Poor Wallet Security Opens the Door for World’s Largest Crypto Hack
Earlier this week, one of Japan’s major Bitcoin exchanges made headlines as the target of the world’s largest cryptocurrency theft to date. Hackers “illegally remitted” 523 million NEM coins from popular trading platform Coincheck on January 26. At the time, the coins were worth well over $500 million.
Déjà vu, Right?
Blockchain currency was invented less than ten years ago. Even within this short period, Japanese exchanges have had massive security failures that resulted in record-breaking thefts on two separate occasions.
Back in 2014, the market-leading crypto exchange Mt. Gox admitted it had lost 850,000 Bitcoin– worth $460 million at the time and around $9 billion at today’s prices – due to theft. Now, hackers have stolen over 500 million NEM coins from Coincheck, worth around $500 million. While the long-term value of the stolen coins is undeterminable, their current value makes the Coincheck hack the most profitable hack in history.
Mt. Gox and Coincheck are cautionary tales for cryptocurrency exchanges and their users. Theft forced Mt. Gox into bankruptcy, and most account holders who lost their Bitcoin are still waiting for reimbursement that may never come. Coincheck has announced its intention to reimburse users who lost their coins in the recent hack, but it is unclear whether the exchange has the resources to do so. For the time being, the 260,000 customers impacted by the hack must wait and see whether Coincheck can come up with the cash to cover its losses.
Lessons We Can All Learn from the Coincheck Hack
Based on what we know now, Mt. Gox was a ticking time bomb. Numerous security flaws plagued the exchange’s platform, right down to its source code. The Coincheck hack, however, was not a result of poor coding. Rather, Coincheck lost over $500 million due to poor wallet security.
According to the company, hackers stole the private key for the Coincheck storing the exchange’s NEM coins. From there, they simply drained the account. Coincheck is working with Japanese financial regulators to figure out exactly how this all went down, but the crypto community is already pointing fingers at the exchange itself. Coincheck implies on its website that users’ coins were kept in cold storage, which was simply not the case. Rather, the stolen NEM coins were stored in a hot wallet without multisig protection, pretty lax security by professional standards. Coincheck stored more valuable coins – including Bitcoin and Ether – on cold wallets, but cited lack of resources for why they did not do so with all coins.
Wallet Security Tips for Bitcoin Investors
There are several Bitcoin forks on the horizon. Not having Bitcoin stored on a compatible wallet or exchange excludes investors from being able to take advantage of upcoming forks. This is a huge potential loss. Any one of these new forked coins could be the upgrade Bitcoin needs to finally catapult into the mainstream. But how can investors store their Bitcoin safely while still being able to recover all of the new coins they are entitled to with each hard fork?
Forked coins often require specialized wallets or access to compatible exchanges. If your coins are on an exchange, the platform decides which forks it will honor and which ones it will ignore. So, the best way to make sure your Bitcoin is safe without suffering from major FOMO this year is to move your coins to a secure wallet with a private key.
As Coincheck recently learned the hard way, protecting your private key is critical to wallet security. Just like cash lifted from your wallet by a pickpocket, once your digital currency is stolen from your digital wallet it is almost impossible to recover. Hackers steal private keys from wallet storage media or by spying on communications channels. You should always protect your private key by encrypting your wallet or requiring multisig verification. However, going off-grid with cold storage is the only way to hack-proof your coin.
If you have your own Bitcoin wallet, be sure to save your seed phrase and password on paper or digital media not connected to the internet. To make sure you can access your private key despite all of the hack-proofing, export the private key(s) from your wallet and store that offline as well. These few simple steps will protect your investment from theft while making sure you can claim valuable forks in the future.