By Mary Ann Callahan
Cryptocurrency is a profitable asset, there’s no denying it. The price of Bitcoin alone is around $10,000 now, and its market cap hits $175 billion. Sure, it makes up a fertile field for profit.
Every year a huge amount of cryptocurrency gets stolen and this crime goes largely un-investigated and unpunished. To be precise, the best estimates say that in 2018 around $1.7 billion was stolen from hard-working cryptocurrency investors and traders. Alarmingly, the bulk of this money is stolen from cryptocurrency exchanges.
Hackers are always conjuring up ingenious ways to manipulate systems to their advantage, and this has proven incredibly lucrative when it comes to cryptocurrency exchanges. Here are the 5 main weak points that the exchange platforms have.
Lack of Two-Step (or Multiple Step) Authentication
When the celebrity nude hacking scandal (fappening) occurred, hackers highlighted how easy it was to gain access to a location by guessing a passcode/password, or answering a secret question when retrieving a lost password. In the grand scheme of things, it doesn’t seem like the kind of elaborate hacking we envisage from the Hollywood movies. But it was exactly how the hack was performed.
As a result, Apple, Google, Facebook, Microsoft, etc. all pushed two-step verification on their users to try and help people protect their accounts a little better. This basic security-conscious mindset hasn’t extended to many exchanges though, and only a few exchanges ask for two-step verification now. Even fewer do this basic check on individual transactions.
By allowing user accounts to be breached with relative ease it is no wonder that a lot of money gets stolen from individuals as a result of transacting on exchanges.
The leading exchanges tend to impose transaction limits which again help safeguard individual users.
This means that in order to transact using higher-value amounts you must first verify who you are with the exchange. The way this protects users is that it prevents anonymous trading, curbs money laundering and deters criminals from registering accounts as they would need to verify themselves in order to make any real money on those accounts.
Exchanges that don’t set transaction limits and don’t verify their customer’s identity are immediately setting themselves up for failure. It means the exchange can be used to launder money anonymously, as well as allows hackers to familiarize themselves with the platform and exploit weaknesses from within.
This is why many exchanges that have tiered membership don’t offer complete access to the platform features on basic (unverified) levels.
Exchange Wallet Hacks
Some of the biggest breaches have been very simple processes. Hackers compromise the exchange’s protection and then transfer all funds held in hot wallets to their own private wallets. This way, some exchanges have lost millions in minutes! Opportunistic hackers take advantage of traders and investors that have been too lazy to transfer their funds to their own wallets.
For this specific reason, the leading exchanges still advise that all money should not be kept in the exchange wallet unless it is being used at that moment. Also, many exchange platforms are increasingly implementing cold storage options, which provide the utmost security of funds.
Let’s face it, we don’t really know much about the nerds behind our favourite platforms. Even the leading tech giants may have only a bit of information about their founders publicly available.
When it comes to cryptocurrency exchanges, developers are often based in all manner of places and many of them aren’t regulated. The reason for this is two-fold. Regulation costs money as most regulators require fees or taxes. Secondly, it takes a lot of effort meeting regulatory standards.
For this reason, some exchanges choose to operate without regulation, it is cheaper for day-to-day running and it is less hassle. They don’t have to worry about ring-fencing their client’s money or bother with complex compliance checks. Instead, they can do as they think is appropriate and treat customers as they like.
This is very good for hackers and scam exchanges. We have all heard of exchanges that suddenly get “hacked” and then disappear off the face of the earth. Either those exchanges have genuinely been hacked and they have lost credibility and trust which has forced them to cease trading. Or, more alarmingly, they might have never been hacked at all and it was a scam by the exchange developers to dupe people out of their money.
If you know just one thing about protecting your investment when trading cryptocurrency it should be this: always use an exchange that works with regulators. Look for the companies operating within the largest jurisdictions like the UK, the USA, Canada, etc.
No Investment in Security Measures
The last of the big five weaknesses that exchanges have is that companies don’t invest back in their platform’s security. Every system can be manipulated and hacked.
A tell-tale sign that this isn’t being done when exchanges have no fees. If an exchange has no fees but much the same overheads as another platform, then it stands to reason that they’re either happy to sacrifice a portion of their profit or more likely, they’re happy to compromise their exchange’s security at your expense.
While no one wants to be extorted while transacting their hard-earned cryptocurrency, exchanges with higher fees tend to be better run. Maybe, that is something to bear in mind when someone advises you to switch to a new ultra-low-fee exchange. Ask yourself, what else is being sacrificed alongside the cost of transacting?
Although there are some hackers that use sophisticated techniques to hack exchanges, more often than not hacking is a very simple process of finding out information and then using it against you. Make sure you keep your private keys secret, your cryptocurrency in your offline wallet and take precautions about which exchange you’re using. These three things will keep you safer in the cryptocurrency world.
By Mary Ann Callahan