New Delhi: Cyber attacks on crypto exchanges have raised a serious question on the security of investments in cryptocurrencies. It is being said that due to gaps in the regulatory framework and insufficient levels of defense, the crypto exchanges are the easy pickings for the hackers and it becomes easy for them to breach into them.
The news was originally published in The Wall Street Journal.
Executives at Bithumb, a popular cryptocurrency exchange in South Korea, sensed something was awry last month.
After a rival was hacked earlier in June, Bithumb experienced a rise in failed user logins and unauthorized access attempts, according to an exchange official who asked not to be named. Bithumb added more online security personnel to conduct extensive checks and moved more of its digital currency reserves into offline storage.
It wasn’t enough. On June 19, Seoul-based Bithumb said it lost over $30 million worth of bitcoin and other cryptocurrencies in a cyber attack. It has since recovered some, lowering its loss estimate to $17 million.
Huge Losses Due to Cyber Attacks Since 2011
Since 2011, there have been 56 cyber attacks directed at cryptocurrency exchanges, initial coin offerings and other digital-currency platforms around the world, according to an analysis by Autonomous Research, a London-based financial-services research firm, bringing the total of hacking-related losses to $1.63 billion. Some of the biggest hacks occurred at Japanese exchanges Mt. Gox in 2014 and Coincheck this past January. The most recent hack took place on July 9, when hackers swiped $23.5 million worth of cryptocurrencies from an Israeli platform called Bancor.
The increasing frequency of hacks points to the vulnerabilities of cryptocurrencies and the platforms people use to trade them, adding to broader investor worries about fraud and lax regulation of the industry.
Many attacks have centered around Asia, a hotbed for cryptocurrency trading. Four of the seven hacks so far this year have been in the region, with over $800 million worth of cryptocurrencies stolen—already more than any other calendar year. Cyber thieves could be targeting more popular trading venues, a potential risk for investors in the U.S. and elsewhere.
Unlike stock exchanges, which facilitate trading but don’t actually hold securities on behalf of investors, many cryptocurrency exchanges charge fees for trading and store currencies for their customers. Analysts say that makes cryptocurrency exchanges like sitting ducks. Thieves that manage to break in can do something akin to robbing a bank—getting hold of valuable cryptocurrencies that they can cash out of.
Cryptocurrency exchanges are “easy to breach, with minimum effort and expense from attackers and with maximum return on investment,” said Robert Statica, president of BLAKFX, a cybersecurity firm in New York.
Cyber Attacks also Hurting Market Sentiments
Recent cyber attacks have hurt market sentiment. After a steep slide this year, bitcoin dropped further after the Bithumb incident in June. Currently sitting at around $6,300, bitcoin trades near its low for the year and well off its record high near $20,000 established in December.
The hacks are “bad for users, bad for exchanges and terrible for confidence,” said John Sedunov, an assistant professor of finance at Villanova University. “If I don’t have confidence in where I’m storing my crypto assets or where I’m investing, how can I really trust any of this?”
Not all investors are ruffled by the hacks. Lee Gui-im, a retiree in Seoul, hasn’t been able to access her cryptocurrency assets for a month after Coinrail, the other South Korean exchange breached last month, temporarily shut down all services. That hasn’t discouraged the 61-year-old from continuing to attend meetups to identify her next cryptocurrency investment.
“Every exchange is in danger of hacks. This isn’t just Coinrail’s problem,” said Lee as she was leaving a blockchain company info session this past week. “I haven’t lost faith in [crypto] coins—just exchanges.”
There are currently 205 cryptocurrency exchanges in operation, many of which are based in Asia, according to research firm CoinMarketCap.
South Korea – Ripe Area for Hackers
Chainalysis, a New York-based blockchain-analytics firm, said South Korea has been a ripe area for hackers because of the market’s rapid growth in a short amount of time. The South Korean won is one of the most commonly used fiat currencies for trading cryptocurrencies.
“There simply are many targets there,” said Kim Grauer, senior economist at Chainalysis, adding that “some exchanges have not been able to maintain the proper level of defense as they have grown.”
Regulatory gaps in South Korea also make it less compelling for exchanges to step up security efforts, said Stacy Scott, managing director at cybersecurity and investigations firm Kroll.
A government inspection of 21 cryptocurrency exchanges in South Korea earlier this year found that no firm met all 85 inspection standards established by authorities, but there is no law to penalize exchanges that fall short.
Bithumb said late June it is working with other exchanges around the world to track down and recover stolen digital coins that may have been moved to other trading venues. Coinrail is planning to resume services on July 15 after a monthlong operating hiatus. The exchange said it has so far recovered three types of virtual currencies that were stolen but hasn’t disclosed how much it lost. An earlier Wall Street Journal article estimated that $40 million worth of digital coins were taken.
“These are incredibly fragile technologies that are highly vulnerable to attacks,” said Alan Curtis, chief executive at a cryptocurrency startup called Radar Relay.
Curtis’s firm operates a newer type of cryptocurrency trading venue called a decentralized exchange. Launched less than a year ago, Radar Relay operates a peer-to-peer platform that allows people to trade cryptocurrencies with each other directly, similar to how people connect with each other via a site like Craigslist to buy and sell goods and services.
Decentralized exchanges, however, tend to lack liquidity and make up a small percentage of the market’s overall trading volumes, said Lex Sokolin, global director of fintech strategy at Autonomous Research.
“I don’t know if there’s a silver bullet that will stop the hacking other than investing significantly in infrastructure and cybersecurity,” he said.