A look at the fragile environment that is centralised exchanges and the fall out left when they fail due to hacks, fraud or theft.
There is a common saying 'live and learn' meaning that experiences of the past are the best teachers for adapting behaviour in the future; it is the experiences that we live through first hand that will allow us to adjust our course in the future.
It is an important saying that has profound meaning in the world of crypto currencies although even with the amount of exchanges we have seen go under in the past it is still a hard pill to swallow; Traders gotta trades, enthusiasts need to means of getting hold of the latest shiny coin or share. Exchanges no doubt preform a valuable service; a service which is slowly being replaced by models that require less trust; models that allow you to retain ownership of your assets such as Bitshares or instant exchange services like Blocktrades and Shapeshift which do not retain your funds.
Which ever method you prefer, be it Centralized, Decentralized or instant my favorite saying in the whole crypto currencies space is "If you don't own the private keys, you don't own the bitcoins." and if your not considering the implications of that statement already its time to check your behaviour and think about how much counter party risk you are exposed too.
I will admit, i do use centralized exchanges.. if i did not i would have 20+ wallets installed on my computer which consumes a lot of space but would also expose me to a lot of risk in relation to malicious wallet (Lucky7coin for instance). While i try to diversify my holding of digital currencies i also attempt to diversify risk on platforms used to hold these assets, for example i hold assets in local wallets installed on different computers, web wallets, centralized exchanges, decentralized exchanges, hardware wallets and paper.
I have been lucky enough to only be scammed twice and only for small amounts of BTC, my first experience with a scammer was BTCARBS.com (no defunct); BTCARBS was a web service that you would deposit funds and which they would apparently use to arb trade exchanges and provide a nice daily profit to you account, i nearly made it out with my profits but after a few days of contacting support asking about my pending withdrawal it became apparent that something was a miss.
My other scam was completely my fault when i mistyped a URL for a popular bitcoin mixing service and sent my value to a very good clone website. needless to say i'm not getting that back anytime soon... live and learn :)
Top 5 Hack's, Theft's and Collapses of Crypto currency exchanges.
#1 Mt. Gox Collapse
Metric | Value |
---|---|
Date | Feb 2014 |
Estimate Amount Lost | 850,000 BTC |
Estimate Amount Lost USD | $700 Million |
Estimate Amount Lost USD Today | $493 Million |
Mt. Gox was one of the initial players in the bitcoin space and was previously an exchange for Magic: The Gathering; from which it got its name "Magic The Gathering Online Exchange".
Mt.Gox was a pivotal point in purchasing bitcoins for many years and in Feburary of 2014 announced that they had lost 850,000 BTC of customer funds. as far as i am aware the exact nature of how this went missing is still being investigated.
The Collapse of Mt.Gox also induced the collapse of Cyprus-based Neo & Bee which suffered losses and subsequently shutdown.
#2 BitFinex
Metric | Value |
---|---|
Date | 2nd Aug 2016 |
Estimate Amount Lost | 119,756 BTC |
Estimate Amount Lost USD | $68 Million |
Estimate Amount Lost USD Today | $68 Million |
Bitfinex a major Bitcoin exchange suffered a devastating blow which seen nearly 120,000 BTC wiped off their books with an estimated value of $60 Million USD, the loss is being attributed to hacker/s. The impact of the news caused Bitcoin short term price to drop 20% in the hours following the announcement.
Bitfinex is an interesting case as they have socialised the losses between their customers by reducing their customers balances by 36.067% and issuing them with debt token "BFX". BFX is to represent the losses consumed by customers and to be bought back by Bitfinex in the future to make the customers 'whole'.
Ironically Bitfinex's effort to be transparent with their holdings of customer funds and elimination of cold storage in lieu of multisig protection via BitGo; it is this lack of cold storage that allowed the hacker to bank such a hefty amount of coins.
