So..we want to be part of the community, we want to be in it for the investment or maybe because we believe it’s the future of money. Regardless we know the risks right? “My crypto is safe on an exchange” I hear you say…
Is it safe? Well you would hope so and we all store our assets somewhere but maybe an exchange is not as safe as you might think.
Last year Selfkey published a comprehensive list of Cryptocurrency Exchange Hacks. This included the ill fated Cryptopia who had two hacks within 15 days in 2019.
Throughout 2019 the exchanges that suffered included : CoinBin, CoinBene, Bithumb, DragonEx (over $7 million!), Binance (for 7000 BTC!), Bitrue, Bitpoint, VinDAX, Upbit and then Altsbit who never recovered and published the results on their website and is still there to see with refunds being as low as 28% on ETH.
In the same year Reuters reported that losses had hit an incredible $4.4 billion a 150% increase on the previous year. All of the survivors promised better security and yet in 2020 Exchange KuCoin reported a huge hack of over $280 million worth of crypto.
Hot wallets don’t fair much better whilst they improve liquidity they are still connected to the internet so ultimately they are still viable for hacking. Tech Radar reported on a EXMO’s Hot wallet hack which resulted in the loss of over $10 million lost!
Even the Ledger is not safe. Well actually they are pretty good. However, 3 years ago a young teenager found a flaw and reported it to Ledger who issued a fix. Ledger was recently hacked but they only got away with 270000 email addresses and Ledger assured us that “…despite the leak, your assets are safe”. Kraken also revealed that the Trezor wallets can be hacked within 15 minutes but special hardware is required with physical access to the Trezor itself.
Side Channel Hacks
The subject of side channel hacking is enough to send you screaming to the trees to live in isolation. There are lots of versions but an example of a side channel hack is using a microphone to listen to the keys being used on a PC. Based on the fan noise you may be able to tell if the PC is processing heavy data or not, add that to other data and you start to get a picture. In a study, Tel Aviv University found that “different RSA keys induce different sound patterns” therefore potentially revealing data.
So anything is hackable. No system is perfect, but you can take important steps to protect your assets. A steel wallet is a good start. Just don’t do what a friend of mine does; “I never lose my banking password” he said “I keep it on a post-it on my PC monitor” !!