Over the summer, an anonymous hacker stole around $600 million in cryptocurrency from Poly Network, a decentralized financial network that many outside of the crypto world have probably never heard of. Then the hacker gave it back.
Four months later, hackers stole at least $150 million from Bitmart crypto exchange. According to an analysis, unidentified hackers used a stolen private key to open two “active wallets” and extract funds.
Security incidents like this are not new to the cryptocurrency world, but the size of these hacks seems to be increasing as cryptocurrency prices have risen and attracted more attention over the past year.
Five of the top 10 biggest crypto thefts of all time occurred this year, according to consumer website Comparitech, and those incidents can only continue because of the increasing use of crypto, according to financial tech experts.
Here’s what you need to know, what’s going on, and how to protect your digital assets.
According to Tom Robinson, chief scientist at London-based crypto compliance firm Elliptic, the two main targets of crypto hacks are currently centralized exchanges and decentralized financial services (DeFi).
Centralized exchanges have been the primary target of hacking groups for several years. These exchanges store a user’s assets in “active wallets” or digital wallets that are connected to the Internet. This makes them more accessible to users, but also potentially more vulnerable to experienced hackers.
The recent BitMart hack was an example; Another is the Coincheck attack in 2018, which stole around $530 million, making it the largest cryptocurrency heist in history until the Poly Network incident this year, according to Comparitech.
DeFi services represent a newer part of the cryptocurrency world. DeFi software applications completely eliminate the need for exchanges as they run directly on blockchain platforms, and hacks of these services are usually the result of bugs due to Coding or app design problems. Top examples include Poly Network, as well as a recent hack from Badger DAO, a platform that provides vaults for users to store bitcoins and generate profits. Badger’s DAO hack resulted in a loss of $ 120 million.
Most of these attacks this year show that a vulnerability is often exploited, says Rebecca Moody, Head of Research at Comparitech. As the industry grows exponentially and relies on open source technology, platforms can be exploited if hackers find a vulnerability in the code.
What are you really at risk of losing?
Just because an exchange is attacked doesn’t necessarily mean that it will lose all of its money.
Every cryptographic service has different resources to defend against attacks. BitMart, for example, pledges to cover all stolen assets.
TRM Labs’ cryptocurrency analyst Joe McGill said there is still a chance that the police, like the IRS’s Cyber Criminal Investigations Unit, could recover funds if a company is unable to compensate affected users .
But there is no guarantee. While many banks typically offer deposit insurance up to a certain amount, there is no such promise when crypto-assets are held through a third-party service. Some companies may have insurance to cover losses, but the amount of coverage, if any, it varies by platform.
The stolen cryptocurrency could be gone forever. Most of the time, hackers get away with stolen funds because cryptocurrencies are virtually undetectable and can be easily disguised by flushing them through wallets in minutes, said Adam Morris, co-founder of Crypto Head, of CNN Business.
How can cryptocurrency holders protect themselves?
Experts say that when using a crypto wallet or exchange, users should analyze the scope and professionalism of the company behind it.
Do they have people responsible for cybersecurity? Does the company have a good track record? What is the size of the company? How many employees does it have? These are all indicators that you can be confident that this company will responsibly protect your assets, says Robinson.
There are also basic security measures that users can take when accessing their crypto account. McGill recommends two-factor authentication, or hardware keys, which are essentially passwords that are stored on offline devices.
It is also recommended that you request authorization for all cryptocurrency withdrawals as well as whitelisted addresses so that only certain addresses on your contact list can receive cryptocurrency from your account.
There is no one hundred percent guarantee that you will avoid cybercrime, warns McGill, but said it was important to understand the exchanges used, their cybercrime history, and the response systems in place.
Another way to protect your crypto assets is to use a hardware wallet known as “cold storage” instead of keeping it with a service, according to Morris. Although this is considered to be the most secure method of storing cryptography, the full responsibility for storing the private keys rests with the user. If these keys are lost or stolen, there is no major financial institution to offer assistance.