#3 Bitcoinica
Metric | Value |
---|---|
Date | May and July 2012 |
Estimate Amount Lost | 58,000 BTC |
Estimate Amount Lost USD | $406,000 |
Estimate Amount Lost USD Today | $33.5 Million |
Bitcoinica was an exchange allowing Contract For Difference (CFD) trading between BTC-USD; founded in 2011, in 2012 it received multiple hacks the first occurring in March where some of the holdings on Bitcoinica were stolen from a web hosting provider 'Linode', 2 months later in May; Bitcoinica itself was hacked with funds stolen amounting to 18,000 BTC and then hacked again a few of months later in July amounting to 40,000 BTC stolen. The exchange was shutdown and founder pledged to payback customer 50% of their holding in the future, these customers are still waiting.. Interestingly advancements in blockchain analysis has recently posed the question as to if this was a hack at all.
#4 BitStamp
Metric | Value |
---|---|
Date | 4th Jan 2015 |
Estimate Amount Lost | 18,866 BTC |
Estimate Amount Lost USD | 5 Million USD |
Estimate Amount Lost USD Today | 10.9 Million USD |
In early January 2015 Bitstamp had its hot wallet compromised and slightly less than 19,000 BTC stolen with a value of about 5 Million USD; this amounted to roughly 12% of the BTC that they had on their books; while the remaining 88% was protected in cold storage inaccessible to the attacker. Bitstamp absorbed the losses and setup a partnership with Bitgo allowing for multisig protection on their hot wallet while still retaining the cold storage model the had protected them during the attack.
#5 Cryptsy - 2016
Metric | Value |
---|---|
Date | July 2014 - Announced Jan 2015 |
Estimate Amount Lost | 13,000 BTC and 300,000 LTC |
Estimate Amount Lost USD: BTC | $8.1 Million, LTC: 2.4 Million |
Estimate Amount Lost USD Today | BTC: $7.5 Million, LTC: 1.1 Million |
In Jan 2015 Cryptsy announced that they suffered a large hack roughly 6 month's before the announcement and in that time were attempting to repay lost funds with trading revenue. This has been the source of a large investigation as the hack was being 'swept under the carpet' and in the months that followed customers funds had been held ransom with reports of denied withdraws. The attack was said to be caused by a Trojan implanted in malicious wallet software released by Lucky7Coin.
A few more larger thefts, scams or hacks
The list above were only the top 5 exchange based hacks that i could find; although history of bitcoin is littered with similar attacks on centralised exchanges, web services and outright scams. The interesting thing with Bitcoin is a transfer from a hacker looks exactly the same as a transfer from a founder or malicious employee. so when services comes forth with claims of being hacked it is almost always met with a health level of uncertainty and scepticism.
A few more majors hacks, scams and thefts are listed below
Event | Date | Amount (USD) | Bitcoins lost |
---|---|---|---|
Evolution | 03/18/2015 | $12,000,000.00 | 130,000.00 |
Sheep Marketplace Incident | 12/02/2013 | $4,070,923.00 | 5,400.00 |
GBL Scam | 8/01/2013 | $3,437,446.00 | 22,000.00 |
MintPal | 07/14/2014 | $3,208,412.00 | 3,894.49 |
PicoStocks Hack | 11/29/2013 | $3,009,397.00 | 5,896.23 |
Bitcoin Savings and Trust | 1/05/2012 | $2,983,473.00 | 263,024.00 |
BitPay | 12/11/2014 | $1,800,000.00 | 5,000.00 |
BTER | 02/14/2015 | $1,750,000.00 | 7,170.00 |
Moolah | 10/23/2014 | $1,500,000.00 | 4,087.19 |
MyBitcoin Theft | 7/01/2011 | $1,072,570.00 | 78,739.58 |
Scrypt.CC | 06/22/2015 | $858,865.00 | 3,500.00 |
CryptoRush Theft | 3/11/2014 | $782,641.00 | 950 |
Flexcoin Theft | 3/02/2014 | $738,240.00 | 896.1 |
BIPS Hack | 11/17/2013 | $660,959.00 | 1,295.00 |
Inputs.io Hack | 10/26/2013 | $640,615.00 | 4,100.00 |
James Howells Loss | 7/01/2013 | $627,659.00 | 7,500.00 |
Bitfinex | 05/22/2015 | $350,679.34 | 1,474.00 |
Linode Hacks | 3/01/2012 | $223,278.00 | 43,554.02 |
TL;DR
Theft of Bitcoins and other digital currencies is not uncommon and it is a very lucrative business model for the people inclined to preform such attacks or setup dodgy businesses in an effort to deceive people of the digital currencies.
