Hackers are terrorizing cryptocurrency exchanges. In their recent report findings, Cipher Trace, a blockchain analytics firm specifically developed to create “cryptocurrency and blockchain tracing and security capabilities” has revealed that exchanges lost a combined $1.2 billion. A majority–not surprising—originated from BitFinex and another chunk from Quadriga CX where clients had to shoulder $195 million in losses after Cotton’s mysterious death in India.
“Criminals stole more than US$356 million from exchanges and infrastructure during the first quarter of 2019. Among these losses, exit scams—which CipherTrace is considering the implosion of QuadrigaCX to be one—robbed cryptocurrency users of nearly US$195 million. On top of these numbers, the New York Attorney General’s Office revealed what they allege is a fraud involving the loss of $851 million by a major cryptocurrency exchange, BitFinex.”
With Dave Jevans, a seasoned expert with more than 20 years in security holding 17 US patents on matters cyber security, as CEO, Cipher Trace findings cast a dull picture on the future of cryptocurrencies and crypto trading in particular. Although functioning on the premise of decentralization and full control, most liquid and stable cryptocurrency exchanges are centralized. Because of that, they are easy targets, a honey pot for hackers always monitoring their operations and striking on the slightest vulnerability.
“Hacking dwarfs all other forms of crypto crime, and it is dominated by two prominent, professional hacking groups. Together, these two groups are responsible for stealing around $1 billion to date, at least 60 percent of all publicly reported hacks.”
“Hackers typically move stolen funds through a complex array of wallets and exchanges in an attempt to disguise the funds’ criminal origins. The hackers then often observe a quiet period of 40 or more days in which they don’t move funds, waiting until interest in the theft has died down.”
Of the $1.2 billion, $356 million was siphoned out directly from exchanges and related infrastructure as processors while the balance was from BitFinex recklessness after sending $875 million to Crypto Capital whose funds and assets are now frozen by different governments including the US and Portugal.
Even so, Cipher Trace admits that their figure is an underestimation, as the reading could be higher. They go on confirming exchange’s worse fears that hackers are becoming more sophisticated and making use of ingenious techniques to monitor, attack, steal and launder their loot. A previous report by Chainalysis confirmed that there are two professional hacker group that are responsible for up-to 60 percent of cryptocurrency hacks.
They are organized and before cashing out, Chainalysis say the groups quickly spread funds across thousands of wallets, moving them up-to 5000 times before cashing out within 112 days via a conversion service.
Proliferating this is the obvious lack of regulation as well as exchanges own failure of adopting state of the art security measures and employing time tested practices to avert space-damaging leak. Per the Chainanalysis report, they found out that “exchanges and law enforcement have had limited ability to track hacked funds.”
Good news is, theft and general fraud can be controlled. For example, in the wake of Microsoft Outlook hack, Kraken are now forcing their clients to put in place 2FA before using their platform. Concurrently, regulators like in the US, South Korea and Japan do require application and rigorous checks on exchanges security before licensing. Should this be replicated across the world then losses through hacks would drop, cleansing the sphere’s reputation.