On November 5, 2019, Vietnam-based cryptocurrency exchange VinDAX was hacked, losing half a million U.S. dollars worth of funds spread across 23 different cryptocurrencies. The VinDAX hack marks the latest in a series of cryptocurrency exchange hacks and data breaches that have taken place this year, and is part of a larger and growing trend of digital currency heists that have occurred since Bitcoin, the first cryptocurrency, was introduced in 2008. In July of this year, Japan-based cryptocurrency exchange Bitpoint was also hacked, losing about $32 million in cryptocurrency, and earlier this year, hackers stole $16 million worth of cryptocurrency from New Zealand-based Cryptopia. Losses from cryptocurrency hacks this year alone are reported to have totaled around $1.39 billion worth of assets.
Cryptocurrencies are built on a technology called blockchain a distributed ledger technology in which transactions are recorded across a network of peer-to-peer computers. Since the most well-known cryptocurrency, Bitcoin, together with the underlying blockchain technology, was developed by one or more developers using the pseudonym Satoshi Nakamoto and published in a white paper in 2008, blockchain has been praised for its intrinsic security, as well as qualities that allow cryptocurrency holders to remain largely anonymous. But the same features that have made blockchain an innovative financial technology also make cryptocurrencies an attractive target for theft; once stolen, the nature of blockchain technology makes it extremely difficult to trace the culprits and track down the stolen assets.
Cryptocurrencies generally are based upon a system that uses a public digital key, which is used for identification (similar to a bank account number), and a private digital key (similar to a personal identification number to access that account), which is used for encryption and authentication. The other component of the system is the wallet, which stores cryptocurrencies. Each wallet has a unique address, which is used for sending and receiving funds. A user starts with an address, which in turn generates a private key and a public key using an algorithm; the private key grants the user ownership of the funds at a specified address. When sending funds, the system software identifies the transaction with the private key (without disclosing it), which validates for the benefit of all on the relevant network the authority of the user to transfer the funds from its address (which it does by generating a unique digital signature for every transaction a user undertakes). The public key, which is the public address for the wallet (in effect the address is a representation of the public key) and is intended to be shared, is derived from the private key (that is, the private key generates the public key). At the heart of the cryptography system is the one-way aspect of these components: the public key cannot be derived from the address, and the private key cannot be derived from the public key.
Experts say that one of the safest ways to store cryptocurrency is by using what is known as a hardware wallet. This is an off-line device like a thumb drive, in which a users private keys are stored. These devices often require passwords, backed by sophisticated encryption systems, and multi-factor authentication procedures in order to gain access to the private keys stored on them. (These devices do not store cryptocurrency assets themselves, but rather the private keys associated with the cryptocurrency assets in the blockchain system.) The problem with this system is that it is cumbersome. Accessing funds requires having the hardware wallet on-hand, and then engaging in a lengthy process of opening up the hardware wallet and gaining access to the private keys stored in the wallet. This can make it hard to respond quickly to the highly volatile cryptocurrency marketplace.
The solution to which many resort is keeping their funds on the exchanges they use to buy and sell cryptocurrency (examples include Coinbase, Bittrex and CEX.io). However, since the cryptocurrencies themselves are not actually on the exchanges, what this technically means is that the users are storing their private keys on the exchange. The exchanges therefore act as warehouses of private keys associated with hundreds of millions, and often billions, of dollars in cryptocurrency assets. Not surprisingly given the concentration risk, these exchanges have increasingly become a favorite target for high-value hacks.
Cryptocurrency hacks not only result in significant loss of personal holdings; they also create wild fluctuations in cryptocurrency markets. After a $37 million hack of the Korean exchange Coinrail in 2018, Bitcoin (the first, and most popular cryptocurrency) lost approximately 11% of its market value. A similar drop occurred after hackers stole 120,000 Bitcoins from Hong Kong-based exchange Bitfinex in 2016.
In light of the increasing number of cryptocurrency exchange hacks in recent years, companies that invest in cryptocurrency projects or have significant holdings in cryptocurrencies should keep the following in mind:
What should companies with significant holdings in cryptocurrencies be considering?
Companies considering investing in cryptocurrencies may want to undertake a thorough due diligence analysis of the cybersecurity measures, response protocols, and access controls for their preferred method of storing their private keys, whether that method involves using an exchange, a hardware wallet, or some other method.
Companies may also want to engage outside counsel or retain in-house expertise to advise them as to their legal obligations for how they store their private keys. For example, companies may need to determine whether applicable SEC laws and regulations require the use of a qualified custodian for holding private keys, as well as their obligations for instituting specific controls and response procedures for protecting against the loss of clients assets.
