bitcoin hack how to avoid

A small Canadian bitcoin exchange, MapleChange, was reportedly hacked in the early hours of Sunday morning, which they blamed on a “bug.” 

The little-known exchange says it is in “the process of a thorough investigation,” but “they cannot refund anything.”

In other words, if you trusted your money to MapleChange, you may not get that money back.

Maplechange hack

Hack or Exit Scam?

The suspicious nature of the announcement didn’t go unnoticed by commentators. Joseph Young, a contributor to Forbes and CoinTelegraph, called it an “exit scam.” 

Exit scam defined: An exit-scam is a shady technique in the crypto universe whereby a small, unregulated company lures money from people (usually through an exchange or an initial coin offering, ICO) before stealing it and removing all trace of the company.

The red flag came when MapleChange deleted all its social media accounts, an unnecessary move when depositors were desperate for more information.

While the speculation continues over the hack, we thought it best to put together three ways to make sure you never lose your money in an exchange hack or scam.

1. Don’t Keep Your Cryptocurrency on an Exchange, Period

All the biggest bitcoin hacks in recent history have taken place on an exchange. The Mt. Gox hack in 2014 was, of course, the most high-profile. $450 million was stolen by hackers before the exchange went bankrupt. At least four exchanges have been hacked this year alone.

Crypto exchanges are a prominent target for attackers, simply because they hold so much cryptocurrency. Many have security weaknesses that can be easily exploited. Many others are not regulated or protected by the governing authorities.

But most importantly, if you trust your crypto to an exchange, you have no control over those cryptocurrencies. It is entirely at the risk of the exchange and the safety precautions they have taken.

Instead, you should move your bitcoin or crypto off the exchange and into your own, personal cold storage.

Cold storage means keeping your cryptocurrencies offline, so they can’t be hacked. The best option is a specialized hardware device (Ledger or Trezor) are the best-known options.

ledger nano cold storage bitcoin wallet plugged into a laptop

Further reading: What is Cold Storage for Bitcoin?

2. Criteria for Choosing an Exchange: Reputation, Regulation, Insurance

Of course, we can’t stay clear of exchanges entirely. We need them to buy and sell cryptocurrency. But before you transfer any money, do your due diligence and research.

The first step is looking at reputation. Some quick research on MapleChange, for example, would have turned up very little information – a warning sign for investors.

On the other hand, trusting a major, high-profile exchange such as Coinbase or Gemini, while not 100% safe, is a more sensible solution. These giant exchanges are better regulated and have superior security features.

The likes of Coinbase and Gemini also go to great lengths to verify its users, which vastly reduces the likelihood of fraud or security breach.

Some exchanges are now fully insured, too. Gemini recently announced insurance coverage for its exchange and custody services. If you keep your money at Gemini, it is protected should the worst happen. 

Further reading: Cryptocurrency Insurance: What is it? (And Do You Need It?)

3. Holding Money on an Exchange? Choose One with Cold Storage

Sometimes, of course, holding money on an exchange can’t be avoided. If you are trading regularly, you may need quick, instant access to your money on an exchange.

If that’s the case, be sure the exchange keeps 95% or more of funds in cold storage. Cold storage keeps crypto offline and significantly more secure from hackers.

This advice was echoed by Binance founder, Changpeng Zhao, on Twitter in the wake of the MapleChange attack.

CZ binance cold storage advice

Coinbase, for example, holds 98% of all funds in cold storage. The remaining 2% are insured, so the risk of losing your money is much lower.

Conclusion

You’ll probably hear a lot about bitcoin’s safety and security in the wake of this hack. But it’s important to remember that bitcoin and its underlying system, blockchain, has never been hacked.

Hacking and theft only occurs through weak exchanges and poorly maintained wallets. In other words, storing your bitcoin safely is the most important decision you can make.

To sum up, always keep your cryptocurrencies offline, in cold storage, ideally on a hardware device you own, not an exchange. If you do use an exchange, ensure it is reputable, regulated, insured, and offers cold storage options.

Stay safe out there.

Note: this article was edited on 29th October. A previous version claimed that $6 million was stolen in the hack before the exchange in question re-opened communications and confirmed otherwise.

