Since the early Bitcoin days in 2011, cryptocurrencies have been a high-value target for hackers. And as the value of cryptocurrencies continues to increase, the motivation for hackers also increases. In less than 10 years, over $3.0 billion of crypto has been hacked or stolen from exchanges and individuals alike. While security technology has improved over time, it’s impossible to completely eliminate the main driver of fraud: human error.
But not all crypto hacks are the same- in fact, most occur due to security flaws at the exchanges themselves. So what are these crypto exchanges, and why are they so prone to hacks? To answer this question, let’s explore how crypto exchanges operate.
Most crypto exchanges are known as “Centralized Exchanges” (CEX) because the cryptocurrency transactions are facilitated by a third-party company. Centralized exchanges are online marketplaces where you can exchange fiat currency (like U.S. Dollars) for cryptocurrency (like Bitcoin or Ethereum).
The first major crypto exchange was Mt. Fox- at its peak in 2014, Mt. Gox was processing 70% of all Bitcoin transactions globally. But Mt. Gox suffered from major security issues and was forced to cease operations after only a few years.
Some of the most popular crypto exchanges today are Coinbase and Gemini. New crypto investors usually start with these platforms due to their ease of use and clean user interface. After downloading the app on your mobile phone, a few additional pieces of personal information are required before you can start buying your first cryptocurrency. Unlike Mt.Gox which focused on Bitcoin, Coinbase and Gemini offer hundreds of cryptocurrencies to buy, sell, or exchange. These include major “blue-chip” coins like
- Bitcoin (BTC)
- Ethereum (ETH)
- Solana (SOL)
as well as smaller market cap coins like
- Chainlink (LINK)
- Stellar Lumens (XLM)
- Fantom (FTM)
The best way to think of crypto exchanges like Coinbase and Gemini is by comparing them to popular stock trading platforms like E*Trade or TD Ameritrade.
Similar to stock trading platforms, crypto exchanges allow you to select the cryptocurrency you want to buy, the amount you want to buy, and the price you are willing to pay. Once the exchange matches your buy order with a sell order, your purchase is fulfilled and you can view your cryptocurrency account balance directly on the exchange.
But this new technology comes with it’s fair share of risks. One is the volatility of cryptocurrency prices. Just look at the chart below of Bitcoin returns over the past decade. Most years had life-changing returns. Other years… not so much:
Another major risk of cryptocurrency investing is the security of where your crypto is stored. When you buy crypto through centralized exchanges like Gemini or Coinbase, your coins remain on the exchange itself. Some investors transfer their coins off the exchanges to a crypto wallet, which acts like a digital safe for your crypto assets. Leaving your coins on the exchange means you are trusting the exchange to securely store your crypto. Without properly protecting your cryptocurrency investment (like moving your coins to a crypto wallet you control), your crypto could be lost forever to hackers or other bad actors. History has shown that crypto exchanges are not fully secure and are still subject to hacks or human error.
Major Crypto Hacks
Bitcoin has existed for over 10 years, but the cryptocurrency world is still the wild wild west. Between the lightning-fast speed of the markets, limited regulation, and new projects popping up every day, it’s difficult to keep up with all the changes. And it’s in this fast-paced environment where crypto hackers thrive
Mt. Gox – 2014
Back to Mt. Gox- the first major crypto exchange for Bitcoin. Originally founded in 2010, Mt. Gox was plagued with issues from the start. Cryptocurrency was so new that early centralized exchanges like Mt. Gox simply didn’t know what they didn’t know regarding security threats. Mt. Gox suffered significant hacks as early as 2011 when user credentials were stolen to transfer funds. Hackers even adjusted the market price of 1 BTC down to $0.01, resulting in mass buying before the price was reset.
Then in 2014, hackers stole 840,000 Bitcoin from Mt. Gox customers and the company itself. At that time, this hack was worth $460 million dollars. Today… worth $46.2 billion dollars.
The backlash was severe- Mt. Gox was even fined by the U.S. Department of Homeland Security for their reckless actions. The price of Bitcoin and the entire cryptocurrency industry took years to recover. Even worse, the Mt. Gox customers who owned the stolen Bitcoin were never repaid. Mt. Gox was forced to permanently shut down operations and investors still have not been reimbursed.
Bitfinex – 2016
Shortly after the Mt. Gox fiasco of 2014, Bitfinex took the top spot as the most popular Bitcoin exchange. While security protocols had improved from the very early days, it was still far from perfect. In 2016, hackers exploited a flaw in Bitfinex’s code and stole 120,000 Bitcoin from customer’s wallets- then worth $70 million and today worth over $6.6 billion.
Unlike Mt. Gox, Bitfinex came up with a clever way to reimburse their customers for the stolen Bitcoin. Bitfinex created “BFX” tokens (each worth $1 USD) and distributed them to affected customers in the amount equal to the stolen Bitcoin. Less than one year later, Bitfinex allowed BFX holders to cash in their coins for U.S. Dollars. Although this solution wasn’t perfect, it was successful in rebuilding investor confidence. It was also the first major example of a crypto exchange taking the initiative to reimburse their customers using the exchange’s own funds.
