bitcoin hack how to avoid

A small Canadian bitcoin exchange, MapleChange, was reportedly hacked in the early hours of Sunday morning, which they blamed on a “bug.” 

The little-known exchange says it is in “the process of a thorough investigation,” but “they cannot refund anything.”

In other words, if you trusted your money to MapleChange, you may not get that money back.

Maplechange hack

Hack or Exit Scam?

The suspicious nature of the announcement didn’t go unnoticed by commentators. Joseph Young, a contributor to Forbes and CoinTelegraph, called it an “exit scam.” 

Exit scam defined: An exit-scam is a shady technique in the crypto universe whereby a small, unregulated company lures money from people (usually through an exchange or an initial coin offering, ICO) before stealing it and removing all trace of the company.

The red flag came when MapleChange deleted all its social media accounts, an unnecessary move when depositors were desperate for more information.

While the speculation continues over the hack, we thought it best to put together three ways to make sure you never lose your money in an exchange hack or scam.

1. Don’t Keep Your Cryptocurrency on an Exchange, Period

All the biggest bitcoin hacks in recent history have taken place on an exchange. The Mt. Gox hack in 2014 was, of course, the most high-profile. $450 million was stolen by hackers before the exchange went bankrupt. At least four exchanges have been hacked this year alone.

Crypto exchanges are a prominent target for attackers, simply because they hold so much cryptocurrency. Many have security weaknesses that can be easily exploited. Many others are not regulated or protected by the governing authorities.

But most importantly, if you trust your crypto to an exchange, you have no control over those cryptocurrencies. It is entirely at the risk of the exchange and the safety precautions they have taken.

Instead, you should move your bitcoin or crypto off the exchange and into your own, personal cold storage.

Cold storage means keeping your cryptocurrencies offline, so they can’t be hacked. The best option is a specialized hardware device (Ledger or Trezor) are the best-known options.

ledger nano cold storage bitcoin wallet plugged into a laptop

Further reading: What is Cold Storage for Bitcoin?

2. Criteria for Choosing an Exchange: Reputation, Regulation, Insurance

Of course, we can’t stay clear of exchanges entirely. We need them to buy and sell cryptocurrency. But before you transfer any money, do your due diligence and research.

The first step is looking at reputation. Some quick research on MapleChange, for example, would have turned up very little information – a warning sign for investors.

On the other hand, trusting a major, high-profile exchange such as Coinbase or Gemini, while not 100% safe, is a more sensible solution. These giant exchanges are better regulated and have superior security features.

The likes of Coinbase and Gemini also go to great lengths to verify its users, which vastly reduces the likelihood of fraud or security breach.

Some exchanges are now fully insured, too. Gemini recently announced insurance coverage for its exchange and custody services. If you keep your money at Gemini, it is protected should the worst happen. 

Further reading: Cryptocurrency Insurance: What is it? (And Do You Need It?)

3. Holding Money on an Exchange? Choose One with Cold Storage

Sometimes, of course, holding money on an exchange can’t be avoided. If you are trading regularly, you may need quick, instant access to your money on an exchange.

If that’s the case, be sure the exchange keeps 95% or more of funds in cold storage. Cold storage keeps crypto offline and significantly more secure from hackers.

This advice was echoed by Binance founder, Changpeng Zhao, on Twitter in the wake of the MapleChange attack.

CZ binance cold storage advice

Coinbase, for example, holds 98% of all funds in cold storage. The remaining 2% are insured, so the risk of losing your money is much lower.

Conclusion

You’ll probably hear a lot about bitcoin’s safety and security in the wake of this hack. But it’s important to remember that bitcoin and its underlying system, blockchain, has never been hacked.

Hacking and theft only occurs through weak exchanges and poorly maintained wallets. In other words, storing your bitcoin safely is the most important decision you can make.

To sum up, always keep your cryptocurrencies offline, in cold storage, ideally on a hardware device you own, not an exchange. If you do use an exchange, ensure it is reputable, regulated, insured, and offers cold storage options.

Stay safe out there.

Note: this article was edited on 29th October. A previous version claimed that $6 million was stolen in the hack before the exchange in question re-opened communications and confirmed otherwise.

Further reading: 8 Cryptocurrency Best Practices (Keep Your Crypto Safe!)

Learned something new in this article? Subscribe to the Block Explorer newsletter.

Gemini is a New York-based, licensed digital asset exchange that also offers custodian services for digital assets.  The exchange was launched in 2015 by prominent bitcoin investors Cameron and Tyler Winklevoss and ranks #12 on BlockExplorer’s Top 25 Exchanges of 2017 list. The exchange serves the U.S., U.K., Canada, Hong Kong, South Korea and Singapore.

