Last Thursday, cryptocurrency exchange Crypto.com released a blog post confirming that they had lost well over $30 million in Bitcoin and Ethereum after a hack that took place on January 17th. The company initially called the hack “an incident" and said that "no customer funds were lost." Crypto.com says it has implemented additional security protections and has called in third-party auditors to further assess its security but the company did not provide specific details about the improvements.
We’d like to take this opportunity to remind you why storing your assets on an exchange is not secure.
CRYPTOCURRENCY EXCHANGES: CONVENIENT BUT UNSAFE
There’s no doubt that exchanges are a convenient way to buy and manage cryptocurrency: you simply have to log into your account via an application or website in order to view your account balances and make transactions. But when you decide to leave your cryptocurrency on an exchange, you’re trading safety for convenience.
You see, because exchanges hold billions of dollars worth of cryptocurrency, they are enticing targets for hackers. Overall, it is estimated that at least $11 billion worth of cryptocurrencies has been stolen since 2011.
It’s important to note that:
- Exchanges lose $2.7 million every day on average, and this figure is set to increase in the future.
- Hacking attacks are becoming increasingly elaborate. It's a highly-rewarding activity; therefore it pays for ever-increasing time and effort spent on plotting hacks.
- Exchanges are not cybersecurity enterprises. They run financial marketplaces first, and experience has shown they can’t guarantee top-notch security, even for the ‘so called’ leading exchanges.
When you store your assets on an exchange you rely on them to keep it safe. Even if they follow all the safety guidelines, they will forever be in an arms race with criminals.
OWNERSHIP OF YOUR CRYPTO
Each cryptocurrency address on the blockchain is tied to a pair of private and public encryption keys. The public key allows other users to send money to that address, while the private key enables the owner of the address to send payments to other addresses. This means that your funds are secure only if you keep your private key, well… private.
But when you store your assets on an exchange, you are giving up ownership of your private keys. Exchanges in fact store the private keys on behalf of their users and instead, you are given access to your cryptocurrency via a username and password to log into their website. Pairing this log in with 2FA does help, but this still does not provide full protection from an array of hacking methods.
What happens if their website disappears? Well, so does your cryptocurrency.
This may seem a little dramatic, but it does happen. Just last week Turkish cryptocurrency exchange Thodex, with over 400,000 users, was accused of pulling an exit scam. Its CEO has reportedly fled Turkey, allegedly taking $2 billion of customer funds with him.
Is this the convenience you were hoping for when using an exchange?
LACK OF PRIVACY
When signing up for an exchange you usually have to provide them with a copy of your identity (passport, drivers licence) and a proof of residence document (utility bill, bank statement etc). Websites are extremely prone to external data hacks and if an exchange is not correctly storing and securing these documents, an attacker could get a hold of your personal data. It’s a good idea to ask the exchange how they are managing your personal information and if they are adequately protecting your identity.
A SAFE ALTERNATIVE
There is one sure way to keep your assets safe: hardware wallets. These devices allow you to retain the ownership of your private key, while also making it easy to trade with a wide range of cryptocurrencies when you safely connect to a computer. By securely switching between the functionality of hot and cold wallets, you can rest assured that your crypto wealth is in your hands, even if you lose the device.
To check out the full range of wallets Coinstop offers, please check out our store.