20 AUG

Lock Up Your Bitcoins, Here Come the Hackers!

These days, not even the NSA is safe from hackers! The spy agency’s own hacking tools are being auctioned off by the attackers, who are demanding a king’s ransom in Bitcoin. While being the currency of choice for such sophisticated hackers speaks volumes for Bitcoin’s desirability, it also underlines the importance of securing your own coins.

Over the past few months, the cryptocurrency space has been shaken, not stirred, by a series of high profile hacks. In June, Bitcoin’s biggest rival by market cap, Ethereum, was drained of tens of millions of Dollars’ worth of ETH tokens. The attacker uncovered (read about) a critical vulnerability in the smart contract code of Ethereum’s flagship application; the crowdfunding platform known as “The DAO.” By exploiting this vulnerability, the attacker was able to claim roughly 4% of total existing ETH supply. This attack more than halved the ETHUSD price and ultimately forced an extreme response; Ethereum bifurcated into two distinct coins.

Bitcoiners, who’d long criticized the much-hyped Ethereum project for its inadequate security and sloppily-coded smart contracts, were afforded little time to bask in the smug glow of schadenfreude. On August 2nd, a major Bitcoin exchange was hacked for a grand total of 199,756 BTC - at the time worth around 90 million Dollars. Whether an outcome of negligent security practices, ingenious hacking, insider complicity or some deadly combination thereof, the hack lopped roughly $100 off the Bitcoin price. BTCUSD proceeded to collapse to a panicky low of $460, although price has subsequently staged a moderate recovery (it’s currently hovering a little below the $600 mark).

In what’s being termed “the first Bitcoin bailout,” the exchange in question chose to deal with the loss by “socialising” it. Instead of limiting the fallout to those customers whose accounts were directly affected, all customers were subjected to a 36% “haircut” on their exchange-held fiat or crypto assets. These unfortunates will be compensated, in theory, by receiving specially-issued crypto tokens representing the exchange’s repayment obligation. The intention is that these tokens be eventually redeemed for money derived from the profitability of the exchange’s future operations…  

The last time a Bitcoin exchange hack made international headlines was probably the infamous failure of Mt. Gox, when ~750,000 BTC went missing. The reporting around the recent breach was better-informed than coverage of the Gox incident in late 2013; this time only a few media outlets created the impression, whether intentionally or through ignorance, that Bitcoin itself was compromised. On a superficial level, the related price drop did lend credence to the “Bitcoin is dead, for real this time” hysteria. However, such a narrative is like questioning the dollar whenever a bank gets robbed - unfair and illogical. It should be remembered that if the massive Gox heist couldn’t kill Bitcoin, neither can this lesser theft.

In any event, such dramatic and distressing hacks naturally lead to heightened security concerns. We’d like to reassure our clients that Bitcoin itself - that is to say, the protocol, network and cryptography which underpins your “digital gold” -  remains inviolate and reliably secure.  We’d also like to offer a little friendly advice on the safe storage of Bitcoin; a simple practice which greatly reduces your risk of losing funds to hackers. This simple maxim which has probably saved more bitcoins than the most sophisticated security imaginable:

If you don’t control the private key, you don’t own the bitcoins.

The instant you BTC to an exchange, or indeed to any third party, you’re exposed to custodial risk. There’s just no way to compel the coins’ return, instead you’re reliant on the trustworthiness and competence of that other party. While this also applies in the fiat world, there are established rules and procedures governing the recovery of funds in that environment.

You should never store bitcoins anywhere but your own offline wallet, ideally in a cold or hardware wallet. However, there are certain situations in which custodial risk is unavoidable. For example, traders or those who lend margin funds to traders have little choice but to keep their coins on deposit at an exchange. In such cases, the expected profit must be balanced against the inherent custodial risk. So many crypto exchanges have been compromised that this risk must be considered fairly likely.

Kindly note that Coinmama does not operate as a deposit exchange. Thus, custodial risk doesn’t apply to our model (except during the brief window in which your fiat is exchanged for crypto or vice versa). As we don’t accumulate and store vast monetary sums, Coinmama is unlikely to attract malicious attention. Hackers tend to focus their energies where rewards are greatest.

What you do with any bitcoins you purchase from us remains entirely your own affair. However, to prevent any future losses, we’d like to encourage long-term holders to keep their coins safely within their own wallets insofar as possible.

Back to blog