Hundreds of millions of U.S. dollars have been lost to seemingly simplistic hacks-turned-heists of digital asset exchanges. How? And how can you safely manage your own digital assets?
Sky’s Not The Limit
Somebody or something under the alias Satoshi Nakamoto created the digital asset Bitcoin in 2009 to function as a global currency for all. It’s starting price: less than $0.01. As of October 18th, 2020, one bitcoin is worth $11,483. Likewise, Ethereum went live in 2015 at a little less than $3. Now, $378.
The Grandest Heists Are Now Digital
Japanese cryptocurrency exchange Coincheck shocked the world in January 2018 when it lost the equivalent of $530 million in the form of 500 million tokens of obscure digital asset, NEM, or New Economy Movement. For comparison, the Antwerp diamond heist of 2003, or “the heist of the century,” represented a loss of around $100 million. So how could a loosely known exchange using a lesser-known digital asset, represent five Antwerp heists in one go?
Easy. The exchange—which still manages a multitude of digital assets—kept all of their NEM in a single hot wallet (more on this later) and did not use the recommended multi-signature protocol for large transfers. Meaning, the hacker(s) used a virus delivered to Coincheck employees via email to operate their computers remotely and illegally. They stole the private key (i.e. the necessary code) for said hot wallet and then initiated the transfer without having to find a second or third private key. Approximately 260,000 users were affected.
Despite this the hunt for the stolen NEM lost all of its steam in the same year. There have been no news reports of who did it, only that they likely and successfully converted their NEM to other digital assets, namely bitcoin.
A second meditation comes from another Japanese cryptocurrency exchange, Mt. Gox, once an all-star in the world of digital assets and once considered the world’s largest bitcoin exchange. Then in February 2014 it was revealed that Mt. Gox lost $460 million worth of bitcoins. The truth: hot wallet private keys were stolen in 2011 and the company somehow didn’t notice as hundreds of thousands of bitcoins went missing over time. A case of criminal shawshanking done extremely well, aided by poor security management.
How to Keep Your Digital Assets Secure
It starts with the private key. It’s a complex form of cryptography enabling you to access your digital asset(s), like your own highly-skilled signature unable to be copied nor forged. With it you can withdraw, spend, transfer and generally perform transactions, but first we need your public key too.
The public key is derived from the private key (though the process is not reversible), and the public address from the public key. Sounds complex, but in practice it’s genius. The public address is your bank account number for digital assets, and the private and public keys your digital wallet.
A “hot” wallet is one connected to the internet, and by definition, hackable. The upside is they can quickly move digital assets akin to any traditional checking account. While it feels like common sense to keep only a small portion of assets hot, we know already that digital asset exchanges failed to effectively employ what is known as “cold” storage.
A cold wallet is not connected to the internet, and thus not hackable. It is extremely vital to have your digital assets on cold wallets.
There are two main options for keeping your digital assets cold: hardware or paper. A hardware wallet is essentially a specialized USB stick holding your private key offline. Almost always this option is not free but enables you to be the sole, bona fide owner of your digital assets. Same goes for paper, but the downside is that: paper can be damaged or lost easily. Consider secure backups, and it is not uncalled for to have backups of backups. Bitcoin, after all, is considered to be digital gold.