Use offline or hardware wallets
As discussed above, there are few safer ways to secure cryptocurrency assets than using a hardware wallet for maintaining private keys. While these hardware wallets are commercially available, large investors may consider instead engaging computer engineers that can build custom hardware wallets. Similarly, as discussed above, companies may want to consider engaging a reputable, insured, qualified cryptocurrency custodian service for storing private keys.
What should companies that are investing in cryptocurrency businesses be considering?
When investing in a cryptocurrency exchange project, invest heavily in cybersecurity.
Cryptocurrency users have many exchange options, and they tend to be fairly discriminating about which they choose to use based on the exchanges reputations for cybersecurity and history of cyber penetrations. A new cryptocurrency exchange will need to earn a reputation for integrity and cybersecurity in order to attract users (unless, as is sometimes the case, the exchange offers certain desirable cryptocurrencies that are not available on other available exchanges). Nothing will cripple a new cryptocurrency exchange faster than a successful cyber penetration, and the short history of cryptocurrency is rife with now-defunct exchanges that either went bankrupt and/or lost all user confidence after a cyberattack.
If your company is contemplating investing in a cryptocurrency exchange project, robust cybersecurity should be considered. This includes not only technical cybersecurity measures, but also robust cybersecurity policies, compliance and reporting mechanisms, and audit controls. Capable in-house expertise or outside firms can help you develop these procedures, and your company may want to secure this expertise well before your project launches.
When investing in a cryptocurrency blockchain project, develop cyber penetration response policies in advance.
As discussed above, most cryptocurrency hacks do not compromise the blockchain itself, but the exchanges where the transactions occur and the private keys are stored. These hacks can devastate the cryptocurrency market. But a cryptocurrency blockchain or platform can itself be compromised, and when this happens, having the right response procedures in place is critical.
An example of this was seen with Ethereuma blockchain-based smart contract system that used the cryptocurrency Ether to compensate the operators of the computational engine that powers the blockchain system and as a medium for the exchange of value for the performance of smart contracts. In 2016, an organization called the DAO developed a smart contract system built on the Ethereum platform designed to facilitate venture capital fund investment. Hackers exploited a flaw in that smart contract system, resulting in the theft of $50 million worth of Ether. A vote was held within the Ethereum community about how to respond to the hack, with a majority voting to do a hard fork of the Ethereum blockchain. Since the blockchain represents a history of all transactions since its inception, a hard fork is effectively a way to reverse time by erasing the history of the transactions on the blockchain system since the occurrence of the compromising event (hard forks can also be planned events so the rules and protocols governing the blockchain can be updated). This hard fork was extremely controversial within the Ethereum community because it resulted in the reversal of both legitimate and illegitimate transactions, and the value of Ether and confidence in the Ethereum platform temporarily suffered as a result.
One of the reasons the DAO hack was so disruptive to the Ethereum community was because of the debate that ensued within that community over how to respond to it. Thus, companies considering whether to invest in a cryptocurrency project should consider not only how to gird their projects against technical hacks, but also how to develop and disseminate response policies that would give users assurance that the cryptocurrency project would commit to a predictable, controlled course of action in response to various compromising events.
