In July 2019, the cryptocurrency investment community woke up to shocking news: Japanese exchange BitPoint had been hacked – withstanding $28 mil USD in losses. Here’s what we know:
- In the heist, hackers pilfered the funds from the company’s software-based, or “hot” wallets. These wallets held 5 different coins, including Bitcoin (BTC) and Bitcoin Cash (BCH).
- No funds were missing from the company’s “cold,” or hardware-based, wallets.
- The exchange had previously flagged by Japan’s Financial Service Agency (FSA) for failure to meet Anti Money Laundering (AML) and Know Your Customer (KYC) regulations.
Cryptocurrency exchange hacks happen at an alarming rate; there’s been at least 46 hacks between 2014-2019 – and of those, 57% were from exchanges based in Japan.
Viewing BitPoint as a prototypical exchange hack, we can see two primary security principles illustrated here:
- Funds in hot wallets are at greater risk than funds in cold wallets
- AML/KYC compliance correlated with a lower risk of theft
Let’s take a deep dive into why hacks happen to gain a better understanding of the murky world of cryptocurrency exchange theft – and how it can be prevented.
Why hacks happen
We don’t know why most of the hacks recorded from 2014-2019 happened – but of what we do know, there are three primary threats: external attacks, rogue insiders, and operational failures.
- Over the past 5 years, 40% of hacks recorded were external, i.e. an outside organization, individual, or entity breaking into the exchange’s system to steal funds.
- Over the past 5 years, 23% of exchange hacks were due to rogue insider activity. Rogue insiders who misuse the cryptocurrency keys at their disposal – a special problem for blockchain keys, as transactions are immutable and can never be reversed.
- Operational failures can include technical issues and human errors.
Overall, to prevent lost funds, exchanges typically utilize the co-wallet strategy.
The co-wallet strategy
Today’s common best practice for exchanges includes relying on the co-wallet strategy: aggregating assets by type into “cold” (disconnected, typically hardware-based) and “hot” (Internet connected, typically software-based) wallets — typically at a ratio of 80%-90% assets secured in cold storage vs. 10-20% liquid assets.
This is typically due to hardware’s reputation: Hardware Security Modules, or HSMs, have held the reputation for being the most secure cryptographic key storage and management platform type for decades. (Hardware mechanisms fail to meet the demands of the digital transformation, yet its reputation precedes it for the time being.)
From a transaction speed standpoint, accessing a physical wallet involves human resources (employees) and all the limitations involved: namely, inability to automate, and being bound to working business hours to execute transactions.
In terms of liquidity, fewer liquid assets means fewer trading types and services available to the buying public – affecting the business in the long-term.
In short, reliance on cold wallets to protect most funds means exchanges must always compromise between security and business growth.
Speed and Security – No Compromises
Ideally, exchanges would be able to maintain their transaction speed and volume without compromising on security.
Hypothetically, such a solution would have to meet the following requirements:
- Prevents both key theft and key misuse – HSMs, for the most part, protect against key theft. But blockchain keys can be used, and transactions performed immutably, without the malicious actor taking the key.
- Has advanced approval systems and safeguards to prevent malicious activity from within, such as quorum authorization systems, zero-knowledge backup capability, or risk-based policy thresholds which could change based on transaction amount, asset type, etc.
- Is cryptographically tested and verified by the experts, including the National Institute of Standards and Technology (NIST), independent pen-testers, etc.
- Has already been deployed at major exchanges around the world.
- Can be automated, even partially, to allow for faster transaction execution over non-working hours.
- Can be easily upgraded or expanded to include new ledgers and services.