what the possible solution for this problem might be.

The Brief History of Exchange Hacks

The cryptocurrency ecosystem is particularly attractive to hackers. This is why beside small hacks that occur every once in a while, we were able to see many high-profile hacks. Over the past years, some of these hacks have shaken the very foundations of the crypto world. Only this year alone, CipherTrace, the renowned Blockchain security firm, reports that $731 million in cryptocurrency has already been stolen from crypto exchanges.

At the same time, investors got outraged because the exchanges were not only able to tell how the attack occurred, but they were unwilling to improve and update their security measures. Not even when the daily trades went well above $100 million. Majority of them didn’t even utilize multi-signature technology, which left user funds more vulnerable to heists.

The following hacks were the ones with the highest impact.

Coincheck Inc. – $500M

One of the recent and the most devastating hacks took place only this year in January 25. Friday early morning local time (or 17:57 GMT Thursday) Coincheck Inc., one of the largest exchanges in Japan, got hacked. According to the officials who informed the public at the press conference next day, the hackers easily penetrated Coincheck’s systems via an employee computer.

The malware they used allowed them to make off with $500 million worth tokens. After the Mt. Gox hack, this is the world’s biggest ever digital currency ‘theft’.

Just before the hack, bitcoin’s market cap was $196 billion dollars, while single bitcoin was valued $11,656. When the news about the largest hack in history broke, bitcoin’s market cap was worth $176 billion, while bitcoin was worth $10,470. In just a matter of a a few hours bitcoin has lost $20 billion. It’s almost the whole GDP of Cyprus or Cambodia in 2018.

The hack naturally raised a bunch of questions not only regarding the security of the company involved but cryptocurrencies and exchanges as a whole. Japan’s Financial Services Agency had to react immediately and to take steps towards preventing this from reoccurring.

Coincheck Inc. implemented new security measures to protect their users and make the transactions more safe and secure.

Right before the hack NEM was valued at around $1. The hack was a major shakeup to the value of the company, thus prices have plummeted more than twice just in matter of days.

After the company announced that their users are going to be reimbursed the value of NEM started climbing slowly, but it is nowhere near its value before the heist.

The Mt. Gox – nearly $500M

Mt. Gox was the biggest bitcoin exchange company. Based in Japan at the time when the hack happened, it handled 70% of the world’s bitcoin exchanges. The company had many flaws in its operations, ranging from the lack of any version control software and testing policy to management and bottleneck issues.

The first hack happened in June of 2011 when $8.75 million worth of accounts were compromised. For a few minutes, the price of BTC was even as low as 1 cent. The hack that definitely took the most toll happened in 2014. Hackers managed to tamper with the transaction data before it was put into the blockchain. Criminals stole $473 million worth of bitcoins and Mt. Gox was forced to declare bankruptcy.

The Bitfinex – $72M

Bitfinex is a cryptocurrency exchange platform based in Hong Kong. Bitfinex informed the public of the hack in August of 2016. How much money was stolen? 120,000 BTC – back in that time the equivalent of $72 million.

Bitfinex’s intentions to make things better for their users in terms of security and liquidity quickly turned into a disaster. To introduce their new and more efficient security measure, the company partnered up with BitGo. A new multi-signature wallet system was implemented. This new system was designed to manage the risk by dividing the wallet keys among a number of owners.

Two of the keys remained with Bitfinex while one was stored by their new partner, BitGo. All the three keys were needed for each transaction to be validated. To increase the liquidity, Bitfinex moved most of their customers’ cash into the hot wallets, thus reducing the use of cold storage.

The aftermath: the hackers attacked Bitfinex servers and managed to trick the company into signing off on illegal bitcoin withdrawals. In the process, they successfully tricked BitGo servers as well into supplying the key and validate the process as authentic. Bitcoin prices went down by 20%.

The DAO – $50M

Another infamous attack took place on June 17, 2016, when an unknown hacker found a loophole in the coding that allowed to drain funds from The DAO.

The DAO, o the Decentralized Autonomous Organization, was meant to operate like a venture capital fund for the crypto economy.

The attack cost the company $50 million. The hackers managed to identify the weak point in the company’s system, a loophole that allowed them to siphon the money easily. The problem was inside the splitting function, which allowed users to exit the DAO exchange.

Upon the exit request, the splitting function exchanges users DAO tokens gives them back their Ether, registers the transaction in the ledger, and updates the token balance in the exchange. What the hackers did is inject a recursive function that prevented the transaction registration and allowed them to reuse the same DAO tokens over and over again, and transfer even more Ether to their accounts.

In the aftermath, we witnessed one of the most famous crypto-forks. This major event again had major market implications. The DAO attack is precisely the reason why we have two Ethereum currencies today – Ethereum Classic (ETC) and the new Ethereum (ETH).


How can hacks be prevented?

As the history shows, criminal activities have great implications not to the companies directly affected but for the prices of cryptocurrencies and the crypto market as a whole.

The two countries that experienced the largest security breaches, Japan and South Korea, have already initiated strict regulatory policies to establish the new industry standards regarding cryptocurrency exchange security.

The government of South Korea has chosen to regulate cryptocurrency exchange as banks, providing financial authorities to monitor and oversee exchanges.

Stricter regulations and thorough monitoring of the security systems implemented by exchanges should prevent the security breaches in the cryptocurrency sector and if they occur anyway – to contain the magnitude of financial damages inflicted.

The centralization has been recognized as the main security weakness. This is why exchanges are adopting a decentralized design. Now the users can conduct peer-2-peer trades, during which their funds are not getting stored on just a single account.

This practice has its pain points though. One of them is the requirement for both users in the trade to be online for the trade to be listed.

Some security experts want to implement the best from both worlds – centralized and decentralized exchanges. One of the semi-decentralized exchanges, Exscudo, allows users to trade even if their funds are on the cold storage, by issuing colored tokens. Colored tokens come from the singe blockchain and the mirror the real crypto stored on users’ cold storage. If the cyber-attack occurs, thanks to the colored tokens the state can be rolled back to restore user balances. This is a great example of how to add multiple security layers without affecting the exchange’s efficiency and trade speed.

HODL Finance is the European digital lending company. HODL Finance issues loans backed by cryptocurrency and other digital assets. Founded by the shareholders of the peer-to-peer lending platform, Savy, HODL Finance now serves clients around the world.

Vytas for the Disruptor Daily: Compliance, AML, KYC procedures are one of our highest priorities

Disruptor Daily This interview is part of our new Blockchain In Lending series, where we interview the world’s leading thought leaders on the front lines of the intersections between blockchain and lending. In this interview we speak…

Tips on Choosing the Wallet with the Strongest Security

Let’s state the obvious – security in our industry is an issue. In light of multiple security breaches over the years, securing cryptocurrency funds in the right wallet with strong features is more important than ever….

Is ‘Hodling’ the Future of Cryptocurrency Lending?

By Pat Rabbitte Could ‘Hodling’ be the future shape of financing?  We spoke to Jaunius Špakauskas, communications specialist with Hodl Finance to find out more.   Hodl:  ‘A term derived from a misspelling of “hold” that refers…