When it comes to mainstream adoption, crypto security remains a major challenge. The crypto landscape suffers from daily onslaughts of FUD by the mainstream media and legacy finance. Hesitant newcomers might feel discouraged even further whenever they hear of security breaches in the crypto space.
But the language used to communicate this information is conflated and confusing. What exactly do people mean when crypto is “hacked”? And can cryptocurrency exchanges get hacked? Are our assets safe? We'll answer these questions, and look at ways to protect your crypto assets as well.
Let's get to learning!
Crypto exchange hacked! What does it mean?
© Chris Liverani | Unsplash
"Crypto exchange hacked!" is a common headline you might spot in the news these days. The headline is curious because there are many ways to "hack" something. But let’s not get ahead of ourselves. We must first address a more pertinent question:
Can crypto itself (aka virtual currencies) be hacked?
The answer is a confident "No" (for now!). And the clue's in the name. It's not called "crypto" for nothing. (That's short for "cryptographic".) Blockchain technology uses a cryptographic primitive called hashing (combined with Merkle trees and others) to securely add correct blocks to the chain.
Hashes are a long string of alphanumeric characters, randomly generated from the data stored within a block. Each hash is unique to each block, and any small change to the data will result in a different hash. So if someone tries to alter a single transaction, not only the hash for the current block will need to be recalculated, but this applies to the hashes of all subsequent blocks.
And you can’t do this arbitrarily either. Miners verify each and every transaction to ensure that each block is calculated accurately. To make a change, you’d need to convince more than 50% of all miners to agree with you, which is certainly not an easy feat (especially if you’re acting as a bad actor!)
Due to its decentralized nature, Bitcoin and all other cryptos, particularly those with many different miners, are much harder to attack since there's no single point of failure. In other words, its globally distributed nodes make it a many-headed hydra.
© Rijksmuseum | Picryl
But what about cryptocurrency exchanges? Can exchanges get hacked?
What is a rug pull?
A rug pull isn't a hack; it's a scam. A rug pull is when a team convinces you to invest in their crypto project by purchasing the project's tokens.
Once enough tokens are bought, the team "pulls the rug" from under you. In other words, they dump their entire token allocation on the cryptocurrency market. Then they vanish with their tasty money bags.
Can crypto exchanges get hacked? And if yes, which crypto exchanges have been hacked?
© Nick Chong | Unsplash
Many crypto exchanges have been hacked, and we won't list them all here. But yes, crypto exchanges get hacked once in a while. We mention a few prominent hacks in this section. What's more interesting, though, isn't that they were hacked. It's how the exchanges handled the aftermath.
See, reasons for hacking range from employee computers getting hacked to leaving funds on an exchange's hot wallet. But let's look at what Bitmart did once they were hacked.
Bitmart was hacked just this month (December 2021), losing roughly US$150 to $200 million. But they didn't waste any time. They immediately declared that they'll reimburse all users whose accounts were affected.
Other reputable exchanges that have been hacked include Binance (2019) and Bitfinex (2016). Bitfinex returned all lost funds to users, but in the form of their governance token BFX. This was to match the dollar equivalent of the funds that were stolen. Binance also reassured investors that they would be refunded in full.
But let's look at two other major players this year: FTX and Coinbase. Has FTX ever been hacked? Nope. Never. In fact, when Liquid Global was hacked, FTX CEO Sam Bankman-Fried actually offered to loan $120 million to the exchange, so that they could continue to meet all their financial obligations (!).
But what about Coinbase? Can Coinbase be hacked? Coinbase offers more robust security measures traditionally associated with legacy finance. This is more so because Coinbase is a publicly listed company, which is regulated by the U.S. government.
Because it's never been hacked, we don't know if Coinbase is willing to refund stolen assets. None of these exchanges actually have any legal obligation to return funds to users. That's why it's worth noting that they're doing this voluntarily. This move shows that they understand that their reputation as a secure crypto exchange hinges on customer trust.
Unfortunately, in past instances of massive hacks, there have been exchanges that have been unable to repay their users and have gone bankrupt. That’s why it’s important to avoid such situations as much as possible.
What is the safest crypto exchange?
Here's an easy way to find out whether an exchange is safe to use. First, see if you recognize the name. (The big names are big for a reason.) Second, do a search to see if the exchange has ever suffered from a hack. Third, if they have, see how they resolved the situation. (Did they refund their customers? Are they insured? What happened?)
Another important consideration is to determine where they're based. Some exchanges may be based in jurisdictions where they’re regulated, and may thus be required to have higher cyber security standards, or insurance for their customers’ funds. While it’s not a guarantee that they’re safer, there’s a good chance they may take security more seriously.
Finally, it's best to check the Trust Score of these exchanges on listing sites like CoinGecko. Let's take Fantom (FTM) as a quick example. Head over to the FTM price chart. Scroll down to "Fantom Markets". Underneath, you'll see a list of exchanges offering FTM and its trading pairs, as well as the Trust Score of each exchange.
