Yesterday Cryptopia, New Zealand’s biggest cyrptocurrency exchange, put out a statement saying they had experienced an attack and had experienced “significant losses”.
All deposits and withdrawals were frozen.
No timeframe was given for how long the freeze would be in place, and no indication was given of how heavy user losses were expected to be.
If you’ve been around crypto for a while, you’ll know this is nothing new:
In 2016, Bitfinex was hacked for $72 million worth of Bitcoin, due to poorly coded multi-sig wallets.
WHAT IS BITCOIN? A FREE BEGINNER'S GUIDE FOR KIWIS.
ENTER YOUR EMAIL BELOW AND I'LL SEND IT STRAIGHT TO YOUR INBOX.
In 2014, Mt Gox was hacked for around 850,000 Bitcoins, due to flaws in its transaction coding.
In 2018, Japanese exchange Coincheck was hacked for $550 million worth of NEM.
In 2018, Korean exchange Coinrail was hacked for $37 million of various tokens.
There are endless stories like this, ever since cryptocurrency exchanges have existed, and I guarantee there will be many more in future.
Why do we use exchanges?
The reason cryptocurrency hacks are so devastating is because people use exchanges in the wrong way. Many people consider exchanges a place to store coins, but that is not what they are designed for.
Cryptocurrency exchanges are platforms designed to allow people to buy and sell coins. If there is a coin you want to acquire, usually you need to deposit some Bitcoin into an exchange and buy it. By providing a centralised place where people can trade coins, exchanges provide a valuable marketplace for investors to acquire assets.
This does not mean you should leave your coins in your exchange wallet.
What investors forget is when you leave your coins in an exchange, your private keys are also in the custody of the exchange. Unless you’ve signed an insured, custodial legal agreement with the exchange (you haven’t), those coins don’t actually belong to you. They belong to the exchange.
The ONLY way for you to claim ownership of those coins is to withdraw them to an address to which you control the private keys.
What happens when the exchange gets hacked?
When an exchange gets hacked, those coins are usually unrecoverable.
Sometimes, depending on which coins are stolen, the hack can be traced on chain and the stolen tokens can be marked. However in most cases the coins themselves are never recovered.
This is the double edged sword of cryptocurrency – anonymity and immutability provide security for token holders, but also provide that same security for hackers and thieves.
In some cases, the exchange will refund investors out of good faith. However this doesn’t always happen. In cases like Mt Gox, the exchanges never recover and disappear.
How can you avoid being the victim of a hack?
If you want to ensure security of your cryptocurrency, you need to keep your assets in a wallet where you control your private keys.
For those unaware, a private key is like a password to a Bitcoin (or other cryptocurrency) wallet. When your coins are on an exchange, they’re kept in the exchange’s wallets. The private keys to those wallets are also controlled by the exchange.
As the saying in the community goes – “Not your keys, not your Bitcoin”.
The only way to completely secure your holdings is to take responsibility for your own private keys.
The first step to doing this is withdrawing your coins to your own wallet.
I recommend using a hardware wallet as this provides the highest level of private key security for the average investor. The hardware wallet I use is the Ledger Nano S. Check out our guide to using a Ledger Nano wallet here.
If you don’t want to buy a hardware wallet, there are free wallets you can use. Whether it’s a paper wallet, a mobile wallet or a desktop wallet, they all are more secure than an exchange provided you secure your private keys properly. We have a very thorough guide on the best Bitcoin wallets and how to use them here.
Using exchanges properly
The only people who will be significantly affected by the Cryptopia hack are those who were using the exchange incorrectly.
Sometimes storing coins on exchanges is necessary, but it is never necessary to store a large amount of coins there.
As an example, if you want to purchase 1 BTC of tokens, deposit 1 BTC and nothing more. Once you have acquired your coins, withdraw them to your private wallet. There should never be a large amount of your portfolio sitting in exchange accounts.
If you’re taking a break from trading, withdraw the coins to your wallet. If you are waiting for the market to move before entering/exiting, withdraw the coins to your own wallet. You can always deposit them again when you’re ready to trade.
As long as you follow these simple guidelines, exchange hacks will be nothing to be concerned about.