bitcoin hack how to avoid

New Zealand based crypto exchange, Cryptopia, was hacked on January 14th.

In a statement released on Twitter, Cryptopia said the exchange “suffered a security breach which resulted in significant losses.”

The platform is currently in “maintenance mode” while the team assesses the full scope of the damages. Although no official figures have been released, Larry Cemark, analyst at The Block, suggests as much as $3.5 million worth of ethereum and CENNZ tokens were stolen.

New Zealand police and the High Tech Crimes Unit are currently investigating the breach.

The news comes after $1 billion in cryptocurrency was stolen in 2018. The full Cryptopia statement is below.

Cryptopia Exchange Hack Statement

cryptopia exchange hack

kraken safest crypto exchange

The crypto world has a hacking problem.

Specifically, cryptocurrency exchanges have a hacking problem. In 2018 alone, we’ve seen at least four major exchange hacks with more than $750 million stolen (not to mention a few smaller exchange hacks).

Security and protection from hackers have become paramount when using a crypto exchange, but how do you assess the security threat?

Luckily, a prominent cybersecurity firm, Group-IB, has done it for us. In a new report, published in partnership with CryptoIns, every major crypto exchange is ranked based on a variety of security features.

Kraken is the Most Secure Cryptocurrency Exchange

Founded in 2011, Kraken is one of the oldest crypto exchanges out there. In that time, they have developed one of the most impenetrable exchanges.

Kraken was the first exchange to pass a verified proof-of-reserves audit and is integrated with BitGo, one of the leading cryptocurrency security companies.

The Group-IB report cites Kraken as the most secure exchange as a result. Further, Kraken is the only name in the report’s top-tier group, considered the least risky.

Further reading: 8 Cryptocurrency Best Practices (Keep Your Crypto Safe)

The Four-Tier Ranking

Group-IB divides the major cryptocurrency exchanges into four groups based on their security features. Below are the results:

Group A – Kraken.

Group B – Bittrex, Coinbase Pro

Group C – Binance, Bitifinex, Bitmex, Bithumb, Poloniex, Localbitcoins, MyEtherWallet.

Group D – OKEx, Huobi Pro, Coincheck, Bitstamp, Bit-Z, Zaif

OKEx: “Completely Uninsurable”

Group-IB considered the last pool “completely uninsurable” due to the security risk involved. That should come as a warning sign to anyone trading or storing their cryptocurrencies on these exchanges.

Perhaps the most surprising name in this group is OKEx. The exchange is now the second-largest in the world by 24-hour volume and was named the “Crypto Exchange of the Year” at the recent Malta Blockchain Awards.

How Were the Crypto Exchanges Ranked?

Group-IB compiled the rankings based on a number of security features including:

  • Technical security levels.
  • The reliability of private key storage.
  • Password requirements and 2FA options.
  • Protection of customer data.
  • Risk management.
  • Know your customer (KYC) and anti-money laundering (AML) procedures.

The exchanges were also submitted to penetration testing and finally ranked according to the relative cost of insuring them.

The exact scores in each of the categories were not released publicly for confidentiality reasons.

Caution: Don’t Keep Your Money on an Exchange for Longer Than You Need To

These rankings are vital for anyone looking to buy or sell cryptocurrencies. However, it doesn’t change the fact that keeping your cryptocurrency on an exchange is incredibly risky.

Hackers deliberately target exchanges and, as you can see above, not all institutions are secure.

The best course of action is to keep your cryptocurrency off the exchange and in a cold-storage wallet (i.e. not connected to the internet).

Exchanges are great for buying, selling, and trading, but don’t keep store your money there for a long period of time. If you don’t have 100% control of your private keys, you don’t have 100% control of your crypto.

Learned something new in this article? Subscribe to the Block Explorer newsletter.

bitcoin hack how to avoid

A small Canadian bitcoin exchange, MapleChange, was reportedly hacked in the early hours of Sunday morning, which they blamed on a “bug.” 

The little-known exchange says it is in “the process of a thorough investigation,” but “they cannot refund anything.”

In other words, if you trusted your money to MapleChange, you may not get that money back.

Maplechange hack

Hack or Exit Scam?

The suspicious nature of the announcement didn’t go unnoticed by commentators. Joseph Young, a contributor to Forbes and CoinTelegraph, called it an “exit scam.” 

Exit scam defined: An exit-scam is a shady technique in the crypto universe whereby a small, unregulated company lures money from people (usually through an exchange or an initial coin offering, ICO) before stealing it and removing all trace of the company.

The red flag came when MapleChange deleted all its social media accounts, an unnecessary move when depositors were desperate for more information.

While the speculation continues over the hack, we thought it best to put together three ways to make sure you never lose your money in an exchange hack or scam.

1. Don’t Keep Your Cryptocurrency on an Exchange, Period

All the biggest bitcoin hacks in recent history have taken place on an exchange. The Mt. Gox hack in 2014 was, of course, the most high-profile. $450 million was stolen by hackers before the exchange went bankrupt. At least four exchanges have been hacked this year alone.

Crypto exchanges are a prominent target for attackers, simply because they hold so much cryptocurrency. Many have security weaknesses that can be easily exploited. Many others are not regulated or protected by the governing authorities.

But most importantly, if you trust your crypto to an exchange, you have no control over those cryptocurrencies. It is entirely at the risk of the exchange and the safety precautions they have taken.

Instead, you should move your bitcoin or crypto off the exchange and into your own, personal cold storage.

Cold storage means keeping your cryptocurrencies offline, so they can’t be hacked. The best option is a specialized hardware device (Ledger or Trezor) are the best-known options.

ledger nano cold storage bitcoin wallet plugged into a laptop

Further reading: What is Cold Storage for Bitcoin?

