Why bit­coin hubs keep get­ting hacked

The Borneo Post - - BIZTECH - By Brian Fung

Bit­coin and other cryp­tocur­ren­cies have risen dra­mat­i­cally in pop­u­lar­ity and value over the past few years. This fast run-up may have caught some ex­changes off-guard, and they may not have had the cap­i­tal on hand, time, or even the tech­ni­cal abil­ity to ramp up se­cu­rity fea­tures fast enough to ward off po­ten­tial at­tack­ers. John Se­dunov, as­sis­tant pro­fes­sor of fi­nance at Vil­lanova Univer­sity

THE PRICE of bit­coin took a tum­ble early Wed­nes­day af­ter a ma­jor South Korea-based cryp­tocur­rency ex­change, Bithumb, ad­mit­ted that hack­ers made off with more than US$ 31 mil­lion ( RM124 mil­lion) worth of vir­tual cur­rency.

The in­ci­dent is the lat­est in a long string of thefts at the on­line por­tals where in­vestors trade cash for dig­i­tal coins such as bit­coin and ether. Bithumb has not said how the at­tack oc­curred.

But what makes ex­changes vul­ner­a­ble to th­ese sorts of at­tacks in the fi rst place?

For starters, cryp­tocur­rency ex­perts blame lax se­cu­rity at the hacked ex­changes, as well as the boom­ing pop­u­lar­ity of dig­i­tal cur­ren­cies more gen­er­ally.

“Bit­coin and other cryp­tocur­ren­cies have risen dra­mat­i­cally in pop­u­lar­ity and value over the past few years,” said John Se­dunov, an as­sis­tant pro­fes­sor of fi nance at Vil­lanova Univer­sity. “This fast run-up may have caught some ex­changes off-guard, and they may not have had the cap­i­tal on hand, time, or even the tech­ni­cal abil­ity to ramp up se­cu­rity fea­tures fast enough to ward off po­ten­tial at­tack­ers.”

In other words, hack­ers love go­ing af­ter ex­changes be­cause they’re a re­ward­ing and often easy tar­gets. In this re­spect, ex­changes are lit­tle dif­fer­ent from health care providers with lu­cra­tive med­i­cal data, or credit re­port­ing bu­reaus who hold So­cial Se­cu­rity num­bers.

But un­like those types of in­sti­tu­tions, cryp­tocur­rency ex­changes are pur­pose-built to move ac­tual as­sets from one per­son to an­other. And that can raise ad­di­tional risks. Here’s how, and what you can do to shield your­self.

Be­gin by con­sid­er­ing your per­sonal fi nan­cial sit­u­a­tion. If you’re like many peo­ple, you have both a check­ing ac­count to cover daily trans­ac­tions and a sav­ings ac­count or safe de­posit box where you keep money that you know you won’t be spend­ing any­time soon.

A lot of cryp­tocur­rency ex­changes work the same way. They run what’s called a “hot” wal­let that’s con­nected to the In­ter­net, where they store the vir­tual cur­rency they know they’ll use to quickly fulfi l their cus­tomers’ trades. Mean­while, they might keep some - or even the bulk - of their cus­tomers’ funds in a “cold” wal­let. This cold stor­age is dis­con­nected from the In­ter­net and in­ac­ces­si­ble to cus­tomers, partly to en­sure that it’s off lim­its to re­mote hack­ers.

While many ex­changes have adopted tech­niques to pro­tect their hot wal­lets, such as ob­tain­ing in­surance on the funds in­side or re­quir­ing mul­ti­ple se­cret keys for ac­cess, it’s im­pos­si­ble to elim­i­nate the risk of a hack com­pletely. Just as on­line crim­i­nals are con­stantly de­vel­op­ing new forms of mal­ware that ex­ploit bugs in soft­ware that its devel­op­ers haven’t caught, hot wal­lets are vul­ner­a­ble to the same kinds of risk.

That doesn’t mean hot wal­lets are in­her­ently bad. Imag­ine if every time you paid a bill at a res­tau­rant or bar, you had to visit your sav­ings ac­count to phys­i­cally pull out the money. It would be a mas­sive in­con­ve­nience, and set­tling your tab would take ages. Hot wal­lets speed things up, at the cost of some built-in se­cu­rity risks.

For th­ese rea­sons, many cryp­tocur­rency in­vestors rec­om­mend stor­ing your coins not in a wal­let that’s con­trolled by an ex­change, but rather in a cold wal­let that you con­trol. This wal­let could be a hard drive you’ve un­plugged from a com­puter, a USB drive you store in a drawer in your house or even codes writ­ten on a piece of pa­per. When you want to sell the coins in the wal­let, just re­con­nect the wal­let to the In­ter­net.

This ap­proach is not with­out headaches too, but its still a bet­ter op­tion. On red­dit, sto­ries abound of in­vestors who’ve mis­placed their cold wal­lets or the ac­cess codes needed to open them. In th­ese sorts of cases, it’s as if your money may as well have been lost to hack­ers. Other in­vestors on red­dit still say trust­ing your­self is prefer­able to trust­ing ex­changes.

“It’s frus­trat­ing to see peo­ple lose money to this con­sis­tent mis­take,” wrote user PM_ ME_YOUR_ NANO on a re­cent thread. “No one should be los­ing even 10% of their avail­able coins be­cause an ex­change is bad. Cryp­tocur­rency is about be­ing trust­less. Ex­changes are trusted sys­tems with­out great reg­u­la­tion.” — Wash­ing­ton Post.

A mon­i­tor show­ing vir­tual cur­ren­cies at the Bithumb ex­change of­fice in Seoul. — Bloomberg photo by Seongjoon Cho

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.