Cryptocurrency Has a Security Exchange Problem
It’s 2022, Russia has invaded Ukraine, the world is trepidatious about its future, and there’s talk about the Russian government using cryptocurrency to skirt sanctions. Meanwhile, crypto hacks keep happening and yield ever-growing hauls for the criminals targeting them.
Just this January, Crypto.com acknowledged that an attack on the company saw it lose more than $30 million in Bitcoin and Ethereum, marking one of the latest attacks in a long line of cryptocurrency exchange hacks.
Some of the biggest hacks include:
- Poly Network ($610 million) with an interesting story behind it.
- Coincheck ($532 million)
- MT Gox ($470 million)
- Wormhole ($326 million)
- KuCoin ($281 million)
- PancakeBunny ($200 million)
- Bitmart ($196 million)
This leads one to wonder why these hacks keep happening, and how can the security in self-proclaimed safe solutions be so bad? What do governments say about it? Is there a future for crypto? Well, let’s find out.
The prevalence of cryptocurrency
It is safe to say that cryptocurrency has gone mainstream in a sense that everyone knows about it (not so much as to what it is, really) and mainstream companies and industries are using it to accept payments.
Some of the first mainstream uses include paying for things like extra-secure VPNs that cater to customers who want to remain completely anonymous, or funding accounts in crypto casinos for faster transaction speeds.
However, it is not just online services that use it now. The Philippines’ Central Bank recently approved several crypto exchanges to open under a ‘remittance and transfer companies’ banner, while El Salvador, in a bid to deal with the high number of unbanked people and fiscal issues, straight up made Bitcoin legal tender.
People looking to send money across borders, especially workers in the diaspora sending money back home, prefer to use crypto more and more because of its convenience and low costs.
Barring a worldwide ban, which is unlikely, despite what governments and banking institutions say, cryptocurrency will continue on its current trajectory as an increasingly preferred form of currency.
Crypto security relies on who has access
Some of you may have guessed that the hacks have to do with lax security, which is certainly a big part of it. Blockchain, the ledger technology on which crypto is based, tends to be safe and secure because it is an immutable record of transactions that have taken place.
The problem with security comes in when we ask, ‘who is allowed to transact on the blockchain?’
The answer is ‘anyone with keys matching bitcoins in a specific address.’ So, when you have your keys with you, it is secure. One would need them to get inside the wallet.
However, you may have to hand over the keys for safekeeping in exchanges and with wallet service providers. At that point, you no longer have full control over your currency. If attackers breach the exchange or the wallet, they could get the password and steal the bitcoin.
But that’s not all; the keyholders could be careless with it or use a weak password, exposing them to potential hacks that may sweep up digital files they’ve saved – containing the keys.
How do the hacks happen?
Exchanges are susceptible to hacks because they frequently keep escrow accounts with currencies in so-called “hot wallets,” which are online (connected to the Internet). A “cold wallet,” which is not linked to the Internet and has the keys written down or memorized somewhere, is a more secure but time-consuming way to keep the money.
Criminals take the keys to hot wallets and steal funds using various devious methods, such as masquerading as a reputable business associate to place malware on an exchange employee’s workstation.
The problem with stealing bitcoin is that once it is gone, that’s it! The same things that keep a person secure and anonymous are the same things the hacker will use to get his way. Companies get hacked all the time, even ones with private data that one might think would be kept behind security measures few can breach.
So, if it’s said you can’t get your bitcoin back, how did that weird crypto couple get arrested at the start of 2022?
The weird crypto couple
We will not get into why the couple is weird, but rather talk about how they got caught.
As the story goes, a hacker made away with 119,754 bitcoins from an exchange called Bitfinex. At the time of the hack, the stolen bitcoin was worth about $71 million, but because of increasing bitcoin popularity and prices, the value rose to more than $5 billion.
Remember how we said that the ledger is immutable? This means that the transfers are recorded.
The hacker is anonymous and in control, so laundering that money is not easy. Launderers have to face the fact that the coins are traceable and leave a digital footprint.
The couple accused of the hack, Ilya Lichtenstein and Heather Morgan, seem to have known what it would take to realize financial gains from their hack.
The affidavit claims that the couple used techniques to move the bitcoin out of a wallet using small but complex transactions spread out over many accounts and platforms, like shuffling a deck of cards, to hide the trail.
However, some things had to go wrong for them to get caught.
How the couple got caught
Morgan and Lichtenstein are also accused of transferring funds to AlphaBay; a dark-web exchange shut down by authorities in 2017. On the dark web, anyone can purchase almost anything they want with cryptocurrency, which is aided by the fact that no one cares where your money came from.
However, it appears that the funds Morgan and Lichtenstein were attempting to launder were too large to be cashed out by purchasing goods. The stolen coins were simply channeled through AlphaBay.
The pair is said to have shifted their cash via a dark-web market and then into other coin exchanges, leaving them in the same situation as when they began: with a large amount of cryptocurrency they couldn’t use.
All these movements could be tracked, even though it wasn’t known who was making them. Law enforcement got lucky and managed to catch the couple because of their digital footprints.
For instance, to get access to the couple’s wallets, where most of the loot was stored, law enforcement had to get a search warrant to access Lichtenstein’s cloud storage account where they found a stored file containing a list of 2,000 virtual currency addresses and their keys.
They also found a connection to AlphaBay from the servers seized in 2017 by the FBI.
Some governments have feelings about crypto
While some governments embrace or are not so openly concerned about crypto and its legal status and use, others, with a lot of influence, don’t have many nice things to say about it.
In February, India’s Central Bank said that cryptocurrency is akin to a Ponzi scheme and suggested it should be banned outright. The sharpest criticism came on the heels of a proposal to tax digital assets, paving the way to consider it legal tender.
In the European Union, the European Bank has taken an approach familiar to many: making their fears about security, which has seen progress on a controlled digital currency that would be centralized, to stop big tech from becoming big tech banks.
It is hard to predict the tone that any legislation or regulation will take. But back to our main topic about security exchanges and their security issues, what can you, as a crypto holder or potential holder, do to stay safe?
Even though the blockchain and its related technologies and security keep advancing, criminals are not asleep at the wheel either. They continue to innovate and develop new ways to break into wallets.
However, there is a way to stay completely safe with minimal risk – the above-mentioned cold storage, which refers to wallets that are not connected to the internet. If they are not connected, they cannot be attacked. The coins are stored in a physical wallet that looks and acts like a USB drive of sorts.
Because of how often wallets get attacked, it is recommended to not keep any digital currency holdings in crypto exchanges. Maybe someday, exchanges can get their act together and find a way to be invulnerable. Until then, you risk being a victim of crypto thieves.
Taking safety seriously, especially now, is paramount for cryptocurrency holders. Savvy crypto holders recommend moving all holdings to a cold wallet when a transaction is complete.
Even then, you have to trust the crypto exchange you use. Since there is no way to know if any claims made are true, rely on public forums’ reviews or on reviewers experienced in cryptocurrency matters.
At the end of it all, it comes down to due diligence and embracing cold storage as much as possible. Even the so-called safe exchanges are not so safe and should always be treated with a healthy dose of skepticism.