The platform allows investors to trade BTC/USD, ETH/USD, and ETH/BTC. Its clean and easy-to-use interface is well suited for both beginners and advanced traders.

While a limited number of trading pairs might be a drawback for traders, the Winklevoss twins said their main 2018 goal for Gemini Exchange is expanding to other tokens such as Bitcoin Cash and Litecoin.

A major advantage of Gemini is their proactive approach to abide by regulations.  In 2015, Cameron Winklevoss stated, “Our philosophy is to ask for permission, not forgiveness.”  Before launching, it became a fully compliant and fully registered enterprise with FDIC coverage on client USD balances. It is also the first US exchange to be officially licensed for both ether and bitcoin trading making it one of the most legitimate exchanges in the world.

Gemini Exchange Summary:

gemini crypto

URL: https://gemini.com/
Total trading pairs: 3
Founded: 2015
Deposit fees: No
Withdrawal fees: Free up to 10 withdrawals per month
Trading fees: 0.00% – 0.25%
Margin trading: No
Verification levels and deposit/withdrawal limits:

Verification Level

Limits

Individual ACH Daily Deposit/Withdrawal: $500/$10,000; ACH Monthly Deposit/Withdrawal: $15,000/$100,000; Cryptocurrency: No Limit
Institutional ACH Daily Deposit/Withdrawal: $10,000/$10,000; ACH Monthly Deposit/Withdrawal: $300,000/$100,000; Cryptocurrency: No Limit

Creating Your Account

Starting a new account at Gemini.com is simple — just go to the homepage and click on Register

Enter your full name, email address, and create a password — then select Create My Account

Open a new tab and check your email for an Activation Code, copy and paste it into the previous tab — then select Submit

 

Next is a three-step identity verification process:

 

 

  1. Link your cell phone number up with your account — this makes receiving login verification codes easy. Two-factor authentication is a standard requirement for most exchanges and enhances account security.
  2. Link your bank account using your online banking login credentials. The bank account must be in the same name as the new Gemini account holder. If you don’t want to fork over your login information, you can verify your bank account using a wire transfer instead.
  3. Finally, you must submit documentation that proves your identity and address, like a copy of a bank statement with your address clearly printed.

Conclusion: Is Gemini a Good Exchange?

Gemini has a solid reputation and suitable volume for institutional and individual investors. A smooth interface paired with real USD, regulatory compliance, and low fees makes Gemini an attractive alternative to Coinbase’s GDAX.

WEX is a cryptocurrency exchange founded in 2017 that is operating out of Singapore. It is a rebranding of the now infamous exchange BTC-e, which was fined $110M USD by FinCEN. WEX is #7 on BlockExplorer’s top 25 exchange list from 2017. At the time of writing WEX reported a daily average of 16,655 users with a trading volume of $86M USD, making it a decent choice for medium to large scale traders that want to trade currencies that WEX supports. There are also three different APIs available for use in programmatic trading, though the documentation around one of them is in Russian with no English version available.

WEX

wex crypto

URL: wex.nz
Total Trading Pairs: 40
Deposit Fees: No
Withdrawal Fees: Yes
Trading Fees: Yes, flat 0.2% on all trades
Verification: Yes

Registration

Registration requires you to enter your email twice, followed by the username you would like to use, and finally, a CAPTCHA-like anti-bot measure to solve. Once you have submitted your registration request, the page will update and display a password that you can use to log in. You should change your password as soon as possible after logging in, note that WEX does not ask you to do so.

Verification

You may deposit, withdraw, and trade cryptocurrencies without verification. Getting verified requires quite a bit of personal information, listed below.

  • Full name
  • Date of birth
  • Current citizenship
  • ID Number, issue and expiry date
  • Your current address including country
  • An image of your ID and proof of residence
  • An image of you holding your ID with face clearly visible

Verification should take no more than 7 working days.

Interface

WEX’s interface is a white background with black text and grey highlights. It feels difficult to use due to the extreme verticle configuration though it is not completely unusable. Trading pair selection is done at the top with trade submission done below an auto-updating chart. To the right of the chart is a chat widget allowing you to chat with other traders. The chart is decently interactive and customisable, allowing you to select the shape of the candles. Below the chart, you can submit buy and sell orders and the fee for the intended order. Down the page further, under the buy and sell order section is an order book which updates semi-frequently. Further down still is your current active orders, and below that is the trade history for the selected trading pair.

Security

Though not directly insecure, passwords being displayed in plaintext on the webpage after registration seems like a bad idea. Making that worse, you are not asked to change your password upon subsequent logins. Otherwise, WEX has a decent number of security features, you can secure your account with 2FA using google authenticator. You can also manage an IP whitelist and view all open sessions logged into your account.

