There’s bad news if you’re a cryptocurrency investor. Billions of dollars worth of wealth were wiped out this weekend after a South Korean cryptocurrency exchange was hacked.
The exchange in question is called Coinrail, and if you visit its website right now you’ll see a “System maintenance” message that tells you more than they’re just updating the servers. The devil’s in the detail – the site is down because it got hacked over the weekend.
The statement on Coinrail’s website says that some (but not all) of the cryptocurrency exchange’s digital currency was stolen by hackers. Coinrail claims that 70% of the cryptocurrencies it holds are being stored safely in a cold wallet which is not connected to the internet, and thus considerably more difficult for criminals to access.
Coinrail hasn’t released much information about what has occurred, but has released released the names of a few of the tokens affected in the hack: ATC from Aston, NPXS tokens from the Pundi X project, and NPER project tokens.
In all, the hackers are thought to have stolen about 30% of Coinrail’s virtual currency, and that news has sent shockwaves through the markets.
Even a hack of a relatively unknown South Korean cryptocurrency exchange like Coinrail can have a big impact on cryptocurrencies worldwide, because of media coverage. Media coverage gives investors the jitters which makes them sell more cryptocurrency which then leads to more media coverage, and so on and so on…
Stephen Innes, head of Asia Pacific trading at Oanda Corp, told Bloomberg that he believed panic-selling was to blame for the drop in cryptocurrency value:
This is ‘If it can happen to A, it can happen to B and it can happen to C,’ then people panic because someone is selling. The markets are so thinly traded, primarily by retail accounts, that these guys can get really scared out of positions. It actually doesn’t take a lot of money to move the market significantly.
So far this year Bitcoin is down about 50% in value. On Sunday alone it fell 6% after news of the Coinrail hack broke. And it’s not just Bitcoin that’s suffering, other commonly traded digital currencies like Ethereum have also taken a dive.
The problem with Bitcoin seems to be its very volatility – the thing which attracted many investors when its price was rocketing skywards last year, and is now proving a challenge as more people view cybersecurity as a huge threat to virtual currencies.
There is, of course, going to be plenty of speculation about who might be behind the Coinrail hack, and no doubt some will cast an eye north of South Korea’s border in their search for likely culprits. However, in cases like these it’s very difficult to attribute an attack on a cryptocurrency exchange with any certainty – as there are so many criminals who would salivate at the thought of breaking in and making off with millions of dollars.
Why is cybersecurity such a big issue to cryptocurrency exchanges and not seen as such a significant threat to traditional financial insitutions?
Mikko Hyppönen summed up the situation well in a tweet:
Cryptocurrency exchanges are ideal targets for attackers. Small companies with a lot of money. Run by startups, with small security teams and no experience. And if you get in, the loot is already anonymized and untrackable. https://t.co/uvBd6Shnox
— @mikko (@mikko) June 11, 2018
My advice? If you have a cryptocurrency investment, don’t leave your wallet lying around in an online exchange. Keep it somewhere safer.
In a past episode of the “Smashing Security” podcast we’ve talked about how you may wish to consider having your own hardware wallet that stores your private keys, so you have true control about when and where your funds are moved… rather than put your trust in a cryptocurrency exchange.
And, it should go without saying, if don’t invest anything that you cannot afford to lose.
Listen to this edition of the “Smashing Security” podcast to hear further discussion on this topic:
Smashing Security #082: 'World Cup cybersecurity, crypto crashes, and a bang of a password fail'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
This is yet another reminder that "the cloud" is not your computer. Once you learn to backup a file or image a hard drive, you can and should ditch the cloud services for security reasons. Local storage can be made to be convenient.
Replicating cloud services with your own services and a VPN seems like an untapped market. Perhaps a custom Linux distro to run on your own hardware can be part of the answer.