What Does the Recent Cryptocurrency Exchange Hack Mean for Crypto Cyber Security?
One of the largest cryptocurrency exchange in Korea, Coinrail, was hacked in June. While Coinrail did not release an official figure for the stolen coins, The Guardian estimates that at least £27.8m worth of digital funds are now lost forever.
The immediate result of the hacking was the mass selling of Bitcoins by investors, which led to the cryptocurrency dropping in price by 10%. Just an hour after the Coinrail confirmed the attack, Bitcoin lost £372 and settled at £4,955.
A week after the attack, investors are still bearish towards Bitcoin. CNBC confirms that this downward spiral is due to the massive losses that Coinrail incurred from the hacking.
The latest attack highlights the vulnerability of cryptocurrencies even if the blockchain technology is technically tamperproof.
String of successful hackings
This isn’t the first time that the cryptocurrency market has experienced a major hack. Japan’s online exchange Coincheck was hacked in January and £373 million worth of coins were stolen. In the following month, Italy’s Bitgrail was also hacked and lost £149 million worth of cryptocurrency. In April, Coinsecure reported that £2.47 million worth of Bitcoin was stolen.
South Korea’s Youbit was also hacked twice, which led to its bankruptcy in December 2017.
Coinrail is a fairly small exchange with roughly £2 million in daily trading volume. A representative of the Korea Blockchain Industry Association blames the lower security standards of small-scale online exchange operations that led to the hacking.
How were the attacks carried out?
The blockchain technology is supposed to be very secure, which is why the prices of Bitcoin soared over the past few years. Apart from astronomical prices, Bitcoin’s success gave birth to numerous cryptocurrency-based investment vehicles such as CME group’s Bitcoin Futures, which allows investors to purchase Bitcoin at a later date. Bitcoin Spreads also materialised, which allow investors to track the prices of Bitcoin. Nadex points out that Bitcoin Spreads allow investors to take short-term positions on Bitcoin’s price, which means they don’t need to buy actual cryptocurrencies to make a trade. As Bitcoin continues to grow, newer investment vehicles are born, and there’s no end in sight as to when Bitcoin’s popularity will cease.
As investment vehicles like Bitcoin Spreads aren’t prone to theft, because investors are trading on the price of the cryptocurrency, the problem lies on actual Bitcoins themselves. Because blockchain is generally tamperproof, hackers try to find approaches to circumvent the technology’s security, and find weaker spots to carry out their attacks.
In the same article by The Guardian, Naeem Aslam of ThinkMarkets said that the loose regulatory control of Bitcoin is one of the reasons why exchanges are being hacked. Aslam’s assumptions are backed by a blog post by Crossmatch, which details 5 ways on how hackers steal information from online exchanges. One of the stated reasons is cryptocurrency code vulnerabilities, which allows hackers to manipulate transactions at code-level in a Decentralised Autonomous Organisation (DAO). When there’s no high-grade security and regular security upgrades, exchanges are vulnerable to code manipulation, transaction malleability, phishing scams, and many others.
The future of cryptocurrency exchange security
After the string of attacks to online cryptocurrency exchanges, developers are now scrambling to make security tougher. MIT Technology Review states that one of the solutions is the use of a multisignature address, which requires transactions to be activated with more than one cryptographic key. While it isn’t a perfect security system for cryptocurrency, it at least makes the hacking a little bit harder. With multisignature, hackers would need to steal information from multiple targets before a transaction can be made. An attack against a multisignature address is difficult, giving cryptocurrency owners time to regularly update their credentials and avoid hacking activity.
Since cryptocurrency markets are deregulated, implementing multisignature address to all online exchanges will take time. As previously mentioned, Coinrail is a small-scale online exchange that has no high-grade security, and this may be the case for other online exchanges around the world.
For the past year the eyes of the world have been on how quickly Bitcoin has evolved to become a dominant part of world finance. Now the world will be watching to see how well the cryptocurrency can protect itself from future attacks. The survival of cryptocurrency depends on the industry’s response to these attacks.