A new report by a blockchain analytics company alleges that 2019 saw the most exchange hacks ever in the decade-old history of cryptocurrencies… and that hackers are adapting to the security changes the virtual asset industry is making.
Worryingly, another report has found that crypto exchanges currently keep custody of more digital assets than ever before, with Coinbase storing almost 1 million Bitcoin in their cold wallets.
2019- A record number of exchange hacks
According to the compiled data of blockchain crime sleuths Chainalysis, there were 11 digital exchange hacks last year, than in previous years.
However, the value of the crypto assets stolen in 2019 were year-on-year a lot lower due to the extraordinary size of January 2018’s Coincheck hack (a staggering $500 million in NEM assets). The report calculates that $282.6 million in crypto was stolen in 2019 compared with $875.5 million in 2018.
After 2018 and 2014 ( the year of the infamous Mt. Gox hack), 2019 ranks as the third biggest annus horribilii for cryptocurrency security, where exchange hacks and exit scams took down established exchanges like Cryptopia with them.
Consolation can be taken from the fact that fewer digital assets were lost in each security breach last year (less than $10 million per hack), thanks in part to better security measures by digital exchanges, such as keeping more assets in cold storage on hardware wallets (such as the CoolWallet S) and fewer funds on hot wallets, i.e. online wallets.
Hackers becoming more sophisticated
The report also finds that cryptocurrency hackers are getting smarter, keeping up with new sophisticated security measures taken by exchanges and often getting a couple of steps ahead.
For example, in the shocking $40 million Binance hack in 2019, the hackers deftly utilized both malware and phishing applications and techniques to gain access to the servers and bypass the multi-signature key authorization that is needed to withdraw funds from the exchange. This left even the well-known Binance CEO, Changpeng Zhao or “CZ” in perplexment at how the breach was done.
Once funds are stolen, hackers use coin mixers and operators like CoinJoin (who Binance put on their withdrawal blacklist in 2019) to cover their tracks.
AML/CFT measures to combat state-sponsored hacks
Considering that hacker teams are often state-sponsored, like North Korea’s Lazarus group, this opens a particular can of worms for regulators and governments trying to cut down on money laundering and terrorism funding through AML/CFT policies.
It’s no wonder then that the Financial Action Task Force (FATF) announced a major new regulatory update in 2019, its Recommendation 16’s “crypto travel rule”. The update aims to ensure that exchanges collect and share essential Personally Identifiable Information (PII) of sending and receiving parties during transmittals.
Implementing the “travel rule”, as well as increasing the efficiency of other measures such as Know-Your-Customer (KYC) registration processes are vital to ensure that the on and off-ramps from exchanges are well-protected and make it as hard as possible for cybercriminals to abscond with digital funds
2020- Exchanges in charge of more digital assets than ever before
The 2019 exchange hacks showed that no exchange can be 100% immune or secure against the threat of a malicious breach. This should be a major concern for the cryptocurrency industry as a new report by LongHash indicates that exchanges now hold more Bitcoin in cold storage than ever before.
While the cold storage of cryptocurrencies is the best possible defense an exchange can employ, they should remain vigilant against the threats of phishing attacks to gain staff credentials and other techniques such as supply-chain attacks.
While 2019 showed exchanges made some progress in the fight against crypto hackers, many crypto investors are still distrustful towards digital exchanges and support for the grassroots “Proof of Keys” movement, now in its 2nd year, keeps swelling.
Ultimately for users, the best protection against the theft of their digital assets is to keep them in their own personal hardware wallets, which can only be accessed with their private keys or recovery seeds.
A hardware wallet like the CoolWallet S gives users the peace of mind of knowing their digital assets remain offline and therefore secure, yet users can still undertake trading via features that connect with decentralized exchanges like Binance DEX and Changelly.