On November 5, 2019, Vietnam-based cryptocurrency exchange VinDAX was hacked, losing half a million U.S. dollars worth of funds spread across 23 different cryptocurrencies. The VinDAX hack marks the latest in a series of cryptocurrency exchange hacks and data breaches that have taken place this year, and is part of a larger and growing trend of digital currency heists that have occurred since Bitcoin, the first cryptocurrency, was introduced in 2008. In July of this year, Japan-based cryptocurrency exchange Bitpoint was also hacked, losing about $32 million in cryptocurrency, and earlier this year, hackers stole $16 million worth of cryptocurrency from New Zealand-based Cryptopia. Losses from cryptocurrency hacks this year alone are reported to have totaled around $1.39 billion worth of assets.
Cryptocurrencies are built on a technology called blockchain a distributed ledger technology in which transactions are recorded across a network of peer-to-peer computers. Since the most well-known cryptocurrency, Bitcoin, together with the underlying blockchain technology, was developed by one or more developers using the pseudonym Satoshi Nakamoto and published in a white paper in 2008, blockchain has been praised for its intrinsic security, as well as qualities that allow cryptocurrency holders to remain largely anonymous. But the same features that have made blockchain an innovative financial technology also make cryptocurrencies an attractive target for theft; once stolen, the nature of blockchain technology makes it extremely difficult to trace the culprits and track down the stolen assets.
Cryptocurrencies generally are based upon a system that uses a public digital key, which is used for identification (similar to a bank account number), and a private digital key (similar to a personal identification number to access that account), which is used for encryption and authentication. The other component of the system is the wallet, which stores cryptocurrencies. Each wallet has a unique address, which is used for sending and receiving funds. A user starts with an address, which in turn generates a private key and a public key using an algorithm; the private key grants the user ownership of the funds at a specified address. When sending funds, the system software identifies the transaction with the private key (without disclosing it), which validates for the benefit of all on the relevant network the authority of the user to transfer the funds from its address (which it does by generating a unique digital signature for every transaction a user undertakes). The public key, which is the public address for the wallet (in effect the address is a representation of the public key) and is intended to be shared, is derived from the private key (that is, the private key generates the public key). At the heart of the cryptography system is the one-way aspect of these components: the public key cannot be derived from the address, and the private key cannot be derived from the public key.
Experts say that one of the safest ways to store cryptocurrency is by using what is known as a hardware wallet. This is an off-line device like a thumb drive, in which a users private keys are stored. These devices often require passwords, backed by sophisticated encryption systems, and multi-factor authentication procedures in order to gain access to the private keys stored on them. (These devices do not store cryptocurrency assets themselves, but rather the private keys associated with the cryptocurrency assets in the blockchain system.) The problem with this system is that it is cumbersome. Accessing funds requires having the hardware wallet on-hand, and then engaging in a lengthy process of opening up the hardware wallet and gaining access to the private keys stored in the wallet. This can make it hard to respond quickly to the highly volatile cryptocurrency marketplace.
The solution to which many resort is keeping their funds on the exchanges they use to buy and sell cryptocurrency (examples include Coinbase, Bittrex and CEX.io). However, since the cryptocurrencies themselves are not actually on the exchanges, what this technically means is that the users are storing their private keys on the exchange. The exchanges therefore act as warehouses of private keys associated with hundreds of millions, and often billions, of dollars in cryptocurrency assets. Not surprisingly given the concentration risk, these exchanges have increasingly become a favorite target for high-value hacks.
Cryptocurrency hacks not only result in significant loss of personal holdings; they also create wild fluctuations in cryptocurrency markets. After a $37 million hack of the Korean exchange Coinrail in 2018, Bitcoin (the first, and most popular cryptocurrency) lost approximately 11% of its market value. A similar drop occurred after hackers stole 120,000 Bitcoins from Hong Kong-based exchange Bitfinex in 2016.
In light of the increasing number of cryptocurrency exchange hacks in recent years, companies that invest in cryptocurrency projects or have significant holdings in cryptocurrencies should keep the following in mind:
What should companies with significant holdings in cryptocurrencies be considering?
Companies considering investing in cryptocurrencies may want to undertake a thorough due diligence analysis of the cybersecurity measures, response protocols, and access controls for their preferred method of storing their private keys, whether that method involves using an exchange, a hardware wallet, or some other method.