Fees

Currently, WEX applies a flat 0.2% fee to all trades. There are no fees on depositing cryptocurrency when withdrawing there is a set fee that is different per currency, you can view the entire list here

Currently managed by CEO Nejc Kodrič, Bitstamp is an EU based cryptocurrency exchange founded in 2011. Bitstamp offers 11 trading pairs with three crypto to crypto pairs. It is usable in, among others, any EU country and in the United States. And has offices in the United Kingdom, the United States, and France.

Bitstamp is decently liquid in its trading pairs, though there are not that many of them. Traders that are not looking for a large number of trading pairs but are looking for larger trades will find Bitstamp to be a decent home for their practice. Programmatic trading is also possible by way of a JSON based API.

Bitstamp
bitstamp crypto

URL: bitstamp.net
Total Trading Pairs: 11
Deposit Fees: No
Withdrawal Fees: No
Trading Fees: Yes, 0.25% to 0.1%
Margin Trading: No
Verification: Yes, one level

Registration

Registration on Bitstamp’s site is simple and allows you to view the current trades on all pairs. You are required to verify your account to deposit and therefore trade. You are emailed a customer ID and a password once you submit your registration. While you are immediately asked to change that password, it’s still a questionable practice to send passwords over email.

Verification

Verification is a single step process where you are required to submit a large amount of personal information, namely:

  • First and last names as they appear on your identity document
  • Full address
  • Date of birth
  • Photo government ID and its date of issue, date of expiry and number
  • Proof of residence no older than three months. Which cannot be an already submitted identity document

There are reports that verification can take from a single week to multiple months. Bitstamp does not publish any estimated times for registration.

Interface

Bitstamp’s interface is a dark grey background with light grey text. Nice for late night trading sessions where bright backgrounds can cause eye strain. The interface provides a decent amount of information but feels cluttered, with no definite borders around anything. There is a large price indicator that constantly updates, making it rather difficult to get a definite figure at a glance during periods of high activity. Displayed at the top is your current balance that is relevant to the selected trading pair. And you can submit orders on the right.

Security

Bitstamp offers login protection in the form of two-factor authentication via Google Authenticator and Duo. Though their instruction link for using Google Authenticator points to a nonexistent page.

A PGP key is offered for email security, though there does not seem to be any facility for uploading your own, meaning secure email can only occur from customers to Bitstamp.

Fees

Bitstamp has flat fees for both makers and takers, the fee you are charged is based on the total trading you have done in the last 30 days. And you can see your current fee on the account page. The lowest fee tier is 0.25% for any traders at less than $20,000 USD, and the highest tier is 0.10% for traders at or above $20,000,00 USD. There are no fees for almost all cryptocurrency deposit and withdrawals, with the exception of Bitcoin withdrawals via BitGo Instant transfers.

Bitstamp also has a minimum trade amount. Specifically, 5 units of whatever fiat currency the trading pair is denominated in or 0.001 BTC for the pairs denominated in Bitcoin.

bitcoin exchange

The director of a UK-based bitcoin exchange kidnapped earlier this week has been released after he paid his captors a ransom of more than $1 million in bitcoins.

Pavel Lerner, 40, was kidnapped on December 26 while leaving his office in Kiev, Ukraine. According to local media reports, a group of men wearing balaclavas grabbed him and forced him into a black Mercedes-Benz.

uk bitcoin exchange
Photo from Pavel Lerner’s Facebook Page

Lerner is an executive at EXMO, a UK-based cryptocurrency exchange that processes approximately $100 to $125 million in trades on a daily basis, primarily against the US dollar and the Russian ruble.

After spending nearly two days in captivity, Lerner was released on December 28 after paying a ransom of more than $1 million in bitcoins, according to a report in the Financial Times.

“He was kidnapped by an armed gang for the purpose of extorting bitcoins,” Anton Gerashchenko, a Ukranian official, told the publication, adding: “We have operative information that he paid more than $1m worth of bitcoins.”

Geraschenko said that Lerner was in a “state of shock” when he was released and was “very lucky that he remained alive.”

On Thursday — while Lerner was in captivity — EXMO revealed that it had been the subject of a DDOS attack, but it is not known whether the two incidents are related. The exchange assured users that, even in Lerner’s absence, the trading platform was operating as usual and that user funds remained safe.

As BlockExplorer explained its previous article on Lerner’s kidnapping, the incident is the latest in a small but growing trend of individuals being targeted by criminals for their cryptocurrency wealth.

Because decentralized cryptocurrency transactions are uncensorable and, in most cases, users retain control of their holdings, cryptocurrency executives and investors prove to be attractive targets for criminal enterprises.

Consequently, users should recognizing the risks of publicizing both their personal holdings and their affiliation with the industry in general and take steps to secure their investments against theft, just as they would with traditional assets.

Featured Image from Pexels