It is always good practise not to leave all your eggs in one basket and ensure a failure of your favorite exchange or service does not leave you completely wiped out.
With Decentralized exchanges such as Bitshares and instant exchanges like Shapeshift and Blocktrades gaining more support from the crypto community hopefully one day we can look back at events like the ones mentioned above in disbelief that we had decentralized trust-less currencies but were trading them with centralized 'trusted' 3rd parties.
The space is constantly evolving and we are in the early days still; with costly lessons like the ones outlined above we can be sure that we are being forced in the right direction..
You guys may want to read the
Exchange Issues Log
.. maintained by the bitsharestalk.org forum members!
Oh, and i was thinking all of the stories about hacked sites are real, i've found a link on that forum about a company that claimed they were hacked, but they weren't...
There is only 1 rule no matter where you invest. "don't invest more then you can afford to loose." I personally always use this no matter how tempted i am.
EXACTLY!
That is right off course, but the above is about fraud/failure not about invetsment.
Every asset has a downside. Money in the bank isn't exactly guaranteed either. I know that in the future when I have enough to be concerned about loss protection that there will be a couple of gold bullion coins stashed away somewhere as well as coins in a secure offline wallet that I also have offline signing set up for.
Something else that is important, I think, is that even if you were not personally directly affected by the fall of Bitfinex and others, if you held the tokens they lost, the failure of the exchanges had an effect on the value of the currency anyway. This is also why I look forward to the day when there is no more centralised exchanges.
Even the big professional stock exchanges have had this kind of issue in the past, long before cryptos even existed.
Here does this mean you should let your savings errode away through inflation by leaving it in fiat or lost throigh haircuts or similar?
This is also very wise. I also live by this rule.
I admit I do use exchanges like Poloniex to serve as a sort of multiwallet for a ton of altcoins. Does anyone know of any other solution besides downloading all those different altcoin clients and trying to sync up? I'm thinking of an online decentralized wallet like openledger. It would be great if Poloniex let you have access to your own private keys and make a backup. In case the site is down or gone, you will still have access to your funds.
I know there are webhosted multiwallet services but im not sure about the protection in place when generating and storing keys.
If there was one that did the generation and storage client side and was open source and well vetted this would be a good option.
I do hope things are different on the 'decentralized' exchanges in the future. However, this is very sobering news and I will definately take a more pragmatic approach to all cryptocurrency investments going forward.
Things are already different on the decentralized exchanges and are available now. Check out Bitshares for trading at full speed (pretty much real time.. faster thanpolo ;) ) with no trust required and no counterparty risk on smartcoins USD,BTC,GOLD.. based on a Graphene blockchain (same as Steem, developed by one of the co-founders of Steem too; Dan)
It is cool, but somewhat unwieldy. Yesterday I opened a wallet at OpenLedger, and tried to get some BitShares for SBD (it is an exchange, right?) any how, it was quite an adventure and I am still stuck. The whole thing is in my latest blog post, if you want you can go and check it out.
Thing is, nope, not very friendly. Especially if you are an edge case like me. (Ipad, SBD, etc).
Decentralized exchanges: One day we will never be Goxed or Finexed again!