Companies may also want to engage outside counsel or retain in-house expertise to advise them as to their legal obligations for how they store their private keys. For example, companies may need to determine whether applicable SEC laws and regulations require the use of a qualified custodian for holding private keys, as well as their obligations for instituting specific controls and response procedures for protecting against the loss of clients assets.
Use offline or hardware wallets
As discussed above, there are few safer ways to secure cryptocurrency assets than using a hardware wallet for maintaining private keys. While these hardware wallets are commercially available, large investors may consider instead engaging computer engineers that can build custom hardware wallets. Similarly, as discussed above, companies may want to consider engaging a reputable, insured, qualified cryptocurrency custodian service for storing private keys.
What should companies that are investing in cryptocurrency businesses be considering?
When investing in a cryptocurrency exchange project, invest heavily in cybersecurity.
Cryptocurrency users have many exchange options, and they tend to be fairly discriminating about which they choose to use based on the exchanges reputations for cybersecurity and history of cyber penetrations. A new cryptocurrency exchange will need to earn a reputation for integrity and cybersecurity in order to attract users (unless, as is sometimes the case, the exchange offers certain desirable cryptocurrencies that are not available on other available exchanges). Nothing will cripple a new cryptocurrency exchange faster than a successful cyber penetration, and the short history of cryptocurrency is rife with now-defunct exchanges that either went bankrupt and/or lost all user confidence after a cyberattack.
If your company is contemplating investing in a cryptocurrency exchange project, robust cybersecurity should be considered. This includes not only technical cybersecurity measures, but also robust cybersecurity policies, compliance and reporting mechanisms, and audit controls. Capable in-house expertise or outside firms can help you develop these procedures, and your company may want to secure this expertise well before your project launches.
When investing in a cryptocurrency blockchain project, develop cyber penetration response policies in advance.
As discussed above, most cryptocurrency hacks do not compromise the blockchain itself, but the exchanges where the transactions occur and the private keys are stored. These hacks can devastate the cryptocurrency market. But a cryptocurrency blockchain or platform can itself be compromised, and when this happens, having the right response procedures in place is critical.
An example of this was seen with Ethereuma blockchain-based smart contract system that used the cryptocurrency Ether to compensate the operators of the computational engine that powers the blockchain system and as a medium for the exchange of value for the performance of smart contracts. In 2016, an organization called the DAO developed a smart contract system built on the Ethereum platform designed to facilitate venture capital fund investment. Hackers exploited a flaw in that smart contract system, resulting in the theft of $50 million worth of Ether. A vote was held within the Ethereum community about how to respond to the hack, with a majority voting to do a hard fork of the Ethereum blockchain. Since the blockchain represents a history of all transactions since its inception, a hard fork is effectively a way to reverse time by erasing the history of the transactions on the blockchain system since the occurrence of the compromising event (hard forks can also be planned events so the rules and protocols governing the blockchain can be updated). This hard fork was extremely controversial within the Ethereum community because it resulted in the reversal of both legitimate and illegitimate transactions, and the value of Ether and confidence in the Ethereum platform temporarily suffered as a result.
One of the reasons the DAO hack was so disruptive to the Ethereum community was because of the debate that ensued within that community over how to respond to it. Thus, companies considering whether to invest in a cryptocurrency project should consider not only how to gird their projects against technical hacks, but also how to develop and disseminate response policies that would give users assurance that the cryptocurrency project would commit to a predictable, controlled course of action in response to various compromising events.
