Crypto exchange: powerhouse but vulnerable
Reading Time: 3 minutes

Crypto exchanges are very big players in the cryptocurrency world. [shc_shortcode class=”shc_mybox”]

They are websites where one trades one coin for the other. There are around 2000 cryptocurrencies out there. If you want to buy, let’s say, the Komodo coin you can’t go to a bank or a Komodo coin store. You will need to go to a crypto exchange. There you exchange your Bitcoin or Ethereum for Komodo, or the other way around when you want to sell them. In short, all trading in cryptocurrencies is done on a crypto exchange.

This makes the crypto exchange a powerful player in the crypto world. At every moment in time, the amount of coins stored on exchanges rather than in secure wallets is enormous. And these websites aren’t nearly as safe as your hardware wallet. In fact, they are quite vulnerable. To prove this point, let’s take a look at some of the most impressive (and costly) crypto exchange hacks in history.

Crypto exchange hacks

Probably the most well known cryptocurrency hack was the Mt. Gox hack. The first signs of trouble came in 2011. Hackers got access into a Mt. Gox auditor’s computer. As soon as they were in, the attackers transfer a large amount of Bitcoin to themselves. By selling them all directly, the system couldn’t keep up which caused the value of Bitcoin to drop to just 1 cent. It was estimated that more than $8,000,000 was lost, but this was nothing compared to the events of 2014.

In 2014, Mt. Gox was by far the most popular Bitcoin exchange. It took care of 70% of all Bitcoin exchanges in the world. This, among other problems, caused the service to be very slow. On the 7th of February 2014, things got so bad that Mt. Gox decided to halt all withdrawals so they could investigate what caused the delays that users were complaining about. In a statement, the team behind Mt. Gox told users that the increase in withdrawal traffic was hindering their efforts on a technical level. That’s why all traffic was halted, and all ongoing transactions were reversed. An update was planned for February 10th, 3 days later.

What they found was not what they had been hoping for. Mt. Gox was subject to a malleability attack. This is an attack where changes are made to transactions before they are added to the blockchain. An attacker can make changes to the computed transaction ID. If this, attacked, transaction gets accepted to the network first, this will be the one added to the blockchain.

This is what had happened to the Mt. Gox crypto exchange, on a large scale. Hackers had stolen $473 million worth of Bitcoin from the system. Mt. Gox filed for bankruptcy as it could never recover all those coins. It was later discovered that the stolen coins had been laundered through a crypto exchange called BTC -e. The owner of this crypto exchange has since been arrested and he faces up to 55 years in U.S. prison.

How could this hack have happened? There are a few reasons to point out. Firstly, Mt. Gox didn’t have any Version Control Software (VCS). Without this, it is difficult, if not impossible, to trace who made any changes to the code. VCS also helps to rollback to before changes were made. Mt. Gox also didn’t have any testing policy. Untested code was implemented to public use. Management at the crypto exchange also had some issues. All changes in the code had to be approved by the CEO, Max Karpales, himself. This lead to slow changes, and made sure Karpales had no time left for any business decisions. It was clear that this crypto exchange was lead by a developer and not a businessman.

Other crypto exchange hacks

There have been other crypto exchange hacks, most of them focusing on Bitcoin. Bitfinex lost 120,000 BTC in a hack in August 2016. Bitstamp, more of a broker than an exchange, lost 19,000 BTC. But with the arrival of some popular altcoins, hackers have started focusing on them as well. Coinrail is an exchange that got hacked in June 2018. They lost a total of $40 million in 11 different cryptocurrencies. One of the biggest altcoin hacks happened in January 2018.

Japanese crypto exchange Coincheck was attacked by hackers that went after their hot wallet. The criminals managed to get a hold on 523 million NEM tokens (XEM). During the time of the hack, the price of 1 XEM was around $1 making this a very lucrative heist. It seems that something good has happened due to this theft though. The crypto community finally united by exchanging information. The people that have stolen these coins probably won’t be able to cash any of those in as they all have been tagged with a ‘stolen’ sign.

As you can see, crypto exchanges aren’t Fort Knox. So be careful when using any of them.



Leave a Reply

Your email address will not be published.