Without exchanges, the crypto world would grind to a halt. Exchanges allow users to change fiat currency into widely used coins such as Bitcoin or Ethereum and a wide variety of altcoins. Given their importance, it’s no wonder that exchanges are frequently targets of hacking attacks. Many of these incidents irrevocably altered the crypto community.
Moreover, there’s evidence that things are getting worse – a recent analysis from howmuch.net concluded that crypto hacks are increasing in frequency and volume over time, with over $70 million stolen during June alone.
Does this mean crypto users should stay away from exchanges? Realistically, they can’t, and exchanges allow users to access some of the blockchain world’s most powerful tools. Here are some of the most important exchange hacks in crypto history, and a primer on how to protect yourself:
Early Bitcoin users often embraced cryptocurrency because they shared its communities’ values, such as privacy and personal independence. Allinvain often acknowledged as the world’ first blockchain theft, proved that not every member of the crypto world is community-oriented. BitcoinTalk user allinvain posted on June 13, 2011, that his wallet had been hacked and 25,000 Bitcoin were missing. Allinvain wasn’t an exchange hack, but it served as an (often ignored) warning to exchange operators and blockchain users about how cryptocurrency, often acclaimed for its security, could be stolen just like cash.
The infamous Mt. Gox hack began surreptitiously in 2011 and was disclosed to the public in 2014. Its legal implications are still unfolding today. Mt. Gox processed most Bitcoin transactions in the world until February 2014, when the exchange abruptly halted trades. About 850,000 Bitcoin, worth $460 million then and over $5 billion today, had been lost from the exchange over multiple years, forcing it to declare bankruptcy.
CoinCheck holds the dubious title of the largest exchange theft to date. This Japanese exchange discovered that $534 million in NEM coins had disappeared from an exchange wallet on January 26, 2018. Revelations that the target wallet was a simple “hot” wallet rather than a multi-signature one that would need sign-offs from multiple leaders in the exchange before transferring funds led to accusations of lax security standards and punitive crackdowns from the Japanese government.
The Binance attack failed, but it’s one of the most recent incidents reflecting the danger of phishing in the crypto community. Binance’s attackers harvested login credentials through a carefully designed fake site that reportedly showed up first in Google searches for “Binance” thanks to paid ad results. The phony site used diacritical marks, which normally indicate pronunciation attributes but can be used by phishers to create legitimate-looking URLs to trick users into sharing their credentials. Hackers attempted to manipulate the price of altcoin VIA for profit, but Binance’s automatic risk detection system was able to halt the attack and reverse irregular trades.
How to Protect Yourself
Type In URLs
The Binance attackers, like many other phishers, took the time to ensure that their fake website appeared real. In addition to faking the real Binance’s URL and appearance, they obtained an SSL certificate, so their sites appeared secure in browsers. Some diacritical marks, as well, can be virtually invisible. Many crypto leaders advise typing in the URL to your exchange every time you want to access it (or accessing a bookmark). Clicking on links in emails, forums, or even search results could lead you to imperceptibly different fake websites.
Use Anti-Phishing Wallet Software
Unfortunately, in some phishing attacks the legitimate site, exchange, or company itself has been compromised. Would-be token purchasers of the recent EOS ICO received emails from the company’s actual help desk, which had been compromised by hackers. Members of a confidential investor list for the Bee Token ICO received legitimate-looking emails that asked them to buy tokens through an address that turned out to be fake.
Anti-phishing wallet software Coral adds an extra layer of security to blockchain transactions that can kick in even when the provider is compromised. When Coral users enter an address to initiate a transfer through a wallet or an exchange, Coral automatically displays a trust score reflecting the wallet’s associations with fraudulent or trustworthy activity. Even if phishers get users to the point of considering a transaction, programs such as Coral can stop the scam.
Invest in a Hardware Wallet
Most funds stolen from exchanges were kept in online wallets. Hardware wallets, on the other hand, are physical storage drives designed for holding private blockchain keys. Though they are widely acknowledged as the most secure storage option possible, they also require users to physically plug in the wallet to access funds, rendering them inconvenient for day-to-day trading and payments. Many crypto users keep the bulk of their funds in a hardware wallet and withdraw or deposit small amounts regularly from a more convenient exchange or mobile wallet.
The blockchain world has great promise, but it’s also experienced its fair share of growing pains over the past few years–and some of those growing pains have seen exchange hacks. It’s likely that as the blockchain world continues to evolve, exchanges will become safe tools for new adopters. Until that transition completes, however, it’s essential to protect yourself.