© Valerio Puggioni | HODL CONTENT
Once you've picked an exchange, make sure to play around with small amounts on the exchange first. Try to get a feel for the experience, and to see how easy it is to move your funds around, both on and off the exchange.
How do I recover my crypto?
© Bruce Mars | Unsplash
"What happens if my exchange gets hacked?"
That's a fair question. I've been through this, just last year actually. Here's what happened. I left a few hundred dollars in digital currencies on Hotbit.io. Then, the exchange was hacked. And the Chief Security Officer (CSO) immediately tweeted that our funds were safe.
Haters were screaming FUD, that our digital assets were rugged, poking fun at Hotbit users. (Crypto Twitter can be a toxic space.) Regardless, the CSO continued to post regular updates, and voila'! A few weeks later, all our funds were safe, as promised.
So ignore the FUD. Try to look for updates, preferably from a security lead. (A good exchange will have one. The CSO will also not be afraid to act as the public point-of-contact when your exchange assets hit the fan.)
But what if it was your wallet that was hacked? Too often I come across posts that read, "Can I recover my stolen BTC?" I’ll admit it: It's a tough read. People who get too carried away in the moment of a promise for quick riches.
Unfortunately, that's like leaving your bank vault open. Then you're hoping you can come back sometime later, and find all your money untouched. It's not going to happen. By giving away your keys, you gave up access to your vault.
So can hacked crypto be recovered? Can funds be recovered... at all? Well, you can't hack crypto, but here's the bad news. Funds inside crypto wallets accessed via the private key or seed phrase cannot be recovered. There's a reason hackers target the individual owner of a digital wallet. It's that much easier to trick someone into giving away private info than it is to hack an exchange.
Has anyone recovered stolen crypto? Sure, but there are very few instances where this has actually happened. And the behind-the-scenes details can get iffy. Let’s say hackers were to move your stolen funds onto an exchange. If you can prove that the funds are actually yours, the exchange might be able to intercept them for you.
This is worth a shot, but I wouldn't hold my breath. The best thing you can do is educate yourself on how best you can protect your assets. The next best thing is to learn from your mistakes and move on. (Don't focus on your losses. There's always more money to be made.)
What can we as users do to minimize this risk?
© ethmessages | Unsplash
Risk is a trait that's inherent in money. Doesn't matter if it's Bitcoin, the US dollar, or even gold. (Get enough gold, and you'll need an army to defend it.) So other types of money aside, where is the safest place to keep your crypto?
It's best to think of crypto security on a scale. Greater security means less convenience and potentially fewer earnings. Still, reduced security affords greater convenience and the ability to make passive income from your idle assets.
So the greatest security you can achieve is via cold wallets you can put away in cold storage. A cold wallet is a physical wallet that resembles a USB. Hardware wallets store your private key, so you can use it to sign your financial transactions. Since it's set up this way, no one can ever move your funds without your hard wallet. Let's say someone hacks your Metamask (a soft crypto wallet) and sees everything you own. Without your hard wallet, they can't transfer your assets.
A cold wallet is indispensable in the long run. But while you’re waiting for yours in the mail, make sure to enable 2-factor authentication on your favorite crypto exchanges. This move ensures that any funds you leave on your exchange wallet will be protected via phone verification.
Looking for a hard cryptocurrency wallet to purchase?
I use the Ledger Nano X. It's a bit of a pain to use (with many bugs introduced via every update), so I'm looking at the Trezor next. Keystone is also another great hardware wallet. (Collect enough Candy Rewards from CoinGecko, and you can get yours for 15% off!).
For instance, in a time-sensitive NFT minting situation, greater security can cost you a lot of time, money, and frustration. You might not get that NFT in time if everything sells out in under 3 minutes. And you've got to input your pin repeatedly if you want to try minting. (Many a time my alarm has gone off at 3 AM to go back to sleep with empty hands.)The downside of having a hard wallet is that I’m greatly inconvenienced whenever I want to make a quick trade. I have to input my pin and password every single time. And that's not mentioning all sorts of other security protocols I might have to mess with.
My advice? Keep a little bit of liquidity on your favorite exchange, and store the bulk of your assets in a hard wallet. You can still participate in certain protocols, like staking and lending. For example, you can stake ADA inside your own wallet, even with a hard wallet, so there are exceptions to this rule.
All in all, crypto security is still evolving, and there are many ways to exploit bugs. Even decentralized exchanges like Balancer have been exploited due to protocol issues. This means it's not just centralized exchanges that are vulnerable.
As we've covered, there are many ways to lose your assets in crypto. So what's the single best way to secure your crypto assets? Educate yourself on industry best practices. If you want to find out more about how to protect yourself, read this article covering 16 essential crypto security tips!
Valerio Puggioni
Valerio is a blockchain writer at HODL Content. He lives in Chiang Mai with his partner and dog, and spends his free time building mining rigs and studying Rust.