- Cryptocurrency Mining Profitability in 2020: Is It Possible? - Cointelegraph - August 10th, 2020
- Flaws Could Have Exposed Cryptocurrency Exchanges to Hackers - WIRED - August 10th, 2020
- Cryptocurrency Cards: An Unnecessary Solution That Should Be Stopped - Cointelegraph - August 10th, 2020
- Wall Street Revealed To Be Edging Out Bitcoin Traders With $1 Million+ Transactions - Forbes - August 10th, 2020
- Cryptocurrency This Week: India Could Ban Virtual Currencies & More - Inc42 Media - August 10th, 2020
- US Congressmen Want IRS to Balance Taxation and Innovation in the Cryptocurrency Space | Taxes - Bitcoin News - August 10th, 2020
- Will This Quantum Computing Breakthrough Save Bitcoin and Cryptocurrency? - The Daily Hodl - August 10th, 2020
- Cryptocurrency Market Update: Bitcoin, Ripple and Ethereum begin consolidating - FXStreet - August 10th, 2020
- Cryptocurrency: The Currency of the Future - Techtree.com - August 10th, 2020
- Weiss Ratings Places Ethereum Ahead of Bitcoin As Top Cryptocurrency, Says Cardano Has the Best Technology - The Daily Hodl - August 10th, 2020
- Bitcoin surges past 8,400 as investors look for 'safe haven' - The Telegraph - July 29th, 2020
- Blockchain and how it can change construction - Geospatial World - July 29th, 2020
- CEO of Toronto-based cryptocurrency exchange Coinsquare resigns after regulatory probe - CBC.ca - July 29th, 2020
- 2020 will have publicly-traded cryptocurrency firms Barry Silbert - FXStreet - July 29th, 2020
- Chainalysis Introduces New Website, Market Intel, which gives Digital Asset Managers and Regulators Access to Meaningful Insight about Crypto Activity... - July 29th, 2020
- Why it is time to invest in Ethereum - Nairametrics - July 29th, 2020
- Cryptocurrency firm KuCoin 'shocked' by Twitter hacking - The National - July 19th, 2020
- Samsung Added Support for Stellar (XLM) Cryptocurrency to its Blockchain Keystore, Allows Millions of Users to Access the Digital Asset - Crowdfund... - July 19th, 2020
- $30 billion worth of BTCs disappears forever - Nairametrics - July 19th, 2020
- Popular singer, Akon and other leading experts speak on Africa's Crypto - Nairametrics - July 19th, 2020
- Revolut partners with Paxos to bring cryptocurrency trading to the US - TechCrunch - July 17th, 2020
- Paypal Developing Cryptocurrency Capabilities, Letter to European Commission Confirms | News - Bitcoin News - July 17th, 2020
- Apple, Biden, Musk and other high-profile Twitter accounts hacked in crypto scam - TechCrunch - July 17th, 2020
- TCS is ready to mine the new crypto economy, snatches early-mover advantage with Quartz - Economic Times - July 17th, 2020
- These Two Cryptocurrency Marks For In Which Way The Bitcoin Is Headed - Inventiva - July 17th, 2020
- US Embassy in BD launches webinar series on dark web and cryptocurrency - The Financial Express - July 17th, 2020
- Impact of Covid-19 on Cryptocurrency 2020-2027 with Focusing Key players like Nvidia, Xilinx, Intel, Advanced Micro Devices, Bitfury Group, etc - Cole... - July 17th, 2020
- Revolut launches cryptocurrency trading in US - ThePaypers - The Paypers - July 17th, 2020
- Brave New Coin to Develop Cryptocurrency Indices that Toronto Futures Options Swaps Exchange will Use for Cash-Settled Options Trading - Crowdfund... - July 17th, 2020
- Binance Pool Partners with BitRiver - Finance Magnates - July 17th, 2020
- ESET Discovers Trojanized Mac Cryptocurrency App Collecting Wallets and Screenshots - IT News Online - July 17th, 2020
- Cryptocurrency Mining Hardware Market (COVID 19 Updated) Climbs on Positive Outlook of Excellent Growth by 2027- Advanced Micro Devices, Baikal... - July 17th, 2020
- New York Appellate Court Confirms Attorney Generals Broad Investigative Powers into the Cryptocurrency Industry - JD Supra - July 17th, 2020
- Cryptocurrency Market with COVID 19 Impact-Global Industry Report, Size, Demand, Revenue, Top Manufacturers, and Forecast to 2026 - Cole of Duty - July 17th, 2020
- Global Cryptocurrency Mining Software Market Projected to Reach USD XX.XX billion by 2024 : Genesis Mining, NiceHash, Awesome Miner, MinerGate,... - July 17th, 2020
- Chainlink (LINK) Becomes the Tesla of Cryptocurrency Whats Next? - Cointelegraph - July 14th, 2020
- As Bitcoin Struggles, This Minor Cryptocurrency Has Soared 1,000% In Just Over 12 Months - Forbes - July 14th, 2020
- Brave New Coin Signs Multi-Year Deal To Power Cryptocurrency Options Trading On Toronto Futures - Scoop.co.nz - July 14th, 2020
- Latest News On The Cryptocurrency Market | Intel, CoinBase, BitGo, and Binance - Jewish Life News - July 14th, 2020