- Bank of England to consider adopting cryptocurrency - The Guardian - January 22nd, 2020
- Crypto Tidbits: Bitcoin Hits $9,000, Institutional Cryptocurrency Investment Spikes, NBA Team Uses Ethereum - newsBTC - January 22nd, 2020
- How Cybercriminals Are Converting Cryptocurrency to Cash - BankInfoSecurity.com - January 22nd, 2020
- UK offers $130K for software that can trace Bitcoin, Ethereum, and (hopefully) Monero - The Next Web - January 22nd, 2020
- Hackers have got their hands on $11 billion in stolen cryptocurrency since 2011 - SmartCompany.com.au - January 22nd, 2020
- Thailand launches probe into $2.46M cryptocurrency pyramid scam - The Next Web - January 22nd, 2020
- Moonday Mornings: Its 2020 and the OneCoin scam is still alive - The Next Web - January 22nd, 2020
- $140,600,000 in Bitcoin (BTC) Exits Cryptocurrency Exchange As Whale Moves $6,320,422 in XRP - The Daily Hodl - January 22nd, 2020
- Cryptocurrency No longer banned in India? - The Coin Republic - January 22nd, 2020
- Akons AKOIN Cryptocurrency City White Paper to be Live by February 2020 - The Cryptocurrency Analytics - January 22nd, 2020
- BTC/USD: Will 2020 Bring Clear Vision to the Oldest Cryptocurrency? - FXStreet - January 16th, 2020
- Cryptocurrency Market Update: Two-day recovery on the rocks as Bitcoin, Ethereum and Ripple trim gains - FXStreet - January 16th, 2020
- Cryptocurrency Market Update: Bitcoin bulls hit the pause button, altcoins follow the lead - FXStreet - January 16th, 2020
- Cryptocurrency billionaire funds SF-wide web of cameras to help fight crime - KRON4 - January 16th, 2020
- North Korea is Holding a Secretive Cryptocurrency Conference, and Experts Warn it's a Very Bad Idea to Attend - Newsweek - January 16th, 2020
- Ripple Price Analysis: XRP/USD capitalizes on the global cryptocurrency bulls' run - FXStreet - January 16th, 2020
- Bitcoin rises as cryptocurrency has its best January since 2012 - SiliconANGLE News - January 16th, 2020
- Cryptocurrency and Remittance: The Case of Mexico - Crypto Education - Altcoin Buzz - January 16th, 2020
- Ethereum (ETH) - Based Cryptocurrency Tested By The Reserve Bank of Australia as Payment Tool - U.Today - January 16th, 2020
- $1.4B in illicit Bitcoin was laundered via Binance and Huobi last year, report says - The Next Web - January 16th, 2020
- How to minimize the cryptocurrency tax burden this tax season - Canadian Lawyer Magazine - January 16th, 2020
- The future of cryptocurrency - Lexology - January 13th, 2020
- Analyst: Bitcoin Will Skyrocket to $100,000 in 24 Months and Theres Nothing You Can Do About It - CCN.com - January 13th, 2020
- Cryptocurrency Slowly Recovers as Buyers Fail to Emerge - Coin Idol - January 13th, 2020
- Cryptocurrency Has Earned Its Place as a Safe Haven - Investorplace.com - January 13th, 2020
- eToro CEO On Bitcoin Dominance in the Cryptocurrency Market - The Coin Republic - January 13th, 2020
- Moonday Mornings: Ethereum dev released on $1M bail over North Korea case - The Next Web - January 13th, 2020
- As Bitcoin Struggles, This Minor Cryptocurrency Is Up Almost 500% Over The Past 12 Months - Forbes - January 12th, 2020
- What to expect from cryptocurrency legislation in 2020 - Yahoo Finance - January 12th, 2020
- South Korea Moves Toward Institutional Acceptance of Cryptocurrency - Nasdaq - January 12th, 2020
- Cryptocurrency Market Cap May Surge 37%. But There's One 'If' - U.Today - January 12th, 2020
- Financial Services Agency to limit leverage in cryptocurrency margin trading to twice the deposits made by traders - The Japan Times - January 12th, 2020
- Naive IoT botnet wastes its time mining cryptocurrency - ZDNet - January 12th, 2020
- Directors of bogus Ugandan cryptocurrency startup charged after 4,000 investor complaints - The Next Web - January 12th, 2020
- Can digital gold Bitcoin ever be mined in India? - ETCIO.com - January 12th, 2020
- 321 Cryptocurrency Whales Control Staggering Amounts of Bitcoin, Ethereum And Litecoin - The Daily Hodl - January 12th, 2020
- Why the Worlds Most Used Cryptocurrency isnt Bitcoin - NewsLogical - January 12th, 2020
- South Korea Works to Bring Cryptocurrency Into the Mainstream - The Diplomat - January 5th, 2020
