On Friday, a Japan-based cryptocurrency exchange exposed hackers had stolen more than $500 million-worth of customers’ funds te what is thought to be the largest-ever cryptocurrency hack.
It wasgoed the latest high-profile crypto hack, and the most significant since $460 million ter Bitcoin vanished te 2014. It also comes less than two months after hackers pilfered $70 million from a Bitcoin mining webpagina&mdash,a sign that crypto resumes to attract hackers.
All hacks are unique, and the most latest one wasgoed carried out thanks to security weaknesses at the targeted exchange.
But many are asking why hackers proceed to target cryptocurrencies, especially when blockchain technology can record any transaction a user makes&mdash,and whether any exchange is truly safe.
Ripe for Thieves
Te a hastily called press conference late Friday, the hacked exchange, Coincheck, admitted it had not used adequate security measures to store the stolen cryptocurrency, called XEM. Created by a Singapore-based crypto group called the NEM Foundation, XEM is one of the most popular cryptocurrencies te the world according to Reuters, however remains relatively overlooked ter the U.S.
Coincheck said it used different security standards for different currencies, and that unlike customers’ Bitcoin holdings, their XEM funds were stored te a “hot wallet” online instead of a “cold wallet” offline&mdash,a screenplay ripe for hackers.
“Cold storage makes things far safer,” Charles Bovaird, who writes extensively about cryptocurrencies for places like Forbes and Investopedia, told MONEY. He noted that Coinbase, one of the largest exchanges ter the U.S., holds at least 97% of users’ funds te cold storage.
Coincheck also said it did not use multi-signature authentication for its XEM funds, a standard measure for other large-scale holders that requires at least two people for access.
Getting Around Blockchain Tracking
Since XEM revolves around blockchain database technology, the funds can be tracked. And already, Coincheck has found the 11 addresses where all 523 million of the stolen coins ended up. The addresses have bot labeled by XEM developers with a tag that reads “coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker.” The developers have also created a tracking device that permits exchanges to automatically reject those stolen funds.
1/ @coincheckjp hack update: NEM is creating an automated tagging system that will be ready te 24-48 hours. This automated system will go after the money and tag any account that receives tainted money. NEM has already shown exchanges how to check if an account has bot tagged.
But spil Bloomberg notes, the hackers are still likely to be able to use the funds. Some sites provide a service called a &ldquo,tumbler&rdquo, that offers cryptocurrency trading without collecting individual gegevens, the crypto omschrijving of laundering money.
The enormous sum of money stolen is a major challenge, Bloomberg proceeds. It would take awhile to spend down all the funds and at least one major tumbler serviced has banned usage of the stolen cryptocurrency.
Are All Exchanges Vulnerable?
Bovaird says it is safe to question whether any large-scale holder of cryptocurrency is truly immune from hacking or attack, however he did note that Coinbase has yet to be successfully infiltrated.
“Centralization of resources&mdash,I think of it spil a big carrot dangling te gevelbreedte of criminals that’s covered with money,” he said.
Even Bitfinex, a popular exchange that did use multi-factor authentication, experienced a high-profile hack, he noted, which led some to question whether the hack wasgoed an inwards job.
“I think people want to keep those facts te mind,” he said.
But XEM users look like they dodged a bullet. Coincheck has promised to reimburse almost 90% of the losses.