- Akon sets out vision for his cryptocurrency and Akon City - Decrypt - July 14th, 2020
- Bank of England eyes groundbreaking new currency as key part of Britains future - Express - July 14th, 2020
- Bitcoin Exchanges And The Cryptocurrency World Was Just Rocked - JD Supra - July 11th, 2020
- New York Court Approves Investigation Into $10 Billion Cryptocurrency Created By A Presidential Candidate - Forbes - July 11th, 2020
- Huobi Global Provides Insight on What Is Driving the Institutional Interest in Cryptocurrency Investment - PRNewswire - July 11th, 2020
- What Challenges Affect the Cost of Running a Cryptocurrency Exchange - Cointelegraph - July 11th, 2020
- Cryptocurrency And Blockchain Technology Market size Reap Excessive Revenues size COVID-19 2022 - Kentucky Journal 24 - July 11th, 2020
- Fast Pace of Cryptocurrency Adoption in Latin America May be due to Dramatic Rise in Smartphone Users, Bitso Executive Reveals - Crowdfund Insider - July 11th, 2020
- NetCents teams up with crypto fintech company to utilize US$1.4 billion credit facility - Proactive Investors USA & Canada - July 11th, 2020
- Explainer: What is 'LBCOIN,' the new Lithuanian state-backed cryptocurrency? - Euronews - July 9th, 2020
- Cryptocurrency News Update: XRP and ADA on fire, BTC lags behind - FXStreet - July 9th, 2020
- Kaspersky Fraud Prevention helps Indacoin halt fraudulent operations with cryptocurrency - CRN.in - July 9th, 2020
- Cardano Becomes 6th Largest Cryptocurrency As Charles Hoskinson Pushes for Unity in Emerging Blockchain Industry - The Daily Hodl - July 9th, 2020
- There are now 13173 BTC millionaires around the world - Nairametrics - July 9th, 2020
- Cryptocurrency as an alternative during times of inflation - ITProPortal - July 8th, 2020
- The lawfulness of cryptocurrency mining in Bulgaria - Lexology - July 8th, 2020
- Cryptocurrency-Focused Docuseries Airs to Millions of Viewers via the Discovery Science Channel - Bitcoin News - July 8th, 2020
- Cryptocurrency Market News: Twitter users can send Bitcoin and crypto to each other thanks to a new service - FXStreet - July 8th, 2020
- What are Cryptocurrency Signals and their role in trading - TechGenyz - July 8th, 2020
- Cryptocurrency Market Update: Cardano to the moon as Bitcoin, Ethereum and Ripple stall - FXStreet - July 8th, 2020
- Latest News On The Cryptocurrency Market | Intel, CoinBase, BitGo, and Binance - Owned - July 8th, 2020
- New Token Listing Alert: Levolution's LEVL Token is Officially Live on Changelly - PRNewswire - July 8th, 2020
- The Profitability of Cryptocurrency Bitcoin Now and in the Future - Chiang Rai Times - July 8th, 2020
- Cryptocurrency Cardano increased by 15% - The Times Hub - July 8th, 2020
- Cryptocurrency Cardano grew by 10% - The Times Hub - July 8th, 2020
- Cryptocurrency trading vs. forex: The similarities and differences - AZ Big Media - June 25th, 2020
- Financial Inclusion, Cryptocurrency and the Developing World - Cointelegraph - June 25th, 2020
- Phishing and cryptocurrency scams squashed as one million emails are reported to new anti-scam hotline - ZDNet - June 25th, 2020
- 83% of BTCs addresses are smiling to the Bank - Nairametrics - June 25th, 2020
- Protesters Around The World Are Putting Their Hopes Into Cryptocurrency - Forbes - June 25th, 2020
- The Benefits of Cryptocurrency Trading Crypto Benzinga - Benzinga - June 25th, 2020
- Miners Are Sending Bitcoins to Exchanges Again and That May Be Bearish - CoinDesk - CoinDesk - June 25th, 2020
- Akon City: $6 Billion Cryptocurrency City Set to Begin Construction | News - Bitcoin News - June 25th, 2020
- UNICEF Cryptocurrency Fund announces its largest investment of startups in developing and emerging economies - UNICEF - June 25th, 2020
- NetCents Technology paves the way for mainstream cryptocurrency adoption by offering daily settlements to merchants - Proactive Investors USA &... - June 25th, 2020
- Cryptocurrency Market Share Analysis and Research Report by 2025 - CueReport - June 25th, 2020
- From Ethereum to Stellar, to Solana: Cryptocurrency Kin Confirms Blockchain Migration - CoinDesk - June 25th, 2020
- Jim Rogers Discusses Bitcoin as Money and Why Governments Will Stop Crypto | News - Bitcoin News - June 25th, 2020
- Latest News On The Cryptocurrency Market | Bitmain, NVIDIA, Xilinx, Intel, Advanced Micro Devices, Ripple, Bitfury, Ethereum Foundation, CoinBase,... - June 25th, 2020
- EY Launches First-Of-Its-Kind Cryptocurrency Reporting App - PRNewswire - June 25th, 2020
- Cryptocurrency: Redefining the Future of Finance - Visual Capitalist - June 16th, 2020