Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
By Mike Romanenko
In the world of cryptocurrencies, exchanges have become the backbone of the industry. They are where Bitcoin, Ethereum, and other digital asset holders can buy, sell, and trade their coins. However, despite the numerous advantages of exchanges, there is a troubling trend: hackers target them, resulting in millions of dollars worth of losses. Such hacks have become far too regular and have caused many to question the security protocols of these exchanges. In this article, Mike Romanenko, the co-founder of the global fintech ecosystem Kyrrex, covers the main conclusions that crypto exchanges can draw after the listed hacks.
Wait, but what was going on with exchangers if we go retrospective?
In the whole history of the existence of cryptocurrencies, almost every exchange has been subjected to hacking, and repeatedly. The exchanges could conclude and ensure maximum protection of wallets. But hacks happen again and again. It comes to the point of absurdity: there were numerous examples when exchanges stopped trading under the pretext of "technical works," which gave rise to unfounded rumors about hacks. In other words, the exchanges are reluctant to admit they were attacked.
In recent years, several major exchanges have experienced devastating hacks. Bithumb, one of South Korea's largest cryptocurrency exchanges, fell victim to a major hack in 2018. On June 29 (as the official information says), wallet owners noticed they began losing relatively large amounts of crypto coins. The attackers tried not to attract attention, being content only with the UTS and VTS in such quantities that the loss was not quickly detected. Therefore, a full hack review was only made public on July 4.
Hackers used an unknown method to compromise the computer of one of the exchange employees, after which they could access about 3% of the customer base. The investigation at the time could not establish how access to the database was obtained. It is only known that hackers copied all user data, including phone numbers and post addresses. With user data, the attackers engaged in "telephone fishing" — under the guise of exchange representatives, they lured out one-time passwords and stole money.
The Bithumb hack had an unexpected continuation in December 2017. It was later discovered that the hackers attacked the exchange in February, but this information only became public in June. The stolen amount was initially reported to be about $7 million, but by the time it was disclosed, it had grown to $80 million. The National Intelligence Agency of South Korea accused hackers from the DPRK of the attack, but no further developments were made. It is unclear whether Bithumb intentionally concealed the hack in February, as it is hard to overlook a loss of $7 million. The incident tarnished the exchange's reputation, although covering the losses at the previous exchange rate was more manageable, which later significantly increased. Interestingly, Bithumb lost over $30 million of digital assets, including Bitcoin and Ethereum. However, Bitcoin was unaffected by the news, and the exchange remains highly ranked.
The fact that Bitcoin remained unaffected by the news shows the resilience and stability of the cryptocurrency market. It also raises questions about investor confidence and the potential detachment of cryptocurrency prices from real-world events. However, the Bithumb hack is a wake-up call for the cryptocurrency industry. It exposes the vulnerabilities of centralized exchanges and emphasizes the urgent need for enhanced security standards, transparency, and accountability. Exchanges must proactively adopt measures such as implementing robust security protocols, conducting regular audits, and transparently disclosing security breaches.
Another notable incident occurred the same year when Coincheck, a prominent Japanese exchange, was hacked, resulting in the theft of more than $500 million worth of NEM cryptocurrency. This event stands as one of the largest cryptocurrency hacks in history. The incident prompted intense scrutiny and led to calls for increased industry regulation.
The hack of Bitfinex in the summer of 2016 was also a significant event in the cryptocurrency industry, resulting in the theft of approximately $72 million worth of Bitcoins from the exchange's hot wallet. This incident not only impacted the exchange but also had broader implications for the reputation and security of cryptocurrencies. Following the hack, Bitfinex faced increased regulatory scrutiny, mainly due to its association with Tether, a stablecoin issuer linked to the exchange. The incident prompted investigators to closely examine the exchange's financial condition, allegations of money laundering, and speculative practices. Though these concerns are outside the scope of this analysis, they are significant contexts to consider when evaluating the overall impact of the hack on Bitfinex's reputation and the broader cryptocurrency market.
One notable consequence of the Bitfinex hack was the immediate impact on the Bitcoin price. The breach led to a symbolic 18% decrease in the Bitcoin rate, from $750 to below $550. This price drop demonstrates the influence of such events on market sentiment and investor confidence. The significance of the Bitfinex hack, combined with the scale of the theft, caused a noticeable reaction in the market, reinforcing the need for robust security measures throughout the cryptocurrency ecosystem.
