Why Cryptocurrency Exchange Hacks Keep Happening

in #crypto6 years ago

Executives at Bithumb, a popular cryptocurrency exchange in South Korea, sensed something awry last month.

After a rival was hacked earlier in June, Bithumb experienced a rise in failed user logins and unauthorized access attempts, according to an exchange official who asked not to be named. Bithumb added more online security personnel to conduct extensive checks and moved more of its digital currency reserves into offline storage.

It wasn’t enough. On June 19, Seoul-based Bithumb said it lost over $30 million worth of bitcoin and other cryptocurrencies in a cyberattack. It has since recovered some, lowering its loss estimate to $17 million.
of defense have made some exchanges easy to breach
A Bithumb exchange office in Seoul. Last month, Bithumb said it lost over $30 million worth of bitcoin and other cryptocurrencies in a cyberattack.
A Bithumb exchange office in Seoul. Last month, Bithumb said it lost over $30 million worth of bitcoin and other cryptocurrencies in a cyberattack. PHOTO: JEAN CHUNG/BLOOMBERG NEWS
By Steven Russolillo and Eun-Young Jeong
July 15, 2018 8:00 a.m. ET
2 COMMENTS
Executives at Bithumb, a popular cryptocurrency exchange in South Korea, sensed something awry last month.

After a rival was hacked earlier in June, Bithumb experienced a rise in failed user logins and unauthorized access attempts, according to an exchange official who asked not to be named. Bithumb added more online security personnel to conduct extensive checks and moved more of its digital currency reserves into offline storage.

It wasn’t enough. On June 19, Seoul-based Bithumb said it lost over $30 million worth of bitcoin and other cryptocurrencies in a cyberattack. It has since recovered some, lowering its loss estimate to $17 million.

Swiped
Some of the biggest hacks on cryptocurrency exchanges and platforms

Exchange/platform, origin, date of hack and value of coin loss in millions of dollars

Coincheck (Japan, January 2018)

$535

Mt. Gox (Japan, January 2014)

$450

BitGrail (Italy, February 2018)

$170

Bitfinex (Hong Kong, August 2016)

$77

NiceHash (Slovenia, December 2017)

$70

DAO (Germany, April 2016)

$55

Coinrail (South Korea, June 2018)

$40

Youbit (South Korea, April 2017)

$35

Parity (U.K., July 2017)

$32

Bithumb (South Korea, June 2018)

$32

Bancor (Israel, July 2018)

$24

Note: DAO was created by German-based Slock.it.

Sources: Autonomous Research, staff reports
Since 2011, there have been 56 cyberattacks directed at cryptocurrency exchanges, initial coin offerings and other digital-currency platforms around the world, according to an analysis by Autonomous Research, a London-based financial-services research firm, bringing the total of hacking-related losses to $1.63 billion. Some of the biggest hacks occurred at Japanese exchanges Mt. Gox in 2014 and Coincheck this past January. The most recent hack took place on July 9, when hackers swiped $23.5 million worth of cryptocurrencies from an Israeli platform called Bancor.

The increasing frequency of hacks points to the vulnerabilities of cryptocurrencies and the platforms people use to trade them, adding to broader investor worries about fraud and lax regulation of the industry.

Many attacks have centered around Asia, a hotbed for cryptocurrency trading. Four of the seven hacks so far this year have been in the region, with over $800 million worth of cryptocurrencies stolen—already more than any other calendar year. Cyberthieves could be targeting more popular trading venues, a potential risk for investors in the U.S. and elsewhere.

Unlike stock exchanges, which facilitate trading but don’t actually hold securities on behalf of investors, many cryptocurrency exchanges charge fees for trading and also store currencies for their customers. Analysts say that makes cryptocurrency exchanges like sitting ducks. Thieves that manage to break in can do something akin to robbing a bank—getting hold of valuable cryptocurrencies that they can cash out of.

Cryptocurrency exchanges are “easy to breach, with minimum effort and expense from attackers and with maximum return on investment,” said Robert Statica, president of BLAKFX, a cybersecurity firm in New York.

Bubble Burst
How many U.S. dollars one bitcoin buys
Source: CoinBase
July ’17
Jan. ’18
July
0
2,500
5,000
7,500
10,000
12,500
15,000
17,500
20,000
$22,500
Feb 7, 2018x8,096.22
Recent cyberattacks have hurt market sentiment. After a steep slide this year, bitcoin dropped further after the Bithumb incident in June. Currently sitting at around $6,300, bitcoin trades near its low for the year and well off its record high near $20,000 established in December.

The hacks are “bad for users, bad for exchanges and terrible for confidence,” said John Sedunov, an assistant professor of finance at Villanova University. “If I don’t have confidence in where I’m storing my crypto assets or where I’m investing, how can I really trust any of this?”

Not all investors are ruffled by the hacks. Lee Gui-im, a retiree in Seoul, hasn’t been able to access her cryptocurrency assets for a month after Coinrail, the other South Korean exchange breached last month, temporarily shut down all services. That hasn’t discouraged the 61-year-old from continuing to attend meetups to identify her next cryptocurrency investment.

“Every exchange is in danger of hacks. This isn’t just Coinrail’s problem,” said Ms. Lee as she was leaving a blockchain company info session this past week. “I haven’t lost faith in [crypto] coins—just exchanges.”

There are currently 205 cryptocurrency exchanges in operation, many of which are based in Asia, according to research firm CoinMarketCap.