Exchange Hacks Reveals 2 Major Risks

On Feb 8, 2019

Last month is not good for crypto users. Two major cryptocurrency exchange lost funds.

Cryptopia was hacked on 14 January and more than $15 Million funds are stolen by the hackers. The attacks last for more than two weeks and again the Cryptopia wallets are compromised and hacker stole more Ethereum worth of $180000. More than 10000 Cryptopia wallets are affected by this.

QuadrigaCX a Canadian exchange have no access to the $150 Million funds stored in the cold wallets of the company after the death of their CEO Gerald Cotten.

QuadrigaCX claims that the CEO has sole access to the private keys of the cold wallet. Cotten has made a will 12 days before he died. A death certificate surfaces, saying Cotten died suddenly of Crohn’s disease.

This is not called a hacker attack. Generally, hackers attack from the outside but this look likes the inside job.

The exchange hacks reveal two major risks to users. Most of us aware of the first risk but very few are talking about the second type of risk.

#Risk 1: No exchange is 100% Secure

All exchange store their funds on cold wallets that are only connected to the internet when the exchange need to fulfil a withdrawal request. Hackers can only attack when the wallets are connected to the Internet. This means the probability to hack the exchanges is very low but not 0.

Exchanges do millions of transactions daily so just multiply the probability with millions and it’s not small as we think.

Latest security policies can greatly encounter the risk but they can’t vanish it reason: every time an exchange need to make a transaction the private keys are needed to connect to the internet.

#Risk 2: Most Exchanges are not audited

Exchange know that they are not 100% safe from hackers so they use a backup wallet (cold wallet) where maximum funds are stored. Only a small fraction of funds are stored on the online to transact with customers.

It’s like any grocery store that just only keeps enough cash at the counter that covers the daily average business. The bulk of the money is moved offsite. In crypto, we called it a cold wallet.

The main problem is that no one (except the management team ) knows how much funds an exchange holding. Cryptocurrencies blockchain are available for public but when the funds are sent to the exchange wallets there are no records where the funds are going.

Researcher claims that QuadrigaCX never holds those Bitcoins (BTC) or digital assets. The exchange is a type of Ponzi scheme that circulates the money from new users to old users.

How to Protect Yourself

Being a crypto investor it’s impossible to business without an exchange.

1. Always remember that no exchange is 100% safe so try to remove your funds as soon as possible.

2. Hold most of your portfolio in a Hardware wallet or Paper wallet or Cold wallet.

3. The golden rule in crypto, only risks that much you can afford.