Even though cryptocurrencies are secure, crypto exchanges are where hackers target to loot millions of dollars. No matter how big a cryptocurrency is with the hacks we have seen so far, the exchanges will inevitably be subject to hacks at some point in time. Even though it is 2020, almost ten years since the advent of bitcoin, the hacks have never been slowed down. This is why it is always advisable for the crypto investors to hold their assets in their personal wallets instead of storing them with the crypto exchange itself.
Let us look at some of the high-profile cryptocurrency hacks so far:
Mt.Gox, a Japan-based cryptocurrency stock exchange, was the biggest and busiest of exchanges, with 70% of bitcoin transactions from all over the world was going in the platform back then in 2013-14. With cryptocurrency or cryptocurrency exchanges, there were no regulations. There were many loopholes in the company’s management, like there was no VCS, Version Control Software. The VCS mainly stores all the information of all the features, coding set up of a particular version of the software product.
Without proper VCS, we will not know what changes were made when and it would be practically impossible to go back to a particular version of the software if necessary. All the code changes were to be approved by the CEO himself, which is the biggest bottleneck. There was no testing policy; the developers develop code and deploy it without any particular testing, which is a disaster. All these underlying issues led to a massive hack amounting to $473 million worth of bitcoin in 2014, which eventually led to the closure of the exchange permanently.
The DAO Hack
Before the 2019 Hack of Ethereum classic, DAO hack was the major one in the Ethereum platform. DAO, Decentralized Autonomous Organization, is a smart contract that was supposed to revolutionize the platform. The DAO acts as a decentralized venture capital fund for all the future DAPPS getting developed in the platform. Anyone can buy DAO for some ether and gain voting rights for any proposed app developed in the platform.
If one doesn’t wish to vote any further or doesn’t want to contribute to an app they are not interested in, they can opt-out of DAO. The opting-out part is where the hackers aimed and hacked 50 million dollars in 2016. The opting-out function has been made recursive by hackers. Hence instead of returning the funds once, the system kept returning the funds until it was noticed and stopped. Due to this issue, Ethereum was hard forked into Ethereum and Ethereum Classic.
The Bitfinex Hack
The Bitfinex exchange for increasing the security and ease the transactions for the users came up with multi-sig wallets with the collaboration of Bitgo. Multi-signature wallets are such wallets that have multiple keys. One key is owned and stored by the company. While the owner of the wallet has two keys, he may give one key to his trustworthy friend/relative, so that even he loses his key, he has a backup. Generally, the multi-signature wallets need two keys to operate.
These wallets are hot, and this additional security feature ironically led to the hack. However, there are many theories on how and why the hack happened. Bitfinex rose to limelight and gained the credibility back. $72 million worth of bitcoin was hacked due to which 20% of the value of each bitcoin was eroded.
Later we saw many hacks in different exchanges like Bithumb where $30 million worth of cryptocurrency was stolen. Coinrail was hacked for $37.2 million, BitGrail for $195 million, and Coincheck for $534 million.
While cryptocurrencies are no doubt safe, but one has to do their homework on the exchanges, they are transacting. Always store your cryptocurrency in your own hot/cold wallets. Crypto exchanges will always be targeted if they are doing business for very high value. They should voluntarily show the security measures they are taking to avoid any potential hack. No matter which cryptocurrencies one is trading with, due diligence on the exchange is first and foremost.