South Korean-based Upbit has become the latest major exchange to be hacked. A thief has stolen 342,000 Ether worth USD $50 million. The exchange has stated that the stolen cryptocurrency did not come from user funds, and that all deposits and withdrawals will be suspended for at least two weeks. As this attack is far from the first to happen to a popular exchange, patterns are now emerging that may provide greater insight into why they remain common.
One fact emerging from the constant series of thefts is that exchanges have yet to develop secure protocols for handling the vast quantities of cryptocurrencies that are held in their wallets. Although all claim to keep the majority of their funds in cold storage, doing business requires many large-scale transfers every day. This activity is inevitably going to open the door to vulnerabilities as passwords and private keys must be regularly accessed. Additionally, the demand by users for ever faster deposits and withdrawals may hinder reasonable security and review processes when using exchange wallets.
Also, unlike the legacy banking industry, standard protocols do not exist for the handling of exchange funds, and most exchanges do not undergo independent security auditing. In fact, as crypto remains largely unregulated, there are few organizations qualified to even conduct such reviews. Thus, users have no clear method for determining if exchanges are managed by competent personnel, or if their funds are properly managed.
Contrary to popular myths, most major exchange thefts are not the result of crooked operators. In other words, they are generally not exit scams. Rather, the exchanges are seeking to conduct honest business, and the hacks are due to improper security protocols. The recent attacks on Binance, Bithumb, and Cryptopia are all examples of this fact. It is worth noting, however, that many exchange hacks appear to have been inside jobs by lower level employees, raising questions about the ability of these organizations to properly vet and monitor their workers.
A key takeaway from the Upbit hack is that users should never use exchanges for long-term cryptocurrency storage. Exchanges are not wallets, and should not be used as such. The common, time-honored phrase “not your keys, not your crypto” remains as valid today as it did when Bitcoin was first released.
Although they have not been able to stem the rate of major thefts, exchanges have become far more adept at tracking and seizing stolen crypto funds. Thieves almost always seek to launder stolen cryptocurrencies through other exchanges, and a substantial amount of stolen crypto has been recovered via mutual cooperation during this process. For example, earlier this year Bitrue was able to freeze over USD $4 million in stolen Cardano and Ripple after attempts to launder it were discovered.
Exchanges are also less likely to shut down after major security breaches. Six multi-million dollar thefts have occurred in 2019, yet none have resulted in permanent closure of the affected exchange, although Cryptopia closed in January due to a theft that took place last year. The ability to survive major attacks is no doubt due to the fact that exchanges are now establishing emergency funds that can be tapped into when these events occur.
As the crypto space matures, it is likely that many of the shortcomings that are leading to these high-value thefts will be corrected. Doing so will, of course, require greater cooperation from many agencies, including governments and law enforcement. Fortunately, Upbit appears to be able to remain open after this attack, yet users should still exercise caution and restraint with all exchange activity.