- Most Significant Hacks of 2019 New Record of Twelve in One Year - Cointelegraph - January 5th, 2020
- Why a Technical Analyst Believes Bitcoin Cash (BCH) Will Surge by 80% - newsBTC - January 5th, 2020
- Why Analysts Are Bullish On Cryptocurrency As Bitcoin Turns 11 - Ethereum World News - January 5th, 2020
- Bitcoin is on the Cusp of a Major Price Movement - Crypto Briefing - January 5th, 2020
- 7 Big Bitcoin and Cryptocurrency Predictions for 2020 - The Daily Hodl - January 5th, 2020
- China and Russia begin testing cryptocurrency - Born2Invest - January 5th, 2020
- Ethereum Foundation is an opaque Swiss foundation related to cryptocurrency - AMBCrypto - January 5th, 2020
- Cryptocurrency in Arab World: Clock is Ticking, But Pace is Slow - Finance Magnates - January 5th, 2020
- National Governments Around The Globe Look To Embrace Blockchain - Forbes - January 5th, 2020
- Chinas Dichotomy Between Cryptocurrency And Blockchain - Forbes - December 31st, 2019
- What Is a Cryptocurrency? We Need Clearer Definitions - Coindesk - December 31st, 2019
- Ian Balina, The Controversial Face Of Cryptocurrency - Nasdaq - December 31st, 2019
- Cryptocurrency This Week: YouTube Removes Crypto Videos; Russia Bomb Threats Over A Bitcoin Fraud And More - Inc42 Media - December 31st, 2019
- How To Really Help Free North Koreans Through Crypto - Forbes - December 31st, 2019
- The Dividing of Bitcoin to shake markets of cryptocurrency - Market Research Sheets - December 28th, 2019
- The $3 Bilion Bitcoin Dump Isnt Going to Happen - newsBTC - December 27th, 2019
- Googles YouTube Goes To War With Bitcoin And Crypto - Forbes - December 26th, 2019
- Top five cryptocurrency guides of 2019 - Yahoo Finance - December 26th, 2019
- Cryptocurrency is a tool for speculation not an investment - The Globe and Mail - December 26th, 2019
- Rakuten Wallet Will Allow Users to Convert Their Loyalty Points to Cryptocurrency - CryptoVibes - December 26th, 2019
- Top China Cryptocurrency and Blockchain Headlines of 2019 - Crowdfund Insider - December 26th, 2019
- How to Make Money with Cryptocurrency: Beginner's Guide 2019 - December 24th, 2019
- Cryptocurrency Market News - Bitcoin and Altcoins News - December 24th, 2019
- Cryptocurrency For Beginners - CryptoCurrency Facts - December 24th, 2019
- Crypto Legislation 2020: Analysis Of 21 Cryptocurrency And Blockchain Bills In Congress - Forbes - December 24th, 2019
- This Trader Sees No Value in Ripple and Its Cryptocurrency XRP - newsBTC - December 24th, 2019
- Why XRP Isnt Surging in Tandem With Rest of the Cryptocurrency Market - newsBTC - December 24th, 2019
- Hackers steal $480,000 worth of NULS cryptocurrency from its dev team - The Next Web - December 24th, 2019
- How VeChain Cryptocurrency Was Able to Track and Freeze $6.1M of Stolen Funds - newsBTC - December 24th, 2019
- This bizarre anime cryptocurrency is now ranked 12 in the world - Decrypt - December 24th, 2019
- Zimbabwe Could End Corruption With This Cryptocurrency Initiative - Bitcoinist - December 24th, 2019
- How will Bitcoin halving shake the cryptocurrency market in 2020? - FXStreet - December 24th, 2019
- How China's National Cryptocurrency Will Improve the Nation's Economy - Bitcoinist - December 24th, 2019
- Why This Developer of the Controversial HEX Cryptocurrency Accused of Scam Left - newsBTC - December 24th, 2019
- Could there be a halal cryptocurrency? - The Malaysian Reserve - December 24th, 2019
- Even 2019s Strongest Cryptocurrency is Unable to Escape the Bear Market - newsBTC - December 24th, 2019
- Why Analysts Across the Board Expect Bitcoin Price to Surge by 8% - newsBTC - December 24th, 2019
- Investors who lost $190m demand exhumation of cryptocurrency mogul - The Guardian - December 14th, 2019
- This little-known cryptocurrency is heading towards the top ten - Decrypt - December 14th, 2019
- Moonday Mornings: IRS readies to tax your cryptocurrency no matter what - The Next Web - December 14th, 2019
- $1.6B in Bitcoin bought during 2017s bull run hasnt moved - The Next Web - December 14th, 2019
- ING bank wants to give clients a compliant way to store cryptocurrency, report - The Next Web - December 14th, 2019