There are many signs that the crypto markets are now starting to mature. Institutional investment is pouring in, and many countries, including Switzerland and Singapore, are adopting a pragmatic approach to regulation in order to encourage innovation. Furthermore, big tech companies like Facebook, Amazon, and Microsoft are now incorporating blockchain into their core offerings.
However, the one problem that the crypto industry still cannot seem to solve is hacks. Up to the end of June this year, there have been no fewer than seven large-scale attacks on exchanges and wallet providers — more than one each month.
While hacks are sadly still the norm, some exchanges are taking proactive steps to protect user funds and prevent stolen coins from being laundered in other exchanges. At the same time, others are being criticized for their poor handling of these incidents. Here, we look at some of the biggest hacks of 2019, and how crypto service providers themselves have reacted.
In January, New Zealand exchange Cryptopia was hit hard, with hackers draining $16 million in funds. Cryptopia had shut up shop while the police investigated, however in March it had tentatively opened its doors again, albeit with a reduced service. By May, the troubled exchange announced it was filing for bankruptcy.
Throughout the weeks after the hack, Cryptopia was criticized for its lack of communication with affected users, many of whom will now have resigned themselves to the fact that their coins are lost. Moreover, in May, news reports emerged that one of the Cryptopia founders was working on the development of another exchange. Not only does this rub salt into the wounds of Cryptopia uses, but it should ring serious alarm bells for crypto traders everywhere.
Korean trading platform Bithumb has been attacked repeatedly. Hackers swiped over $30 million from the exchange in June last year. In March this year, it was hit again, with Coindesk reporting that this time it appeared to be an inside job.
However, at least in this case, some of the funds could be recovered. After a Twitter user pointed out that the funds were being processed through crypto exchange ChangeNOW, Bithumb reached out to its counterpart. ChangeNOW acted quickly to freeze the relevant addresses, preventing around $500,000 from being swapped.
Bithumb exchange has now taken steps to update its T&C’s, accepting liability for future hacking incidents after Korean regulators intervened. Presumably, this means the exchange will now need some kind of insurance or backup fund to ensure that it can cover any losses.
An insurance fund proved invaluable to crypto trading behemoth Binance after it was hacked for 7,000 bitcoins in May. The company acted swiftly, issuing a blog post assuring users that their funds would be reimbursed via its insurance fund, known as SAFU (Secure Asset Fund for Users).
Perhaps even more critically, in the immediate aftermath of the attack, Binance CEO Changpend Zhao (CZ) doubled down on his policy of open and transparent communication to users. He was his usual active self on Twitter and hosted an AMA for users to ask questions about the incident. In stark contrast to Cryptopia, this set the bar for how exchanges should communicate in the face of such an event.
Hackers breached wallet provider Gatehub in June, lifting 23m XRP. Gatehub immediately froze all access tokens, which it believes prevented further losses, and urged users to take steps to protect their accounts.
Gatehub stated that attackers sent funds to exchanges including Huobi, Kucoin, and ChangeNOW, among others. It’s not clear how all of them responded; however, ChangeNOW issued a statement that it had managed to recover and return 500k XRP. Furthermore, it publicly stated that it was aiming to prevent 90% of all stolen funds from being traded through its platform.
Later in June, Singaporean crypto exchange Bittrue was hit. The hackers targeted 90 users, snatching 9.3 million XRP, and 2.5 million ADA, worth around $4 million. In another impressive show of communication, Bittrue released a lengthy Twitter thread to users, immediately assuring them that their funds would be returned.
The thread also publicly thanked fellow exchanges Huobi, Bittrex, and ChangeNOW for their concerted efforts to stop the funds being processed. ChangeNow subsequently confirmed it was returning $320,000 worth of XRP to Bittrue, which was fully operational again a day after the attack.
The incidents listed here show that while hacks are clearly an unwanted intrusion, exchanges themselves can step up and co-ordinate to prevent stolen funds from being processed. Insurance funds such as Binance’s SAFU help to offset the impact, reimbursing funds and providing reassurance to users who fear their HODLings are vulnerable to attacks.
However, it’s even better if the stolen coins can be located and returned to their rightful owners rather than letting hackers make off with them. It sends a powerful message to thieves that their efforts will be wasted. Overall, it’s excellent news for the industry – and for users – that crypto service providers are stepping up to thwart the hackers before they vanish with their booty.