We’re more than half way through 2018 and two large cryptocurrency hacks have taken place; Coinrail was hacked in January and Bithumb at the end of June. The last article delved into general security when it comes to cryptocurrency, but today I want to talk about exchanges in particular.
Exchanges getting hacked is not something new, but Exchanges are adapting to this growing threat and becoming more secure. To understand a bit about the situation exchanges are in today I want to give a bit of history.
In 2014 Mt. Gox, an exchange website that was ranked the most popular in the world at the time, stopped all withdrawals from its site for maintenance and to figure out why delays in their service were occurring. The delays had been a problem, that had been widely complained about, leading up to the incident. What they found was that they, and their clients, had been the victim of a transaction malleability attack.
In summary: a transaction malleability attack is when a hacker is set to receive some coins, they would alter the sender’s signature and the transaction ID. The hacker would complain that they never received the money, and when the sender would check they would see their original transaction didn’t go through and send another. This method would give the hacker twice as much as the agreed upon value.
This attack, that took place over some years, resulted in the loss of over 400 million dollars and Mt. Gox filed for bankruptcy shortly thereafter. Wired.com wrote in an article in 2014 that an insider said “Mt. Gox was a messy combination of poor management, neglect, and raw inexperience.”
2018 Attacks
Coinrail in January was called the 90th biggest exchange platform. In June Coinrail announced it had suffered a hack. The hackers stole 40 million dollars worth of coins and Etherium. The cause of the attack has not yet been released, Coinrail only referred to it as a “Cyber intrusion.”
Coinrail responded to the attack by transferring 70 percent of its reserves to a cold wallet that could not be accessed through the internet. Coinrail also froze two thirds of the 30% that was not transferred. South Korean police are also investigating into the matter. Looking back to how Mt. Gox handled the situation, I feel I can safely say Coinrail responded to the crisis in a quicker manner, and were possibly able to prevent further losses.
In June of 2018, Bithumb was known as the 6th largest trading venue. At the end of june Bithumb announced it had suffered a hack, resulting in the loss of 31 million dollars. After talking about how well Coinrail responded, how was Bithumb’s crisis management? Bithumb went public saying that it would pay back all who were affected by the hack with its own reserves, but more impressively were its preventative measures. Bithumb spends 9 million dollars annually on security; as well as earlier that year Bithumb implemented a new security measure stating that 5% of its staff would be IT specialists, 5% of which would be specialized in information security and 7% of its total budget would go towards information security. These new regulations are called the 5.5.7 regulations.
As cryptocurrency is becoming more popular hackers are trying harder to attack exchanges and your money. However, exchanges are adapting and taking more counter measures to these attacks. Compare what happened with Mt. Gox to Coinrail or Bithumb. Security was in the forefront of Coinrail and Bithumb’s mind during crisis management. It is similar to when you put your money into a bank; you put trust in the bank to either protect your money, or be able to refund you if the attack cannot be prevented. The days for messy management are over so put some research into your exchange to know if they will protect your interests.