As well as a raft of other high profile thefts of cryptocurrencies in the last few years, hackers recently stole $40 million worth of bitcoin from Binance, one of the largest cryptocurrency exchanges in the world.
Binance announced that hackers were able to withdraw about 7,000 bitcoin through a single transaction, amounting to $40 million. Hackers employed various methods, including phishing and viruses, in what the company described as a “large scale security breach.”
Withdrawals and deposits on the platform have since been suspended. Fortunately for customers, the company will use its emergency insurance fund, so customers won’t personally incur any losses.
Bitcoin and other cryptocurrencies have proven a prime target for hackers despite their characterisation by proponents as super safe and impregnable. One of the biggest such cases was Mt. Gox, which collapsed in 2014 after losing $460 million, to hackers.
According to the Wall Street Journal, more than $1.7 billion in cryptocurrency has been stolen over the years, most of which has come from exchanges and been centred around Asia.
The Binance heist, like the previous exchange hacks, should serve as a warning to cryptocurrency investors: Your money might not be as safe as you think it is.
“It’s like robbing a bank, except you can do it from a thousand miles away, from the comfort of your home, and the money you get is virtually untraceable and you can disguise it by laundering it through multiple wallets in a matter of minutes,” said Robert Long, an attorney at Greenberg Traurig and former federal prosecutor.
According to a statement from Binance, hackers obtained user API keys, two-factor authentication codes, and other information to execute their plan and withdraw 7,000 bitcoin in a single transaction.
The hack impacted Binance’s so-called “hot wallet,” which is basically storage that connects to the internet and is used for liquidity so bitcoin can be exchanged. According to Binance, just 2 percent of its total bitcoin holdings were in its hot wallet.
The rest was presumably in “cold storage,” meaning bitcoin kept offline. Had Binance kept more of its bitcoin in its hot wallet, the hack could have been much worse.
What makes exchanges so hackable
Talking about bitcoin’s security is a two-pronged discussion: one is the technology itself, and the other is how it’s transferred and stored.
Blockchain, the ledger technology upon which bitcoin is based, is very safe and secure. It’s an “immutable or almost immutable record of who has transferred bitcoins to who,” explains Peter van Valkenburgh, research director at public policy advocacy group Coin Center.
“The problem of security is who’s allowed to make transactions on the blockchain? The answer is anyone who has the keys that match bitcoins in a particular address.”
If you have your own “keys” – a set of letters and numbers corresponding to your bitcoin – then it’s secure. But once you hand them over to someone else, such as an exchange or wallet, for storage, then it’s up to that organisation’s cybersecurity systems and practices to keep the currency safe.
The thing with bitcoin is that once it’s gone, it’s gone. You no longer have the key, someone else does. That same fundamental security of the blockchain that you took advantage of, the hacker now does, too.
“If an exchange has a vulnerability in their security system and a hacker’s going to exploit and retrieve that value, which is immutable and totally secure at a fundamental level, and move it from the exchange’s wallet to their wallet, then they now take possession of its coin,” explains Jeremy Gardner, a cryptocurrency entrepreneur and managing partner at the investment firm Ausum Ventures. “This is a feature in bitcoin, not a bug. You can’t get you bitcoin back.”
“These types of currencies are unbelievably attractive to a thief or a hacker because of the anonymous nature of it,” continues John Sedunov, a professor of finance at Villanova University. “There’s more of an appeal, because if I go rob a bank, I’m on camera, etc. If I steal a bitcoin from an exchange, I have a string of random letters and numbers attached to me, and nobody is going to figure out who I am.”
Unlike stock exchanges, which facilitate trading but don’t actually hold securities on behalf of investors, many cryptocurrency exchanges charge fees for trading and store currencies for their customers.
Analysts say that makes cryptocurrency exchanges prime targets. Thieves that manage to break in can do something akin to robbing a bank – getting hold of valuable cryptocurrencies that they can cash out of.
The post If cryptocurrencies are so safe – why do they keep getting hacked? appeared first on Payments Cards & Mobile.