BitGo, a leading security provider in the cryptocurrency industry, was responsible for securing Bitfinex's assets at the time of the hack. They quickly declared that the vulnerability did not originate from their side, suggesting that the breach resulted from their security protocols being compromised. However, the details surrounding the investigation and how the hackers obtained users' keys were not disclosed publicly. This raises questions about the overall security practices of the exchange and the need for increased transparency and accountability among industry participants.
That is to say that this incident serves as a reminder that the cryptocurrency industry must remain vigilant in addressing security risks and collaborate to strengthen overall security standards to protect user assets.
These repeated hacks have highlighted the inherent risks associated with centralized exchanges. Centralized exchanges act as intermediaries and custodians of user funds, which makes them attractive targets for malicious actors. When attackers gain unauthorized access to these platforms, they can compromise user accounts and steal digital assets, causing substantial financial losses.
Lessons learned, security elevated: Post-attack steps
After experiencing a security breach, exchanges must reevaluate their security infrastructure. This involves conducting a comprehensive audit to identify any vulnerabilities or weak points hackers may have exploited. By understanding the attack vectors, exchanges can better fortify their systems and implement robust security measures. This may include upgrading encryption methods, implementing multi-factor authentication protocols, and regularly patching and updating software to stay ahead of potential threats.
Human error is often a contributing factor in successful cyber-attacks. Exchanges must invest in training programs that educate their staff about the latest cybersecurity threats and emphasize best practices to mitigate risks. By creating a culture of security awareness, exchanges can empower their employees to identify and report suspicious activities, thereby strengthening their defense against attacks.
One valuable lesson from exchange hacks is the importance of securely storing digital assets. Exchanges should consider implementing cold storage solutions, which keep a significant portion of their users' funds offline in secure hardware wallets. By reducing the amount of digital assets exposed to potential vulnerabilities, exchanges can significantly mitigate the risk of loss due to hacking attempts.
The cryptocurrency industry faces a common adversary in hackers. Exchanges can benefit from collaborating and sharing information regarding security threats and attacks. By establishing channels for communication and cooperation, exchanges can collectively work towards strengthening security protocols and preemptively identifying potential threats. Open lines of communication will foster an environment where knowledge and practices can be shared to fortify the entire industry against cyber-attacks.
Cryptocurrency exchanges operate in a largely unregulated landscape. However, as attacks continue to rise, it is becoming increasingly evident that regulation is necessary to protect users and foster trust in the ecosystem. Governments should consider implementing regulatory frameworks that outline minimum security standards for exchanges. This will help safeguard user funds and ensure greater transparency and accountability within the industry.
With the increasing use of digital assets, exchanges have become attractive targets for hackers seeking to exploit user information for various malicious purposes. Implementing regulations that specifically address personal data protection can significantly enhance user privacy and security.
Under regulatory frameworks, exchanges can be required to implement robust data protection measures, including encryption protocols, secure data storage, and strict access controls. These measures can help prevent unauthorized access to user information and mitigate the risk of data breaches. Additionally, exchanges should be mandated to conduct regular security audits and vulnerability assessments to identify and address any potential weaknesses in their data protection systems.
That will enhance confidence in the market, attract more participants, and foster the industry's sustainable growth. It is essential for regulators to proactively address the growing risks associated with data breaches in the cryptocurrency landscape to ensure the long-term viability and success of digital asset trading platforms.
An attack on an exchange should serve as a wake-up call rather than the end of the journey towards better security. Exchanges need to implement continuous security monitoring and proactively respond to potential threats. By investing in advanced threat detection systems and sophisticated analytics, exchanges can minimize vulnerability windows and swiftly neutralize emerging risks. Exchanges must prioritize their users' security, and developing these measures is a constant process. Exchanges are to collaborate with governing bodies, other exchanges, security experts, and stakeholders to enhance security protocols and ensure their success.
Author Bio
CVO, Co-Founder of https://kyrrex.com/
Mike, who has more than a decade of experience in investment and financial regulation, is a co-founder of Kyrrex. Besides, Mike holds key roles at Unicorn Factory Ventures and Vireye Game Studios, championing web3 and gaming innovations. Often featured in podcasts and panels, he's a recognized authority in the crypto domain.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.