Sunday, June 16, 2024

    $530 Million Hack of a Cryptocurrency Exchange: Security Flaws

    Latest Posts

    One of the largest cryptocurrency exchanges in Japan has fallen victim to hackers thanks to their negligent storage practices. Coincheck Inc., have announced today that around half a billion dollars worth of the digital currency NEM have been transferred without permission from the company’s hot storage wallet. The news broke late last night at a press conference held at the Tokyo Stock Exchange. Officials from Coincheck Inc. spoke of some 500 million XEM tokens going missing but of little else. This has resulted in many investors losing faith in the space.

    Following the news, a series of security steps were taken by Coincheck Inc. The first of these was to advise customers not to deposit in NEM. This was followed up by a suspension of all trading of NEM, before the decision was also made to suspend withdrawals of the affected cryptocurrency. Finally, around three and a half hour later, the exchange took the drastic step to suspend all withdrawals of any kind. This includes fiat currency. Later today, additional security steps were taken. For now, only trading in BTC is permitted at Coincheck Inc. and payments by the credit card company Payee have been halted.

    Naturally, such a development has spooked investors in one of the planet’s most receptive markets to cryptocurrency. Many still remember the infamous Mt. Gox hack of 2013. The markets responded accordingly with several of the top digital currencies taking a hit in their price.

    Worst affected, of course, was NEM. According to Coinmarketcap, NEM is the tenth largest cryptocurrency. Since the news broke, the industry price website has posted a drop from just over $1 per unit to around 77c. In terms of its decline, it appears to be over the worst effects of such negative news. It has since recovered to around 86c at the time of writing.

    The market’s response is hardly surprising. The slightest hint of a security breach for a digital currency is enough to panic many investors who are not overly familiar with the nuances of cryptocurrency storage. However, such a sell off is completely irrational. Cryptocurrency by definition is opposed to centralisation. All today’s hack highlights is the dangers of storing such value on central servers. Coincheck Inc. have admitted that they were using a hot wallet to keep such a huge quantity of NEM. In a surprisingly flippant response to such a breach of customers’ trust, Fortune report the exchange stating:

    It was hard for us to manage cold wallet.

    Whilst using a hot wallet may have been convenient for Coincheck Inc. to run a company using, it highlights gross negligence on the part of the exchange when it comes to their customers’ funds. It also shows with startling efficacy the dangers of storing funds on exchanges. Those who trusted Coincheck Inc., or any other crypto exchange with their cryptocurrency have already breached the cardinal rule of the technology.

    If you don’t possess your own private keys, you don’t own your cryptocurrency.

    Satoshi Nakamoto, Bitcoin’s anonymous inventor, designed blockchain-based currencies as a trust-less way of exchanging value. For people to just blindly go and trust an entity such as Coincheck Inc. with their funds is at odds with the very raison d’être of cryptocurrency.

    Such security breaches highlight problems with using centralised exchanges, not cryptocurrency. They show how easy it is to access a wallet that is not properly secured. Even a simple multi-signature wallet could have prevented such an occurrence and prevented the unwarranted loss in confidence in digital currency that has followed. However, according to various reports, it was only the NEM hot wallet for Coincheck Inc. that has been compromised. This was partially confirmed by Warren Paul Andereson, Product Manager at cryptocurrency Ripple in a Tweet today:

    The @coincheckjp team has reached out to @Ripple to confirm that all $XRP is safe. We wish them well in their recovery effort.

    — Warren Paul Anderson (@warpaul) January 26, 2018





    Latest Posts

    Don't Miss