Day is already here we just beed to use them
It is actualy time for peaple to understand, they should not store this kind of value online.
I lost 93 BTC on MTGox back in the days. and after that i newer gonna store, my value on anny place. It is safer to keep it on your own wallet, then a trading site.
With Mintpal and Cryptsy, it wasn't just bitcoins that went, all the alts were lost too, and they were worth something (i.e. their value wasn't zero).
I know exactly what you mean in regards to Cryptsy but it is commonly reported the BTC & LTC stolen in July 2014, but i remember having issues getting my alts out of the exchange too at the start of 2015; not sure if this was due to them being hacked or dodgy dealing after the fact trying to recoup losses.
I remember fighting with support because both my account had been archived due to 6 months of inactivity; but it had only been 5 months; and then when i got back on half the wallets were in maintenance and could not do withdraw; eventually some of them opened up etc. only had a tiny bit on there not sure why but i think i had heard rumors leading up to it and cleared out my accounts. Still it was a pain.
In regards to Mintpal i'm not sure if that figure includes alt balances but they defiantly just shutdown and took the lot.. i had been waiting for months for the public API to come online; and then 1 weeks out and bang; its gone
Good post, man.
I wish more people, especially all the new users who got some exposure to crypto-currency through steem, would realize the inherent dangers of leaving crypto parked in an exchange.
Unless you are a trader, there are few reasons to leave your crypto outside of your control.
Use #bitshares and #bitsquare, both are excellent software, one or the other will be better suited depending on what your goal is.
For anyone reading concerned about this: check my posting history/blog, you will see invaluable information about this subject in many of my posts.
And unless you really know what you are doing, do not store large amounts of crypto in your computer.
Use something like the Ledger Nano S to store your bitcoin instead.
I have one, and can personally recommend.
Electrum with 2FA is also pretty decent, provided you do not store the seed on your computer. And as usual with anything crypto, use a strong, randomly-generated password.
I recommend you mix the two: your long-term savings in a hardware wallet like the ledger nano s mentioned above, and a 2fa-protected electrum wallet for amounts up to 4 BTC or so.
And remember -- do not store the seed on your computer, and preferably be offline while you are generating the wallet.
And finally, because it never gets old....
"The Bigger They Are The Harder They Fall" is the same as "The Taller They Stand The Harder They Fall" ? It sounds to me like a quote from the music of dishonored, great game!
here is the song.I myself ws a victim of the Bitfinex one, now I have their worthless BFX tokens!
Interesting post. Watching and learning.
If you don't own your keys, you don't own bitcoin. Thank you for clarifying that.
It's crazy how often you hear of crypto exchanges getting hacked relative to more traditional stock brokerages. I know blockchain is a relatively new technology, but come on, it's been around enough years that exchange security shouldn't be this flaky. Maybe it's just that the technology is changing and evolving so fast that new loopholes & exploits keep becoming available faster than they can be discovered and patched up. Personally, I really hope decentralized systems such as Bitshares start to gain more traction. I am making more & more use of OpenLedger myself.
I dodged a bullet with Bitfinex. I had hundreds of ETH on there for lending, but moved it all back to my private wallet on July 29 as I was going on vacation to Malaysia for a couple weeks and didn't feel comfortable leaving my capital unattended on the exchange while I was gone. Boy was that a good decision! But talk about dumb luck. If I hadn't happened to go on vacation at just the right time, my ETH would still have been on Bitfinex when the hack occurred. It gives me chills just thinking about it.
It was always strange for me that proponents of decentralized cryptos eagerly trust their coins to centralized exchanges.
I use many wallets for different coins and take it as part of the game. All risks I consider as costs I'm ready to pay to be independent (freedom is not free).
Traders have to trust exchanges because they use their services and it's additional risk of their business too.
I totally didn't realise it was so common!
BitGo stood by their systems and they stated nothing is wrong with their systems. But Bitfinex's CEO has a dubious history.