Further reading: 8 Cryptocurrency Best Practices (Keep Your Crypto Safe!)

Learned something new in this article? Subscribe to the Block Explorer newsletter.

  • Cold storage means storing your bitcoin offline, making it less vulnerable to hacking.
  • Cold storage options include USB drives, paper wallets or hardware wallets.
  • “Deep” cold storage means placing the cold wallet in a vault or safety deposit box.

In the Swiss mountains, there’s an old military bunker where millionaires hide their bitcoin. The bunker was converted into a secure vault by Xapo – a cryptocurrency storage company.

The richest bitcoin investors arrive here with their encrypted hard drives in the strictest secrecy.

war bunker converted into bitcoin vault in switzerland
Credit: JOON IAN WONG/QUARTZ

This is the ultimate in bitcoin “cold storage.”

In simple terms, cold storage means storing your bitcoin offline where it cannot be hacked. It is the opposite of a “hot” wallet which is connected to the internet.

Why should I use cold storage?

Safety from hacks: Your bitcoin is most vulnerable when it’s stored online. Thieves and hackers can potentially access online wallets precisely because they are connected to the internet. To ensure your cryptocurrency wallet isn’t hacked, move it to an offline, cold storage wallet instead.

Long-term holding: Cold storage is ideal for long-term investors who want to buy crypto, hold it and forget about it. But if you’re looking to trade or spend bitcoin regularly, you might want a hot wallet, which is easier to access day-to-day.

What is a cold storage wallet?

Here are a handful of options to store crypto offline:

ledger nano cold storage bitcoin wallet plugged into a laptop

1. Hardware wallets

Hardware wallets are the ultimate cold storage, designed specifically to store cryptocurrencies. They are only connected to the internet for a short moment while you transfer your bitcoin. You then keep them safely offline.

Hardware wallets look like a small USB storage device. They are usually virus-proof, water-proof and come with backup technology. They’re easy to use. Some even have software so you can quickly check your balance. Examples include Ledger (pictured above) and Trezor.

2. Paper wallets

A paper wallet is exactly as it sounds: a piece of paper! That might not sound secure, but it’s never connected to the internet. You can’t hack paper.

The paper wallet contains your private key, either written by hand, printed out, or displayed by a QR code. Without the private key, no-one can steal your crypto.

The downside, of course, is that you could lose or destroy the paper wallet, so always keep a backup.

3. USB stick or external hard drive

Alternatively, you can keep your private key stored as a file on a USB stick or external hard drive.

4. Hot/cold storage hybrid

Some desktop wallets and software wallets now have a “cold storage” mode. You can store some of your crypto safely offline while keeping some online for frequent trading or purchasing.

The downsides of cold storage

If you lose your cold storage device, your bitcoin is gone forever.

Let’s say your hardware wallet is stolen. Your paper wallet is damaged by water. Your hard drive gets corrupted. In all these cases, you cannot get your money back.

It’s estimated that 30% of all bitcoin in circulation is already gone because of this problem.

When you’re using cold storage, always keep a backup, just in case.

Another problem is ease of access. Cold storage isn’t ideal if you want to spend bitcoin or trade it regularly. One option is to keep a large amount in cold storage and a small amount in hot wallets for frequent use.

What is deep storage?

Deep storage is the next level. Take your hardware wallet and place it in a vault or safety deposit box (or a military bunker in Switzerland).

Not only is your bitcoin stored offline and safe from hackers, it is now safe from theft too.

The privacy-focused cryptocurrency Verge, is quickly becoming a running joke within the cryptocurrency industry, after repeatedly suffering 51% attacks and having hackers exploit a vulnerability that’s led to millions of dollars in Verge tokens being stolen.

It started back in April, when Verge suffered a small 51% attack that resulted in 250,000 XVG being stolen by hackers. Verge responded by hard-forking their blockchain, however, the 51% attack was repeated just last week when hackers added a second algorithm to exploit the same vulnerability previously used by the attackers.

51% attacks happen when hackers use a malicious code to mine multiple blocks per minute on a blockchain, allowing the attackers to gain majority control over network hashrates and move XVG to their wallets. At the peak of the second attack, the hackers were mining 25 blocks per minute, or roughly 8250 XVG or $950 a minute being stolen by thieves.

