2018 was quite a busy year for cryptocurrency investors; the value increased at the beginning of the year before taking a downward trend. With the increase in value came an increase in the number of investors, which led to increased cases of hacks. And, since markets grew so quickly, the different exchanges didn’t get the time and resources to invest in more resilient security measures.
Hackers have been using state-of-the-art tactics such as social engineering to steal from crypto exchanges. This is where they steal identities and pretend to be different people in order to successfully steal investors’ coins. The most recent hacks affected leading exchanges Binance and Bitpoint. Let us see how they happened.
The Japanese Bitpoint Hack
Japan-based exchange, Bitpoint, last week announced $32-million hack. However, the company has announced this week that they have found $2.3 million of the missing fund. According to a report from Japan Today, the stolen crypto was discovered on other exchanges outside Japan. These exchanges also use Bitpoint’s trading platform. Following the hack, the exchange halted all its services, including deposits, withdrawals, and trading of all crypto assets.
Remixpoitnt Inc., the exchange’s parent company, announced that assets worth $23 million belonged to their customers. However, the company promises to refund the more than 50,000 users who lost funds in the hack. Customers will receive the funds in cryptos on a 1:1 basis, according to a company report in Tokyo on 16th July.
The Binance $40 Million Hack
According to Binance CEO Changpeng Zhao, the company discovered a network security damage on 7th May 2019. As a result, hackers managed to obtain API keys, 2-factor authentication, and potentially other valuable information of Binance users. The hackers used various techniques like phishing, viruses, and other malware attacks to execute the attack.
In a letter addressed to the crypto community, Zhao noted that the hackers had the patience to strategize and carry out a well-prepared attack through multiple independent accounts at an opportune time. In the process, they got away with 40 million USD, and the company could not block the withdrawal before it happened. Binance continues with the investigations as there might be more impacted accounts.
Zhao further added that the breach affected only Binance’s hot wallet that holds about 2 percent of the company’s total bitcoin holdings. The company, however, promises to refund the wallet holders who lost their coins through their safety funds. Commonly known as the Secure Asset Fund for Users (SAFU), the security fund will cover the losses hence saving the users from the loss. The SAFU fund comprises of 10 percent of all trading fees generated by the exchange.
What Next After Crypto Wallet Hacks?
These are just the most recent cases of crypto wallet hacks that have happened since its introduction. These cases are on the rise, and it’s for various reasons. First, the decentralized, anonymous, and unregulated nature of cryptos makes it impossible to trace them in case they are stolen or they go missing. Second, there is no authority to hunt down hackers after they have stolen your funds. Third, no central company is available to reset your password in the event that you forget it. And, lastly, there isn’t a customer care center that you can complain to when things go wrong.
So, what can you do to keep your coins safe? Here are some of the things you can do to ensure your intent money remains safe and secure:
Avoid Public Wi-Fi
Here, the rule of thumb is to never access your crypto wallets using public Wi-Fi. Only perform crypto transactions through the networks that you trust to prevent someone from eavesdropping and rechanneling your funds to a different account. Also, online cryptocurrency transactions should only be done on a personal computer or device without any other accounts on it. You can’t risk single malware contamination on your device because that’s all it may take to lose everything.
Use very Strong Passwords
Using very strong passwords or set of keys will help secure your wallet and backups. Strong passwords are hard to remember or crack. Most password generators will help you create one with 64 letters, both uppercase and lowercase characters and symbols, and numbers. Remember criminals use more complicated password crackers to hijack your account, so make sure you have a longer, more varied password. You should also master the seed phrase and keep it in a safe place or safety deposit box.
Boost the Security of your Phone’s Account
There have been reported cases of hackers using social engineering to gain access to someone’s phone, and then resetting the password to the person’s email address. Once they have access to your email, it becomes easier to reset passwords to other associated accounts, which may land into your crypto assets.
To prevent this from happening to you, ensure your phone provider heightens the security of your account for over-the-phone client services. In case someone else calls them up, they should ask for more information and not just the name and birthdate.
Store your Coins in a Secure, Offline Wallet
It is advisable to avoid storing your coins on an online storage exchange, and instead store them on an offline hardware device such as a hard drive or USB. Most hackers target online wallets, exchanges, and other forms of storage to steal funds. The idea is to make sure you can see and feel your money. Also, USB devices have keys that require you to confirm or cancel a transaction by touching them. This ensures that hackers cannot record your keystrokes.
Use Strong Two-Factor Authentication (2FA)
Using a multi-signature or two or more keys to authorize a crypto transaction will greatly lower the chances of fraud. Two-factor authentication basically means verifying your identity using two methods when trying to log into your online account. Using this method will ensure that even if your password is hacked, the hacker will still need to have the device that receives the secondary code.
Good crypto exchanges and wallets will always give you the option to use 2FA, but you are the one to choose whether to switch it on or not. While you can use SMS 2FA, this is strongly discouraged as hackers can gain access to your phone by calling your service provider. The golden standard is to use 2FA through apps such as LastPass authenticator or Google authenticator for (iOS) (Android).
Reports of hacks on crypto exchanges and wallets continue to rise and its time the investors took control of their own coins. As we wait for more stringent AML laws and increased regulation, the above procedures can help ensure our cryptos remain safe. Don’t entrust someone else with the responsibility of taking care of your internet money, research and look for sophisticated ways to safeguard your coins.