27 Mar, 2019 at 16:58pm
An ever-growing problem in the cryptocurrency scene is the risk of money being lost to hacks or human error. Through all these incidents, one thing has become obvious - there are problems with cryptocurrency exchanges, so much so that hundreds of millions of dollars worth of crypto has been lost.
One of the most widely used services in the cryptocurrency scene are exchanges. Countless ones exist, some are better than others, and everyone needs them. Whether it’s a peer-to-peer platform where you communicate and deal directly with other humans or if it’s a service offered by a company, there’s no doubt that an investor will have encountered one of the two. Simply put, on an exchange, there is an exchange taking place. A good example of this would be exchanging between fiat currencies when going on holiday, you would give 100 USD and, in return, receive 75 GBP. The principle is the same with crypto, it just involves using digital currencies instead of fiat, unless you’re converting between fiat and crypto.
Platforms like LocalBitcoins work to match people together and encourage peer-to-peer, commonly referred to as P2P, or person-to-person trading. A key attraction behind P2P is speed and ease. When using a company like Binance, trades can often take a while to get fulfilled and can, in cases, be rather complex to execute. When communicating directly with a trading partner, these problems are often eliminated.
One story that recently made headlines was in regards to QuadrigaCX. On the 9th of December, 2018, the founder of this popular exchange suddenly died, taking what at one point was worth almost $200 million in cryptocurrency with him. It has been reported that roughly 115,000 customers were impacted by this loss of funds. Unsurprisingly, Canadian regulators have taken it upon themselves to impose some restrictions on cryptocurrency trading following this incident, stating that they “recognize that the existing regulatory requirements, and particularly the Marketplace Rules, were designed for marketplaces trading traditional securities”. The new regulations will be part of an aim designed to mitigate the risk of loss of funds with other and future exchanges. One of the key reasons that this money is no longer accessible is due to the fact that Cotten stored the funds in cold storage and the private keys are no longer accessible as they are on his encrypted laptop and encrypted USB drive.
In 2014, the exchange that handled over 70% of all Bitcoin at the time had announced that they had lost roughly 850,000 Bitcoins - it was later announced that they were most likely stolen. In the current market, the lost amount would equate to approximately $3.5B, a rather staggering amount of money. Through the years, some funds have been discovered and some users have received portions of their money back, however, they shall most likely never receive the full sum. It has been reported that over half a billion dollars worth of crypto has been secured and shall be paid back to investors. In 2015, security company WizSec concluded that the missing Bitcoins were stolen out of the MtGox hot wallet over time, since 2011.
Roughly 10 million Nano was stolen throughout 2017, in two separate attacks on this popular exchange. Firano, the exchange’s founder, alleged that there were security flaws in the coin’s code that led to the successful thefts. Unsurprisingly, the team retaliated with accusations that there were problems with Bitgrail that led to the success of the attacks. Ultimately, it was ruled by a court that “it was the BitGrail exchange that actually requested to the node multiple times to allow the funds to leave the wallet” and “not the Nano network that allowed the multiple withdrawals.” Another rather worrying factor was that the exchange stored it’s Nano in a hot wallet, known for not being as secure as cold wallets and being more vulnerable to attacks.
As discovered in this article, one of the most crucial problems that an exchange could cause is for investors to lose their funds. When it comes to regulation, this could be considered a driving factor for authorities who want to restrict the anonymity and freedom that these platforms operate on.
One of the more worrying ideas is that unless there is a solid way to link an address to a perpetrator, they will most likely never be found. It is well known that cryptocurrencies are typically more anonymous than fiat, and some, like Monero, are more anonymous than others. When an attacker targets these sorts of coins, unless they have linked their address to their identification, they will get off scot-free. In cases like this, know your customer (KYC) could be seen as a good thing. If it was required that all users who sign up to an exchange verify their ID, people who are looking to scope out an exchange as a potential target would have their name and address tied to any wallet address they use to make a deposit and withdrawal. Should they use the same wallet address when stealing coins, they would be easily identifiable.
Wallets being unable to be accessed without private keys is a great security feature that cryptocurrencies have, however, it can come with downsides for certain companies. As demonstrated in QuadrigaCX’s case, private keys actually prevented the exchange from accessing their funds. If a sole person controls the wallet and private keys, it can be impossible to retrieve the required keys, depending on the level of security the controller uses. This can, obviously, lead to tragic consequences as has been witnessed.
Another rather large problem that is witnessed on exchanges stems from a lack of quality customer support. Most exchanges are notorious for having appalling support systems and companies like Poloniex have made a name for it, amongst other things they have done. Whilst this doesn’t affect user’s funds too much, some exchanges do end up limiting and suspending people’s accounts.
Some may worry this would compromise security, but one of the solutions to the private key problem could be to have multiple people that look after the keys. This would prevent the loss of access to wallets and funds if something were to happen to the primary custodian as there would be secondary custodians who would also hold a key and act a “backup”.
If companies were to invest more time and money into staffing and training for support, well, it’s fairly self-explanatory. The more training that staff has and the more staff present, the better customer support would be handled.
As discussed above, a potential solution to identifying hackers could stem from KYC, however, that would rely on hackers using the same address as the one they use for deposits and withdrawals. An intelligent perpetrator would see around this in an instant and, sadly, there isn’t really a reliable way to identify people who act with malicious intent. The only real solution could be investing much more in cybersecurity and protection for servers and whatnot.
One of the key pieces of advice given to newbies is that one should not store one’s funds on an exchange. It’s okay to convert between currencies, but after converting, it is crucially important that funds are withdrawn. One should keep their funds safe in their own offline wallet unless they need it for day trading.
Throughout this article, some of the many dangers of storing funds on exchanges have been highlighted. It is important to learn that consumers who are not day trading should not be leaving their money on an exchange. Most traders will give this as one of their first pieces of advice to newbies due to how crucial it is. Without a doubt, this is one of the reasons that most people end up losing out when exchanges are targeted by criminals, or even just when there is a glitch or technical bug. Most problems present amongst exchanges can’t be fixed by general users but the damage to someone can be minimized if they follow this simple rule. A big factor that could significantly improve the security and reliability on exchanges is actually regulation and, as witnessed, it is starting to be introduced.
Photo Credits - Blockgeeks, Vancouver Sun, (XRP) News & Price Analysis.