3 minute read
- Hacks and exit scams have become so commonplace in the cryptocurrency sector that many participants don’t even pay much attention to the smaller incidents.
- In an industry where over $13 billion has gone missing in over 325 separate events, it’s difficult for people to keep track.
Hacks and exit scams have become so commonplace in the cryptocurrency sector that many participants don’t even pay much attention to the smaller incidents. In an industry where over $13 billion has gone missing in over 325 separate events, it’s difficult for people to keep track. But the recent hack of KuCoin, one of the world’s most popular digital asset exchanges, was eye-opening even for the most jaded corners of the crypto community.
Details of the event started to emerge early in the morning of Saturday, September 26, with the exchange itself confirming via Twitter and the company blog that it had detected unauthorized withdrawals, “which contained few parts of our total assets holdings (sic).”
At the time of going to press, much about the hack remains unclear. Nobody is yet quite sure how it happened, or even how much the hackers took. Initial estimates suggested it was around $150 million, which later increased to about $200 million. A few days after the attack, The Block researcher Larry Cermak suggested that it could be as much as $280 million.
If so, this would make it the third-biggest hack in history - eclipsed only by Coincheck
in 2018 and the hit on Mt.Gox in 2014. The critical difference is that both of those incidents involved the theft of a single asset. In the case of Coincheck, the attackers stole NEM, and Mt.Gox involved the theft of Bitcoin. One thing we do know about the KuCoin attack is that the hackers took many different assets, including BTC, ETH, XRP, and, if Cermak’s calculations are correct, nearly $150m in ERC-20 tokens.
A Vacuum for Speculation
The absence of information inevitably leads to speculation. Despite KuCoin’s CEO Johnny Lyu publishing two post-incident AMAs and assuring his firm would cover the losses, there are still many questions about what happened with KuCoin over the weekend.
For example, were all these funds held in a single hot wallet or multiple hot wallets? The former would imply a severe lack of consideration for security. But if the latter is true, it would mean hackers managed to obtain more than one set of private keys, perhaps implying insider involvement.
However, for anyone who lost out due to the KuCoin hack and has spent the intervening period kicking themselves for having trusted the exchange with their funds, there can be only one question. What’s the best way to keep cryptocurrency safe?
In light of the KuCoin incident, which wasn’t even the only exchange hack in September, it’s fair to say that keeping funds on an unregulated exchange is risky. In 2020, the two safest ways to keep your crypto funds safe are to use a custodial service or a cold storage wallet.
A custodial service involves using a trusted party to hold your cryptocurrencies on your behalf. For the average retail cryptocurrency investor, then Skrill is one such option. The company is a longstanding payment firm, founded in London but now with global operations. It’s part of the PaySafe Group, which also runs Neteller.
Skrill is a reliable option for those new to cryptocurrencies, or less proficient with some of the more technical concepts of using digital assets. Users can access cryptocurrency buy, sell, and trading services via the same user interface as for payments. Cryptocurrency purchases are very straightforward using Skrill fiat balances, and users can send crypto payments securely to other Skrill users.
The company partners with trusted exchanges and custody providers to keep customer’s funds safe. As an established financial services provider, it knows what to look for in its partners, and because it isn’t holding customers funds on loosely secured hot or cold wallets, it’s not a target for hackers.
High net worth individuals also tend to use custody providers for their crypto investments, as it takes the risk and headache out of having to manage their own private keys.
Cold storage wallets are a little more challenging to set up than using a custody provider. However, they are another highly secure means of storing your funds. Cold storage, or hardware wallets, keep your funds offline, meaning they’re generally less vulnerable than hot wallets that exist on internet-connected devices.
The two biggest providers of cold storage wallets are Trezor and Ledger. Unfortunately, neither has been proven to be 100% secure against attacks. In January 2020, researchers at Kraken Security Labs found a way of extracting the seed key in under fifteen minutes. Later in the year, developer Mo Nokhbeh found a different kind of vulnerability affecting Ledger devices that would allow a hacker to steal Bitcoin when transferring altcoins, such as BCH or LTC, forked from Bitcoin.
A newer cold storage wallet manufacturer, NGRAVE, claims to have developed the “world’s most secure hardware wallet” that never needs to connect to an internet-enabled device. However, the device is currently only available on pre-order and costs a hefty €350 (around $400.)
A hack on the scale of the one that KuCoin experienced is bound to leave crypto users with questions about fund security. However, like everything else involved with digital assets, finding the best means of keeping your crypto safe involves doing your research. Look for the best provider - either an established custody service or a proven self-custody solution - with a reputation for reliability and trustworthiness.
© 2020 CryptoDaily All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.