23 Nov 42 Billion Lost in South Korea Hack
July 12, 2018 4:02 pm Published by Danielle Seguis
This weekend saw the growing uncertainty in the cryptocurrency market deepen even more, especially after more than $40 billion in market value was wiped out. Bitcoin has already lost more than 50% of its value this year.
According to critics and experts in the industry, the recent slump is attributed to several issues, among them Chinese authorities cracking down on various trading platforms, and a recent exchange hack that took place in South Korea. In the recent past, a lot of attention has been drawn to cryptocurrency trading platforms, especially after the increase of money laundering cases, market manipulation, theft, and hacks.
Valued at $6,328, Bitcoin has already lost 53% of its value this year. This hasn’t affected Bitcoin alone, with some of the other virtual currencies suffering the same fate. As a result, the crypto market value has slumped to $244 billion. This is a considerable blow, considering that in January, the market was worth $830 billion, at a time when the crypto craze was all the rage all over the world.
One of the main reasons behind the current bear market is an increase in cyber-attacks. Of special note, her is the Coincheck Inc. hack in January where close to $500 million in cryptocurrency was stolen. Most recently, Coinrail, a South Korean trading platform was the target of a hack. Though the loss was relatively smaller, this news sent the market in panic mode, and according to Oanda’s head of Asia Pacific Trading Stephen Innes, this caused huge panic sales.
From the users’ perspective, if something like this can happen to a platform, there is a good chance it might happen to another, and so forth, hence the immediate panic. This wasn’t helped either by the low liquidity in the market that weekend. With such thin trading patterns in retail accounts, it’s very easy for people to be scared out of their positions. In this market, making a significant move doesn’t necessarily require a lot of money.
In a recent statement released online, Coinrail admitted that some of their digital currency had been stolen in a successful hacking attack. However, they didn’t mention the actual value. They confirmed that the majority of the cryptocurrency that they have (70%) is safe in a cold wallet that’s not connected to the internet.
At the time of this writing, most of the currency that had been stolen, ATX, NPER, and NPXS, had already been collected or frozen. A third of the stolen assets are yet to be recovered, but the authorities are investigating and following the trail of cryptocurrency development companies and other exchanges all over the world.
Coinrail has been listed in the Top 100 active trading platforms, and they trade in no less than 50 cryptocurrencies. The daily trade volume is estimated at around $2.6 million based on the data available at the time of this hack.
According to the Korean National Police Agency, this is a police matter, and investigations are still underway to find the hackers.
Meanwhile, the People’s Daily, run by the Communist Party, reported that China will not stop its fight against the risks associated with internet finance and illegal fundraising. With the help of central bank authorities, China is almost done with the major cleanup swoop that has seen a crackdown on rogue Bitcoin exchanges and ICOs.
5 Biggest Cryptocurrency Hacks of All Time
Cryptocurrencies are always an opportunistic hacker’s paradise. The following are some of the most notable cases where hackers carried out some of the biggest cryptocurrency hacks ever reported.
Since 2016, the Decentralized Autonomous Organization (DAO) had been offering venture capital fund services for projects that needed decentralized cryptocurrency. DAO was based on the Ethereum blockchain as a smart contract and managed to raise more than $150 million in Ether during a crowdfunding campaign. In fact, at that point, this was the most successful token sale.
On the morning of June 18th, 2016, suspicious activity was flagged on the platform. More than 3.5 million Ether worth around $70 million had been stolen by a hacker, and all this took place in less than a day.
The hacker had noticed a flaw in DAO where the smart contracts would return Ether several times before the internal balance was updated, and exploited it. As a result of this hack, the Ethereum protocol was initiated, reimbursements were made, and the ETC (Ethereum Classic) was created.
One of the biggest success stories in the crypto world was Mt. Gox. In a short time, Mt. Gox became one of the most sought-after exchanges, and with this popularity, the risk of attacks increased. The first successful attempt would come in 2011, and Mt. Gox was taken offline by hackers for days.
Someone managed to gain access to the auditor machine used by Mt. Gox and transferred several thousand Bitcoins out of the system. To make matters worse, the hacker then used Mt. Gox’s own software to cash in the Bitcoin. By the time this was noticed, user accounts had lost more than $8.75 million.
In an attempt to verify the ownership of the coins, Mt. Gox had to move more than 400,000 Bitcoins to an Mt. Gox address from their cold storage, executed in Block 132749. Later on, in October the same year, some transactions were again flagged at Block 150951, where around 2,600 Bitcoins had been transferred to different invalid addresses. Since there was no private key assigned to these Bitcoins, they were lost.
In February 2014, Mt. Gox was in the limelight again for all the wrong reasons. Another hack was imminent, and this one was so bad that they had to file for bankruptcy. Several users filed complaints against Mt. Gox, forcing them to stop withdrawals and close their service, especially after they discovered that latent hacks had been persistent over the years.
This hack was so advanced that the security team at Mt. Gox failed to detect it, and more than 750,000 Bitcoins belonging to customers and 100,000 Bitcoins owned by Mt. Gox were lost. By that time, the hack had wiped out around 7% of the global Bitcoin currency, which was estimated to be worth more than $470 million.
