A small Canadian bitcoin exchange, MapleChange, was reportedly hacked in the early hours of Sunday morning, which they blamed on a “bug.”
The little-known exchange says it is in “the process of a thorough investigation,” but “they cannot refund anything.”
In other words, if you trusted your money to MapleChange, you may not get that money back.
Hack or Exit Scam?
The suspicious nature of the announcement didn’t go unnoticed by commentators. Joseph Young, a contributor to Forbes and CoinTelegraph, called it an “exit scam.”
Exit scam defined: An exit-scam is a shady technique in the crypto universe whereby a small, unregulated company lures money from people (usually through an exchange or an initial coin offering, ICO) before stealing it and removing all trace of the company.
The red flag came when MapleChange deleted all its social media accounts, an unnecessary move when depositors were desperate for more information.
While the speculation continues over the hack, we thought it best to put together three ways to make sure you never lose your money in an exchange hack or scam.
1. Don’t Keep Your Cryptocurrency on an Exchange, Period
All the biggest bitcoin hacks in recent history have taken place on an exchange. The Mt. Gox hack in 2014 was, of course, the most high-profile. $450 million was stolen by hackers before the exchange went bankrupt. At least four exchanges have been hacked this year alone.
Crypto exchanges are a prominent target for attackers, simply because they hold so much cryptocurrency. Many have security weaknesses that can be easily exploited. Many others are not regulated or protected by the governing authorities.
But most importantly, if you trust your crypto to an exchange, you have no control over those cryptocurrencies. It is entirely at the risk of the exchange and the safety precautions they have taken.
Instead, you should move your bitcoin or crypto off the exchange and into your own, personal cold storage.
Further reading: What is Cold Storage for Bitcoin?
2. Criteria for Choosing an Exchange: Reputation, Regulation, Insurance
Of course, we can’t stay clear of exchanges entirely. We need them to buy and sell cryptocurrency. But before you transfer any money, do your due diligence and research.
The first step is looking at reputation. Some quick research on MapleChange, for example, would have turned up very little information – a warning sign for investors.
On the other hand, trusting a major, high-profile exchange such as Coinbase or Gemini, while not 100% safe, is a more sensible solution. These giant exchanges are better regulated and have superior security features.
The likes of Coinbase and Gemini also go to great lengths to verify its users, which vastly reduces the likelihood of fraud or security breach.
Some exchanges are now fully insured, too. Gemini recently announced insurance coverage for its exchange and custody services. If you keep your money at Gemini, it is protected should the worst happen.
Further reading: Cryptocurrency Insurance: What is it? (And Do You Need It?)
3. Holding Money on an Exchange? Choose One with Cold Storage
Sometimes, of course, holding money on an exchange can’t be avoided. If you are trading regularly, you may need quick, instant access to your money on an exchange.
If that’s the case, be sure the exchange keeps 95% or more of funds in cold storage. Cold storage keeps crypto offline and significantly more secure from hackers.
This advice was echoed by Binance founder, Changpeng Zhao, on Twitter in the wake of the MapleChange attack.
Coinbase, for example, holds 98% of all funds in cold storage. The remaining 2% are insured, so the risk of losing your money is much lower.
You’ll probably hear a lot about bitcoin’s safety and security in the wake of this hack. But it’s important to remember that bitcoin and its underlying system, blockchain, has never been hacked.
Hacking and theft only occurs through weak exchanges and poorly maintained wallets. In other words, storing your bitcoin safely is the most important decision you can make.
To sum up, always keep your cryptocurrencies offline, in cold storage, ideally on a hardware device you own, not an exchange. If you do use an exchange, ensure it is reputable, regulated, insured, and offers cold storage options.
Stay safe out there.
Note: this article was edited on 29th October. A previous version claimed that $6 million was stolen in the hack before the exchange in question re-opened communications and confirmed otherwise.
Further reading: 8 Cryptocurrency Best Practices (Keep Your Crypto Safe!)
Learned something new in this article? Subscribe to the Block Explorer newsletter.