Poly Network – August 2021
The Poly Network hack in August 2021 is considered the largest crypto hack in history based on current market prices. Over $600 million worth of multiple cryptocurrencies was stolen after hackers exploited weak security measures in the Poly Network code. This allowed the bad actors to transfer funds from the exchange directly to crypto wallets they controlled.
To remedy the situation, Poly Network took a unique approach in an attempt to recover the stolen funds. Through social media posts Poly Network pleaded with the hackers to return the stolen crypto before pursuing more traditional methods like alerting the authorities.
Strangely enough, their plea seemed to work. According to Poly Network, the hacker claimed the attack was done “for fun” and their intention was always to return the stolen funds. Whether or not you believe the hacker’s claims, all $610 million of stolen coins were returned to Poly Network in less than a week. Customer funds were fully returned and Poly Network continues to operate as a popular “bridge” between various blockchains.
While security in the crypto industry has drastically improved since the Mt. Gox days, skyrocketing cryptocurrency valuations continue to incentivize hacks and theft. Crypto exchanges provide investors with convenient access to their funds, but there are more secure ways to protect your crypto investments.
Crypto Wallets – Exchanges, Hot Wallets, and Cold Wallets
After discussing the major crypto hacks above, the question still remains:
“If cryptocurrencies are so prone to hacks, what’s the best way to protect your investment?”
Ultimately this comes down to how much you have invested in crypto and how much you’re willing to risk. Unlike your stock investments that “live” on the stock trading platforms, cryptocurrency is not FDIC insured. While some hacked funds have been recovered, it’s nearly impossible to track cryptocurrencies once they’re stolen.
Crypto Exchanges – Not Your Keys, Not Your Coins
Keeping your crypto on an exchange is a convenient way to use your coins- whether it’s to trade for other coins, access blockchain applications, or buy NFTs. But these coins are held in a wallet owned by the exchange- which means the wallet is not owned by you. Instead of keeping your crypto in the exchange’s wallet, why not move your investments to a digital wallet you own and control?
Crypto wallets allow you to move your cryptocurrency off the exchange where your crypto was purchased and into a more secure location. When settinhttps://cryptoexchangereviews.com/guides/hot-wallets-vs-cold-wallets/g up your crypto wallet, you are given a key phrase or “seed phrase”, which is a string of 12 or 24 randomly generated words in a specific order. The only way to access your wallet is by inputting these exact words in the exact order given into the wallet application. This explains a popular phrase in the crypto community “not your keys, not your coins.” It’s another way of saying “if you don’t own the keys (seed phrase) to your wallet, you don’t own the coins in the wallet”.
Hot Wallets – Always Connected
The most popular type of crypto wallet is referred to as a “hot wallet” since they are always connected to the internet. Hot wallets provide similar convenience to keeping your coins on an exchange and they are still prone to hacks. But hot wallets offer improved security over exchange wallets since you hold the keys (seed phrase) to your wallet (instead of trusting the exchange to keep your funds safe).
Hot wallets like MetaMask (for the Ethereum blockchain) or Phantom (for the Solana blockchain) are free to set up and relatively easy to use. Most hot wallets live as an application on your web browser, and MetaMask even offers a mobile app to connect to your crypto on the go. Sophisticated crypto investors use hot wallets as an intermediary- similar to holding a small amount of cash in your physical leather wallet. But if anyone gains access to your wallet’s keys, your funds can be easily accessed from any internet device. So how do these sophisticated investors secure their crypto even further?
Cold Wallets – Offline Storage
Cold wallets are cryptocurrency wallets that are not linked to the internet. They are typically small physical devices similar to a USB stick which need to be physically connected to a computer to access the crypto stored on them. Cold wallets offer the highest level of security to store your crypto and are generally considered “unhackable”. In order for a bad actor to steal funds from a cold wallet, they would need
- physical possession of the wallet
- a method to connect the wallet to a computer
- multiple passwords or keys (seed phrases)
By removing the internet connection all together, cold wallets are the most secure way to store your cryptocurrency. But this comes with a price- the tradeoff between security and convenience. If you need to access your crypto on a cold wallet, it can be a tedious process to connect the hardware to a computer and input the correct passwords. This is why crypto investors holding large balances usually keep a majority of their coins in a cold wallet for security and a small balance (for trading and purchases) in a hot wallet for convenience. The combination of both cold and hot wallets offers the greatest balance between convenience and security.
Ledger and Trezor are the most popular cold wallets currently available, but they can cost upwards of $200. However this is a small price to pay if you have a lot invested in crypto. If your crypto holdings are more than 1% of your total net worth, it’s probably time to move your funds to a secure cold wallet that you have complete control over.
Wrapping It Up
Crypto exchanges are incredibly popular and easy to use, but their lack of security and protection for your crypto assets has proven to be a major issue. Unless you’re using your crypto on a daily basis, it probably makes sense to move some of your funds to a hot or cold wallet (or a combination of both). Some crypto exchanges have done a great job of returning stolen funds to customers, but your investment is never guaranteed or fully protected. Better to keep your investment in a secure wallet that gives you more control. As alway, do your own research. And remember… not your keys, not your coins.
Interesting Related Article: “Cryptocurrency – definition and meaning“