The Parity wallet was another victim of a hack, exploiting a flaw in the Parity Ethereum client. More than 150,000 ETH were stolen, with an estimated value of $30 million. This would go down as the second largest hack ever in the Ethereum network. The hacker managed to use the Parity client 1.5 and gained access to the Parity multi-signature wallets. By using the zero-day exploit, the hackers were able to remove coins from different multi-signature wallets without requiring authorization. By the time this was discovered, several high profile multi-sig contracts had been affected, especially those that were holding tokens from successful ICOs.
The hacker executed a command sending two transactions to each contract. One transaction would assume ownership of the contract, and the second transaction would wipe out all the funds it held. This was the hack that forced The White Hat Group to move the funds they held in Parity wallets to a different Ethereum wallet that held more than 370,000 Ether.
Bitfinex, one of the biggest Bitcoin exchanges in the world, was a victim of a hack in August 2016, losing roughly $72 million in more than 119,000 stolen Bitcoins. Like most of the other hacks, the hacker simply exploited a vulnerability in the multi-sig system that Bitfinex used to sign Bitcoin withdrawals. This was primarily aimed at the way Bitfinex accounts were structured with BitGo, their wallet provider.
BitGo owned one secret key, while Bitfinex owned two. To prevent any threat of potential breach in security, Bitfinex started using the multi-sig system. This would bring in several people in the loop to authorize each transaction. Given the security protocols in place, details of how this hack was executed remain unclear, but it went down as the second largest hack on a crypto exchange platform.
At the time of the hack, Bitcoinica was one of the most popular trading platforms for Bitcoin. In 2012, Bitcoinica was the victim of two separate attacks. The first attempt targeted the platform’s customer service portal, through which the hackers managed to steal around 46,000 Bitcoins in the wallets of 8 customers.
The second hack would happen a few months later, which targeted the production servers. In this attack, more than 18,000 Bitcoins were stolen. Four of the customers affected sued the company, demanding compensation of around $460,000. During the suit, it was discovered that Bitcoinica stored most of the digital currency online instead of using cold storage offline.
So far, these are 5 of the biggest hacks that have ever been carried out in the cryptocurrency world. The Mt. Gox hack stands out particularly not just because of the massive losses that were incurred, but also as a result of the malignant mismanagement that eventually led to the hack. In the case of DAO, the hacks were so bad, that the only way they could compensate the customers for the damages incurred was to create a new coin.
If the Bitfinex hack is anything to go by, what we see is resilience in the world of cryptocurrency. Serious exchanges will always find a way of bouncing back from such incidences.
There might be uncertainties here and there, but whatever happens, exchange platforms usually fight back. There will be flaws which aren’t uncommon in any monetary system, even the fiat system. However, the will to survive is one of the reasons why cryptocurrency could be the future.
How to Keep Your Crypto Funds Safe
You can keep cryptocurrency either in exchanges or in your coin wallets. Unfortunately, there are risks associated with either of these methods. Before we look at the things that you should do to protect your funds, there’s one thing we must address – convenience.
Regarding security, convenience is always your worst enemy. In any security system, the weakest link is human interaction. If you can understand these two things, you will be able to make the required changes to protect your funds.
Another thing we have come to realize is that most people are afraid of facing these challenges, and as a result, are afraid of investing in cryptocurrencies. However, as soon as they overcome their fear and start trading, they throw all caution to the wind and forget about safety.
Before investing in cryptocurrencies, you should understand how they work. This gives you a better shot at learning the safety precautions you should take. The safety procedures vary from one currency to another and between different exchange platforms.
You must be informed and stay up to date with what’s happening in the crypto world so that you can be aware of hacks as and when they happen and respond accordingly. Recently, for example, I had plans to invest in an ICO that would open MEW. However, following up on the news in my Twitter feed, I realized there was a DNS attack linked to it, which eventually turned out to be a lifesaver for me.
Use a Safe Computer
Whether you are using it to trade on an exchange or to transfer your funds between wallets or exchanges, you must make sure that you are using a safe computer. Resist the urge to conduct your transactions on shared computers like the ones you use in the office. In fact, if you are in a position to afford it, you should buy a computer only for your transactions.
Based on the discussions I have followed online, most people find the MacBook reasonably secure. In the same line of thought, using the Linux OS would be more advisable than using a Windows-based machine.
Use Safe Networks
By all means, avoid using open or free wireless networks, and public networks. Compared to wired networks, wireless networks have weaker security. When possible, access the internet through a wired network. If you don’t have this opportunity, use your personal wireless network. However, don’t make the mistake of using a wireless network whose router you don’t have control over.
Use Strong Passwords
You have probably come across many discussions about password security; generating passwords that are strong enough, but easy for you to remember. The problem with passwords that are easy to remember is that they are a loophole in our security. The ideal solution would be to come up with a password that you can remember easily, but a computer would struggle to guess.
Distribute Your Funds
You should find ways to protect your private keys. To limit the risk of losing your passwords, distribute your funds across different exchange platforms and your offline wallet. Make sure you only use exchange platforms that you fully trust like Kucoin and Binance, or any other that works for you. At the same time, make sure the exchange that you use has an account recovery protocol in the event of a hack.
Categorised in: Uncategorized
This post was written by Danielle Seguis