2. Criteria for Choosing an Exchange: Reputation, Regulation, Insurance

Of course, we can’t stay clear of exchanges entirely. We need them to buy and sell cryptocurrency. But before you transfer any money, do your due diligence and research.

The first step is looking at reputation. Some quick research on MapleChange, for example, would have turned up very little information – a warning sign for investors.

On the other hand, trusting a major, high-profile exchange such as Coinbase or Gemini, while not 100% safe, is a more sensible solution. These giant exchanges are better regulated and have superior security features.

The likes of Coinbase and Gemini also go to great lengths to verify its users, which vastly reduces the likelihood of fraud or security breach.

Some exchanges are now fully insured, too. Gemini recently announced insurance coverage for its exchange and custody services. If you keep your money at Gemini, it is protected should the worst happen. 

Further reading: Cryptocurrency Insurance: What is it? (And Do You Need It?)

3. Holding Money on an Exchange? Choose One with Cold Storage

Sometimes, of course, holding money on an exchange can’t be avoided. If you are trading regularly, you may need quick, instant access to your money on an exchange.

If that’s the case, be sure the exchange keeps 95% or more of funds in cold storage. Cold storage keeps crypto offline and significantly more secure from hackers.

This advice was echoed by Binance founder, Changpeng Zhao, on Twitter in the wake of the MapleChange attack.

CZ binance cold storage advice

Coinbase, for example, holds 98% of all funds in cold storage. The remaining 2% are insured, so the risk of losing your money is much lower.

Conclusion

You’ll probably hear a lot about bitcoin’s safety and security in the wake of this hack. But it’s important to remember that bitcoin and its underlying system, blockchain, has never been hacked.

Hacking and theft only occurs through weak exchanges and poorly maintained wallets. In other words, storing your bitcoin safely is the most important decision you can make.

To sum up, always keep your cryptocurrencies offline, in cold storage, ideally on a hardware device you own, not an exchange. If you do use an exchange, ensure it is reputable, regulated, insured, and offers cold storage options.

Stay safe out there.

Note: this article was edited on 29th October. A previous version claimed that $6 million was stolen in the hack before the exchange in question re-opened communications and confirmed otherwise.

Further reading: 8 Cryptocurrency Best Practices (Keep Your Crypto Safe!)

Learned something new in this article? Subscribe to the Block Explorer newsletter.

Coinfloor is a London UK, based cryptocurrency exchange that was founded in 2012. It offers 8 trading pairs, all of which are crypto/fiat. Coinfloor finds itself at number 21 on BlockExplorer’s list of the top 25 cryptocurrency exchanges of 2017.

Coinfloor is a good choice for any UK based trader looking to trade in some of the more well-known cryptocurrencies. Specifically, Coinfloor provides trading pairs for Bitcoin, Bitcoin Cash, Ethereum, Ethereum Classic, Ripple, and Litecoin. Coinfloor’s markets seem active, with XBT/EUR being the most active trading pair.

Coinfloor

coinfloor cryptoURL: coinfloor.co.uk
Launched: 2012
Trading pairs: 8
Deposit Fees: Yes, for fiat
Withdrawal Fees: Yes, for all
Trading fees: Yes
Verification: Yes, one level
Margin Trading: No

Registration

Registration on Coinfloor is broken up into three steps. Step one requires just an email address and password. Once you have completed step one, you must confirm your email via a link before proceeding to step two. Step two requires you to configure two-factor authentication, and step three requires you to go through Coinfloor’s verification system.

Verification

Coinfloor has a single verification level that is required to trade on the platform. Getting verified is a two-step process that requires a picture of your ID, your full name, your country of residence (including postal code). According to Coinfloor, the verification process should take about a minute for pre-verification in most cases.

Fees

Coinfloor’s trading fee system is broken up into three levels where each level is based on the amount you have traded over the past 30 days. On the low-end, the trading fee is 0.30% of your trading and applies for traders with less than $500,000 USD traded over 30 days. For mid-range, the fee is 0.20%, which applies for traders that have traded between $500,000 USD and $1,000,000 USD over the past 30 days. And on the high-end, for more than $1,000,000 USD traded, the fee applied is 0.10%.

Deposit and withdrawal wise, for cryptocurrencies, there is no deposit fee and there is a small withdrawal fee of 0.0050 of that currency, with a minimum deposit of 0.05 and a minimum withdrawal of 0.0005. Fiat wise, the fees are set per currency and can be seen on Coinfloor’s fee page. Minimum deposit and withdrawal for fiat are 5,000 and 2,000 respectively for every fiat currency that Coinfloor accepts.

Interface

Coinfloor’s trading interface leaves a bit to be desired, the entire site is built on a white and blue theme, with the occasional green accent. And unfortunately, there is no dark mode available, making late night trading sessions heavy on the eyes. The main trading interface has a market depth chart, but no other charts are offered. Below the chart on the left is an order book, with your personal orders filtered to the right. Directly to the right of the chart is an order submission form. And on top is a trading pair selection drop-down.

Security

While Coinfloor does enforce 2FA, there are unfortunately only two supported 2FA methods, and Google Authenticator isn’t one of them. The two choices you do have are Authy and YubiKey, with YubiKey being the star of the two, as it’s a hardware-based second factor. Otherwise, Coinfloor will email you on every login to your account.

On the corporate side, Coinfloor states that it maintains all of its client’s currency in multi-signature cold wallets. Also stated is that its entire system is regularly tested by penetration testers, though it does not state exactly who, aside from ‘a highly regarded penetration testing firm’.