Cryptocurrency rates have boomed. The cryptocurrency market is now valued at $385 billion, with the Bitcoin price increasing from $8,000 to $8,800. Other major cryptocurrencies too have recorded substantial gains in the 10 to 20 percent range. However, this has come at a price. There has been an equal spate in cyber-attacks. Hackers have gone all out to target crptocurrency exchanges. Recently, cyrptocurrency exchange Coinsecure said that it lost bitcoins worth around Rs. 200 million ($3 million). The police are investigating the case. The company has promised reimbursement for the affected customers.
“Crypto exchanges are the weakest link when it comes to cryptocurrencies. If anyone is into cryptocurrencies, it makes sense to keep your currency in a hardware wallet (Trezor, Ledger, etc.) or even a simple paper wallet. You should never store your Bitcoins on an exchange. I am surprised that they were not using multi-sig wallets that would require two or more keys before a transaction could be authorized. If they followed good practices, they would have stored a majority of their Bitcoins on a cold wallet. This cold wallet ideally would have been on an air gapped computer. When required, that would have signed the transaction on that air gapped computer and then transmitted to the Bitcoin network. This would have ensured their private key was never exposed and no hacker could take control. But who knows whether they followed this process or not,” says Sumit Dhar, Executive Director, DarkMatter LLC.
“I cannot agree more with Sumit. Hardware wallet is a better option for sure,” says Sapan Talwar, CEO, Aristi Ninja and an information security expert.
In fact, some of the biggest attacks that have happened around the world are several times that of Coinsecure’s losses. In 2018, Japan’s Coincheck Inc. reported a $530 million heist. The company said that it lost cryptocurrency called NEM to a hack. Authorities said that they would be conducting inspections of such exchanges following the hack. Other cryptocurrencies, including Bitcoin, suffered a decline in value which began to get reversed after the company said that it would partially reimburse the customers.
“Additionally, if only one person was required to sign the transaction to authorize it, that too again is very poor operational security for a crypto exchange. They should have gone with a multi sig wallet where at least x out of y authorized users had to approve before the transaction goes through. In short, there is a possibility of an insider maliciously stealing. Surprising that only one person was required to sign the transaction to authorize it. That too is poor operational security for a crypto exchange. I am also surprised that they were not using multi-sig wallets that would require two or more keys before a transaction could be authorized,” adds Sumit Dhar, the InfoSec, Risk & Resilience Expert.
However, there are also those who disagree.
“Even cold wallets have their inherent risks, be it on paper or metal or USB. Multi-sign wallet is the best. Moreover, I think education is the key to understand the nuances. I think many have got into the Bitcoin domain without much spadework!” says Ganesh Viswanathan, CISO, Quatrro.
Moreover, cryptocurrency is yet to be recognized in most parts of the world. The Reserve Bank of India recently issued a decree directing all regulated entities, including banks, to stop dealing with individuals as well as businesses that are dabbling in digital currencies. This, in effect, is a ban on banks and preventing them from dealing with companies or individuals that trade in cryptocurrencies.
“And the impact is always on account holders. It is like Special 26 movie. Those who lose out money can’t even say that they had it,” sums up Ankur Jain of The Achilles.
(Image Courtesy: www.pixabay.com)