The hack was only the begining for CryptoRush, once it became insolvent @fyrstikken began making death threats and selling off the company in the form of Cryptoshares without mentioning the hack, I always wondered how he escaped fraud charges.
Hash Ocean?! how much did they just get away with
Unfortunately, the greater the number of currencies and their exchange options appears, the greater the risk of losing them
Is there a good source on learning how to set up a de-centralized wallet? I'd like to see the overview of all the parts of wallets and generally how they work. Can you name a few wallets that you trust? I just downloaded Mycelium.
The problem with Mycelium is there's not mush room in it.
Funny. I like it :)
@gphx what one do you prefer?
Sorry, it was a bad joke. 'Mycelium' is the name of a fungi.
lol :)
In my mind for bitcoin nothing beats a trezor.. i have a ledger contactless card as well but last time i checked it required inputing a code from a security card...painful. hopefully one day it will not be required as the nfc is great conveniance.
Decentralized exchanges: Bitshares
Wallets: mycelium is good i also like jaxx (btc, eth & dash with single backup seed), trezor hardware wallet is good for protecting larger amounts. Paper is not bad either it is just a pain to spend and sweep.
thanks for the info.
very informative article, thanks
One should keep some amount of cryptocurrency within their own personal control and security.
I believe that any crypto coin can fall, but that depends on who is behind it and what's the real purpose. I know that the real purpose is to make money but how far can they go on making it.
tl;dr
But this is true with everything. Just look at the banks, the majority of banks in the last 100 years went bankrupt one form or the other, only the big ones are here ,and they are here since the 1800's. It looks like they are not falling, the bigger they are the harder they fall. The too big to fail statement is pretty true.
My husband lost 28 bitcoin to Mt.Gox
500 Ltc at cryptsy
500 Ltc at mintpal
💋 @halo 💋😇
This is quite a bit of crypto, sorry to hear that; thanks for sharing.
One day soon i hope to see Bitshares sidechained to all major digital currencies and then going forward this will never be a problem again. It is quite a bit of work but we have some smart people working on the solution..
Yes, he mined bitcoin and then LTC , he has 8 computers with 32 280x cards, he wants to mine steem but he keeps trying but just cant seem to get it to work.
💋 @halo 💋😇
I had a few 280x they are nice cards. Wish my misses was as supportive as you seem to be :).. good luck with the steem mining as far as i was aware it was cpu only but im sure he has done his homework.. sounds like its not his first rodeo
Ya he said cpu, but all 8 computers have one. He is hoping for gpu mining on steem . He has one finally mining at 20000hps but he says he dont know if its all set up right. I dont know anything about it he said he gets some error every once in a while. He is not a programmer but a really smart guy im sure he will figure it out.
💋 @halo 💋😇
I took a big hit with Cryptsy. I had a bunch of pre-sale ETH there...It hurt but I try not to think about it and move on. But the way the Cryptsy staff lied and deceived their customers was scandalous. I was banned from chat-box on multiple occasions for daring to question why my withdrawal didn't process. I placed a bit of trust in them as they were in the states and seemed transparent and visible...I was wrong.
The issue is that we don't have so many guarantees on the security of the exchanges. You shouldn't save your main wallet online, well except if you do a lot of trading. I found a company who promote Hardware Secure Module to secure exchange : How to properly secure cryptocurrencies exchanges
https://steemit.com/hack/@nippel66/mtgox-list-of-bankruptcy-creditors-and-list-of-acceptance-or-rejection-of-claims-in-respect-of-bitcoin-exchange-users-of
I have post the refound list of MTGox, take a lock at it :)
The convenience of an exchange is a trap.
Keep your bitcoins only on personally controlled media. Only transfer to an exchange for immediate needs.
Hey, great content, thanks for sharing @steempower and congratulations for your success!
Best regards, Jonas
EverBody needs to READs this thank You