Let’s rip off the plaster and give you the big, hard-hitting figure right away so that we can spend the rest of the article exploring the hows, whys, and whens of this disastrous topic.
Since 2011, crypto exchanges are estimated to have lost more than…
In what ways do crypto exchanges lose money?
Like a bank robbery or jewel heist, thieves target the most valuable assets first, which in the case of cryptocurrencies, is Bitcoin. This exceptional article from CoinTelegraph details the largest crypto-heists of the last 9 nine years, giving an insight into the crazy world of crypto exchange hackers.
Bear in mind, getting hacked is not the only way that crypto exchanges lose money.
- Have large operating expenses and must run like any other business, operating a profitable business model
- Are liable to purchasing and holding currencies that can drop in value (just like any day trader or investor)
- Spend a lot of money on lawyers and relocation as they grapple with relocation
- Have to be compliant with KYC/AML identification procedures that reduce privacy in an industry that is heavily based upon privacy (this has killed off many cryptocurrency projects)
- Lose access to wallets containing cryptocurrencies (oops!) through death or negligence
What are exchange hacks?
An exchange hack happens when a cryptocurrency exchange becomes compromised and hackers are able to steal cryptocurrencies. These events are actually incredibly common and it’s a game of cat and mouse, in which the exchanges beef up their security and protocols. This gives the hackers a new challenge to find a way of entry. In 2019 alone, almost $300m in assets and 500,000 pieces of customer data were stolen in 12 separate exchanges hacks. Past years have seen bigger hacks, but 2019 saw the most exchanges get broken into and robbed, so, is crypto cyber-security getting worse? It’s hard to say.
How do hackers illegally gain access to crypto exchanges?
There are three popular methods for entry.
Method one: Exploiting a vulnerability
Human error is something that happens and can only be avoided up to a certain point, so it often occurs that when someone builds a crypto exchange, they leave a small vulnerability. No matter how small that weak point is, there is a hacker out there who will no doubt be looking to exploit it. This gap in the infrastructure allows the hackers to get in, take control of the exchange, and siphon off as much crypto as possible before anyone catches them.
Method two: Phishing
Thousands of people get phished online every day. Those emails in your junk box looking to sell you something or get access to your system are phishers. Some phishers are actually very good at their work, craftsmen of this nasty trade, which usually takes place by pretending to be some crypto authority, researcher, or support mechanism. Once they’ve built trust with the crypto exchange, they get some level of access and use that to build a back door, through which they can later try and steal cryptocurrencies.
Method three: Compromised third-party app
Most crypto-exchanges embed excellent tools from other companies to improve the service and usefulness of their exchange, but this presents another opportunity for hackers to gain access. Rather than attacking the exchange, they look for weak points in the API connections of the associated tools and use them to gain access. Once inside, they do everything they can to withdraw funds before being noticed.
Do crypto exchanges have large operational costs?
Actually, they do have significant operational costs, but it varies depending on country, size, and scale. Crypto exchanges have to pay a lot for security, for technology, and for support. They’ve got to pay their staff and their suppliers too. Whilst we can’t give you any exact figures, what we can say is that operational costs are big enough to put an exchange out of business if they aren’t making enough money (here’s how they make big bucks). This is exactly what happened in 2019 with Estonia-registered and Israeli-run ‘DX Exchange’. When the call was made to cite operational costs as the reason for shutting down the exchange, all open orders were closed, trading was suspended, and no more deposits were allowed.
As a result of failure to pay their staff and suppliers, the firm was sued by 78 former members of staff and 3 suppliers. Their business closure is deemed by many to be an exit scam, in which the owner/s of the company pull out any profits and disappear into the sunset without punishment.
What are some famous hacks?
Here are the five biggest hacks of all time (so far).
- Mt. Gox – $7.4 billion (2011)
- Bitfinex $1.1 billion (2016)
- Coincheck $534 million (2018)
- Bitgrail – $195 million (2018)
- Bitstamp – $177 million (2015)
Exchange hacks are becoming more and more common, however, the trend now appears to be targeting smaller exchanges with weaker security and taking as much as possible without getting caught.
Interestingly, 30 bitcoins that were stolen in the 2016 hack on Bitfinex recently moved, giving investigators new hope of catching the perpetrators.
What if someone dies and access is lost?
Perhaps the best way to answer this question is to tell you a little story…
In December 2018, Gerald Cotten died whilst on his honeymoon in India. Gerald also happened to be the owner of QuadrigaCX, Canada’s biggest crypto exchange. He also happened to be the only person who knew how to access the cold wallets that the exchange held, meaning that when he died he took that access with him to the grave. Whilst the exchange reportedly wasn’t doing too well at the time, the assets had still accumulated to a phenomenal $190m.
Investors were furious, confused, and right to demand compensation, however, some even went as far as demanding exhumation of the body, amidst rumours that Cotten had faked his own death! The conspiracy theories picked up pace during the investigation when they found that five of the six cold wallets the exchange owned had been emptied just 8 months before his shock death. Nobody knows all of the facts, but Cotten’s wife was able to repay $9m, less than 5% of the financial losses.
There are further rumours that some of the missing money is being held in a shadow bank in Panama, with the FBI following leads. Whilst this isn’t a typical way for exchanges to lose money, as this story has proven, it can happen.
What happens if your assets are lost on an exchange?
This is a big question that looms over many traders who fear that the exchange they are using could one day get hacked, putting them in a very difficult position.
If the exchange you are using gets hacked and your assets are stolen, a few things might happen:
- The exchange goes bankrupt and you have to get in line with everyone else and make your legal claims in court
- The exchange shares out the loss amongst users, proportional to what was stolen
- The exchange introduces a new cryptocurrency as compensation
Sadly, getting your money back won’t be an overnight job. Mt Gox was hacked a long, long, time ago, and there are people still waiting for even a slither of what was lost.
Combating loss: Centralized vs Decentralized exchanges
All of the exchanges mentioned so far in this article have one thing in common: they’re all centralized.
A centralized exchange (CEX) is usually a user-friendly website where you come along with your email and password and after setting up an account you can happily trade different cryptocurrencies and hopefully make some money. They make crypto-trading easy to do, but they also make crypto-hacks easier to accomplish. CEXs also require you to relinquish certain controls over your tokens. If the exchange is hacked, your assets might be taken.
On the other hand, there is another option in the form of decentralized exchanges (DEX), which act as intermediaries and do not store private keys, meaning users gain total control over their funds. These exchanges aren’t usually so easy or friendly to use, and they also have low liquidity, are slow, and can’t handle lots of transactions. There are only a few of them by comparison, making them visibly less popular. With a DEX, you have to do a lot of the trading process manually, making it more laborious and slow, offputting to most traders. If you don’t want to run the risk of losing your money on a CEX, you know what to do…
So, there we have it. Crypto exchanges have lost billions, risk is inevitable, and the alternatives aren’t yet popular or functional enough to really rival them. Remember, this is still an emerging market, so keep one eye on the future, because we are sure that things will continue to improve in an exciting direction.