The hack of Korean cryptocurrency exchange Bithumb on June 20, 2018, has once again raised concerns over the security practices of cryptocurrency exchanges. Here, the attackers made away with digital coins worth an estimated $31 million. While that figure does not eclipse the infamous Mt Gox hack of 2014, it has undoubtedly resurfaced similar investor concerns. The hack also triggered a panic selloff, which only worsened the bearish sentiment in the market.
Are Cryptocurrency Exchanges Easy Targets?
Korean cryptocurrency exchange Coinrail also reported a similar security breach on June 10, 2018. With the sudden onslaught of attacks, it seems as if cryptocurrency exchanges have become a prime target for hackers, mainly because they store a massive wealth in the digital currency.
Cryptocurrency prices had peaked in 2017, which brought in a massive influx of investors into the market. This also corresponded to an increase in trading volumes. New exchanges opened while the existing ones ramped up their infrastructure to handle even more transactions. Hackers then began targeting various security vulnerabilities at these exchanges to siphon off digital currency worth millions of dollars.
While exchanges have always claimed to be safeguarding investor holdings in the best possible manner, their measures have repeatedly proved to be insufficient. This is especially true for relatively unknown exchanges, which are often considered easier targets.
Are Cold Storage Wallets the Solution?
Given there are several kinds of wallets available for storing cryptocurrency holdings, it is perhaps high time that users take control of their balances. Currently, online wallets are most commonly used as they are simple and easy to use. They can either be software-based or provided by an online exchange.
Any wallet has two sets of keys, a public key, and a private key. The public key is used to receive payments, while the private one is needed to access the wallet itself. The cryptocurrency wallet is safe as long the private key is not compromised. Exchanges typically take custody of these private keys on behalf of their customers to provide a more seamless experience.
However, keeping these private keys in someone else’s control is a potential security risk. After all, if an attacker gains control of the private keys, he has control over all digital coins held in the wallet. Therefore, the more secure option is to store cryptocurrencies in an offline wallet as they are not connected to the internet or any external network. Most of the affected exchanges so far have gone on to lose only a small percentage of their holdings due to this precaution. They typically store digital currency in multiple wallets with only a small percentage of them exposed to the internet.
Measures to Step Up Security
The Japanese Financial Services Agency (FSA) recently announced out a stricter rule set for cryptocurrency exchanges, forcing them to obtain licenses to continue operating within the country. The move was a precautionary one, primarily motivated by the desire to prevent an encore of the Mt. Gox and Coincheck hacks.
Among the restrictions imposed by the FSA was the requirement that exchanges do not store their investors’ holdings online or on a wallet connected to the internet. It also made two-factor authentication compulsory for currency transfers from one wallet to another. The primary motive behind having crypto exchanges obtain licenses was to ensure they followed the essential security precautions.