Cryptocurrency and blockchain are often celebrated for its security and resistance to hacks. And while it is certainly not undeserved, it is also easy to feel a little uncomfortable with that praise, since cryptocurrency hacks do happen and can be devastating.
One thing that is important to remember, though, is that when these hacks do happen it is almost always never the technology’s fault. Typically, the blame can be put squarely on cryptocurrency exchanges.
Blockchain technology is pretty much failsafe when it comes to resisting theft and fraud, but the exchanges that users rely on to buy, sell, and store their coins can be vulnerable.
There are plenty of cases where users paid a heavy price for choosing an unreliable exchange, and many of them are enough to strike fear into the hearts of any crypto-enthusiast.
Let’s take a look at three of the biggest cryptocurrency hacks, and what went wrong.
Mt. Gox
Back in the long-forgotten time of 2014, Mt. Gox [Magic The Gathering Online Exchange] was the world’s biggest Bitcoin exchange and handled somewhere between 70 and 80 percent of all transactions in the currency.
At this point, the exchange had already suffered one hack, back in 2011, after the exchange was infiltrated, a huge amount of Bitcoins were stolen. Maybe this should have been a warning sign, but the exchange failed to learn its lesson.
In 2014, $473 million worth of Bitcoins were stolen from Mt. Gox — 7% of the world’s total supply.
The immediate results included a massive drop in BTC’s price, a general loss of faith in cryptocurrency security, and bad press for the whole industry. Not to mention the many users that lost out big-time.
So how did it happen? Essentially, Mt. Gox had a few big problems that it failed to address, and these led to the hack.
They didn’t test their code, had no Version Control Software, which is necessary to properly track and manage changes to the code, and overall poor organization.
These vulnerabilities made it possible for hackers to take advantage of something called transaction malleability. Essentially, the hackers were able to make it look like Bitcoins had not been sent to an address when in fact, they had.
Mt. Gox no longer exists, and its founder Mark Karpeles ended up going to prison for separate charges of fraud. The disaster continues to be remembered of an example of how not to run an exchange.
BitGrail
On February 8, 2015, 15 million Railblocks [XRB], the currency of the Nano network, were stolen from the Bitgrail exchange.
The total losses amount to more than $150 million, making it a pretty sizeable hit. As you can probably imagine, the Nano team weren’t happy. In the aftermath, they claimed that Bitgrail had failed to manage its exchange securely by relying on a hot wallet to store its XRB, a method which is much more vulnerable than other methods due to being stored online.
The hack was a stark warning to exchanges to use wallets that are less susceptible to attack, and a warning to users to make sure their exchanges are storing coins in the most secure way possible.
Coincheck
The final hack we’ll cover has been described as ‘the biggest theft in the history of the world’. It is certainly the biggest cryptocurrency hack ever.
523 million NEM coins, worth around $534 million, were stolen from Coincheck exchange on January 26, 2018. The hack, understandably, generated a lot of attention from the start.
So what went wrong? Basically, it was the same issue as with Bitgrail, Coincheck had been keeping its NEM coins in a hot wallet instead of a more secure multi sig wallet like the other coins in their exchange.
Afterwards, Coincheck said they would do their best to reimburse the 260,000 affected members. Since then, over 100 users have filed lawsuits against the exchange, but the markets have actually weathered the shock pretty well and NEM is still around.
Yet again, this hack was a reminder for users to make sure their exchanges are following proper procedure in terms of storing coins
As crypto becomes more widely known and mainstream, hacks like these are bound to continue to happen.
And these kinds of horror stories can be scary, especially for people who have a lot invested in cryptocurrency. Fortunately, nobody is forced to rely on an unsafe exchange, and users can seriously reduce the risk of a hack by taking simple steps.
It is important to look for exchanges that have a solid track record when it comes to security. Find out, if you can, how they store their coins, what kind of security policy they have, and how they’ve responded to crises in the past.
Believe it or not, exchanges like Binance, for example, have never suffered a hack or breach, compared to many that have unreliable security. In fact, this Binance guide discusses the fact that Binance team caught several hackers that were trying to steal funds back in March, confiscated their accounts and donated them all to charity.
By taking the time to do a little research and pick an exchange that puts its user’s security first, you can seriously reduce the worry of your coins being stolen.