Verge downplayed the attack as nothing more than a DDoS attack, but according to reports, over 35 million in XVG tokens, amounting to over $1.7 million dollars, was stolen as a result of the attack.

Today, the prominent BitcoinTalk ocminer user who discovered the last two attacks, is reporting that Verge has yet again suffered a 51% attack. In the BitcoinTalk forum thread titled “Network Attack on XVG / Verge” ocminer says “Yup… attack again.. as already said, simply reducing drift time doesn’t fix it..”

Verge’s blockchain isn’t the only location hackers have targeted. Verge’s twitter account was also compromised this past March in an unrelated attack.

On a more positive note, Verge made news for becoming the first ever cryptocurrency to be accepted by adult entertainment website Pornhub for their premium subscription services. As one Redditor so cheekily said “Maybe they should take a note from Pornhub and learn to plug up the holes on their blockchain.”

Last month, privacy-focused cryptocurrency Verge was the victim of a ’51 percent attack’ an unfortunate scenario (for Verge and its investors) that resulted in roughly 250,000 XVG being stolen. Verge responded with a hard fork, but unfortunately, it appears the vulnerability still persists today despite countermeasures being taken.

According to OCMiner, the bitcointalk.org user who initially discovered the empty blocks – thus alerting the cryptocurrency community to the initial Verge hack back in April the same glitch that was exploited previously was targeted again by hackers, resulting in yet another attack. This time, though, a staggering 35 million XVG tokens were stolen – worth over $1.7 million according to data from CoinMarketCap.

Like the previous 51 percent attack, hackers were able to mine multiple blocks one minute apart from one another, and gain control over the majority network hashrate, compromising the blockchain and resulting in XVG tokens being stolen by the hacker.

In a Reddit post raising awareness of the exploit, user Flenst explains that the new hack simply adds a second algorithm in addition to the one used in the previous attack, to achieve the same dominance over Verge’s blockchain. The Reddit post also claims that the hackers were mining 25 blocks per minute, “resulting in 8250XVG or 950$ per minute” being stolen by the hacker.

Verge took to Twitter to downplay the hack, saying their mining pools were “under dos attack,” causing a delay in block mining – but the community isn’t buying it, even replying to Verge’s tweet with a link to the aforementioned Reddit post outlining the entire attack. Ironically, even Verge’s official Twitter account was hacked back in March in an unrelated attack.

Despite all the bad news lately for Verge, the company revealed a huge partnership with Pornhub last month, with Verge being the official cryptocurrency accepted by the adult content provider for premium subscriptions.

agreement

Embattled cryptocurrency exchange Coincheck may soon be under new management.

The Tokyo-based exchange, now enshrined in infamy following a $530 million hack in January, will reportedly be acquired by Japanese brokerage firm Monex in a deal worth “several billion yen.”

The news was first reported by regional media outlet Nikkei, whose sources said that Monex would likely replace the current management team — who oversaw the exchange at the time of the record-setting theft — and overhaul the cryptocurrency exchange trading platform.

“We are considering the acquisition,” Monex announced in a statement, adding that plans have not been finalized.

Monex stock soared in response to the rumors, closing at 424 JPY after opening at 337 JPY — a single-day gain in excess of 25 percent.

monex
Source: MSN Money

As BlockExplorer reported, Coincheck’s security measures were found in the wake of the hack to be woefully inadequate, which explains why the hackers were able to make off with such a large amount of funds.

The country’s Financial Services Agency (FSA) ordered Coincheck and several other exchanges to enhance their systems to comply with FSA regulations, but some platform operators have found these improvement orders to be more than they can manage.

“The deal with Monex suggests Coincheck deemed it difficult to comply with the regulatory requirements and rebuild its operations without external support,” the Nikkei report said.

At least five Japanese cryptocurrency exchanges have already informed the FSA that they will cease operations, while the agency has reportedly told several others that they must voluntarily shut down or face enforcement action.

Despite the gravity of the hack, Coincheck does not appear to have been insolvent. The company has already begun compensating users who lost funds during the hack, at a rate of approximately 89 JPY per NEM token (XEM). Though somewhat less than market value at the time of the hack, this is more than triple the current NEM price.

Featured Image from Pixabay