Earlier this week, the news of the first hack of a crypto exchange in 2019 hit the airways. The Cryptopia exchange in New Zealand suspended operations, citing “significant losses”. Local police are investigating, with very few details forthcoming. The lack of information has led to widespread speculation as to the nature of the hack, whether insiders were involved, and where the funds might be hidden. A suspected $3.6 million is missing, which released a torrent of public comments by leaders about deposit safety.
Exchange compromises have, unfortunately, been a repeating pattern that must be addressed, if the crypto industry is ever to gain credibility and mature to the next level, one that will gain regulatory approval and the support of large institutional players. The final tally of losses for 2018 has not been published, but we do know that losses for the first three quarters were nearly $1 billion.
Security protocols must be overhauled, but for the time being, various leaders in the crypto ecosphere have chosen this quintessential moment as the right time to warn all investors of the risks at hand and to explain the options available that can be employed to protect one’s account funds.
Changpeng ‘CZ’ Zhao, the CEO of Binance, one of the largest crypto exchanges, was the first out of the Twitter gate, advising traders and investors that they have three options:
- Leave your funds at an exchange, preferably a “reputable” one;
- Use an “offline” cold wallet; or
- Leave your funds at a decentralized exchange (DEX).
Funds left in a “hot” wallet at an exchange for convenience are exposed to risk of theft.
Binance is on the public record that it plans to open a “DEX” in 2019. Negative comments flowed, after which CZ apologized for what sounded like self-serving remarks. Experts were also quick to point out that decentralized exchanges had not been immune to professional hacking gangs. In 2018, Bancor, a DEX, was hit up for $12 million.
As for “reputable” exchanges, the larger and more security-minded ones have focused on appropriate security defenses to block hacking compromises. The best ones also leave only small balances in active trading accounts, choosing to store 98% of the funds in offline “cold storage”, independent of any operating environments.
Jesse Powel, CEO of the Kraken exchange, and Pierre Rochard of the Bitcoin Advisory came out in favor of the “cold” wallet option. Storing your “keys” and coin balances offline in a secure hardware device, like Trezor of Ledger for example, was the best solution in their evaluation. The only issues here were that you could lose the USB device or be hacked when a software upgrade was downloaded, both of which were considered low-probability events.
Powell’s final entreaty to crypto traders was brief and to the point:
PLEASE do not store more coins on an exchange than you need to actively trade.
Spokespersons for the burgeoning wallet industry, said to have nearly $100 million in annual revenues to its credit, were next to come forward. Alena Vranova, the former CEO of Trezor, said that traders could mitigate risk exposures “by controlling your own private keys. Instead of using third-party services like online exchange wallets, hardware wallets with multi-sig function provide far greater security.”
Lastly, Michael Ou, CEO of CoolBitX, a leading blockchain security and hard-wallet company, issued this statement:
It’s unfortunate that Cryptopia was compromised. Unfortunately, despite the efforts of major exchanges to identify and freeze the stolen funds as fast as possible, it is very unlikely that these criminals will ever be caught. And even if the criminals are caught, or the funds effectively frozen and obtained by legitimate actors, the process of returning the Ether to its original owners is likely to be a long and challenging process for all parties.
He then concluded:
It’s a painful lesson to learn for many investors, but there’s no value you can put on security and peace of mind over your own assets. Newcomers must remember, exchanges are not banks and there’s no guarantee your funds will be credited back to your account. I advise everyone to conduct their own research on hardware wallets and move digital assets off of exchanges if you care about them.