It is well-known among the digital currency community that “hot wallets” are susceptible to hacking.
As previously discussed, owners of cryptocurrency are often drawn to the hot wallet storage option due to the perceived convenience afforded by hot wallets’ consistent Internet connection, which allows for more expedient access and spending. Unfortunately, however, the significant risks associated with that convenience are often overlooked.
Because hot wallets stay connected to the Internet, they are inherently vulnerable to attack. Although hot wallets enhance the ease with which currency can be accessed and used, the catch is that it grants easier access to authorized and unauthorized users alike.
Here are some of the most high-profile hot wallets hacks in 2019.
The Binance Hack
In May 2019, hackers stole $40 million in bitcoin from Binance, one of the world’s largest cryptocurrency exchanges.
Binance was able to trace the stolen currency, which revealed that only the firm’s BTC hot wallet was compromised during the breach. According to Binance’s official statement, the attackers used a variety of techniques, including phishing and viruses, to circumvent the exchange’s existing security measures. “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” wrote Binance’s chief executive officer Changpeng Zhao.
By combining numerous individual transactions—likely designed to create the appearance of normal exchange behavior—the hackers were able to successfully withdraw the funds from Binance’s hot wallet. Although the withdrawal itself triggered security alarms, the transaction was irreversible since it had already moved from the exchange onto the blockchain.
It is not a coincidence that the assets stored in Binance’s offline cold wallets remained secure during the breach, reinforcing the idea that the only real solution for safeguarding one’s digital currency is through cold wallet storage options.
The BITPoint Hack
In July 2019, Mainstream financial news publications including The Guardian reporte $32 million in bitcoin went missing from a hot wallet owned by BITPoint, a Japanese cryptocurrency exchange.
The stolen funds included a variety of digital currencies–namely Bitcoin, XRP, Litecoin, Bitcoin Cash and Ether–the majority of which belonged to BITPoint customers. While BITPoint has released very few details about the hack, it is believed to have been executed through unauthorized access to private keys associated with the company’s hot wallets.
BITPoint did not detect any irregular activity or missing funds affecting their assets stored in cold wallets, which further highlights the superiority of cold wallet solutions for secure cryptocurrency storage.
Other notable “cryptocrimes” that occurred during 2019 include the $10 million in Ripple stolen from GateHub according to leading crypto trade publication cointelegraph.com, the $5 million lost to hackers by Singapore-based Bitrue, and an unknown quantity of funds mysteriously taken from CoinBene. While these incidents affected companies in different parts of the world, and sometimes involved different forms of cryptocurrency, the common thread between them is that each of the attacks only affected the assets stored in the companies’ hot wallets.
Following the cyber attacks, providers of hot storage solutions have made progress towards optimizing security but experts maintain that hot wallets will never match the security offered by cold storage and using them to store large amounts of currency is dangerous at best. For example, in his article for Fortune, Brian Armstrong (CEO of Coinbase) wrote:
“When used correctly, they can come close to, but not match, the security offered by cold storage. ‘Air gapping’ your private keys in cold storage means fully disconnecting them from the internet, such that a remote attacker can’t access them without some physical attack as well. This additional manual step introduces a nice guarantee that it is not just software protecting your money. In theory, any software can be hacked, even if it is unlikely.”
While no storage method is 100% foolproof, it is clear that hot storage, or hot wallets, are not the best way to store high-value assets. Many wise investors are switching to cold wallets, evaluating the market leaders across features such as security, convenience, backup and recovery options. Learn more about the advantages of Cold Wallets and get on the waitlist for the ITBx Cold Wallet, the first biometrically-secured cryptocurrency cold storage solution.
This article was published by ITBiometrics, Inc. a leading biometric hardware and software technology company that provides user-authentication services to consumers, businesses, and governments. The ITBiometrics Platform enables developers to build high-security software solutions using the trusted ITBiometrics fingerprint reader and hardware SDK. To learn more, visit www.ITBiometrics.com.