It is 2019, and we already have our first hack of a crypto exchange. Cryptopedia, a New Zealand crypto exchange, suspended trading earlier this week, due to “significant losses”. Details have been sketchy, but industry commentators have been quick to question the veracity of the announcements and whether a hacker was truly the culprit. In the midst of the confusion, Binance, the largest crypto exchange operating out of Hong Kong, has stated that it has blocked a portion of the suspected $3.6 million that was distributed to unknown blockchain addresses from Cryptopia accounts.
While police authorities in New Zealand investigate the Cryptopia “affair”, the event created a platform on social media for suggestions on what to do about security at exchanges going forward. In other words, CEOs and leaders in the industry chose to speak out, some countering what others said in a healthy exchange of ideas about, yes, exchanges and the various options available to investors to protect themselves.
The first person to speak out was none other than the CEO of Binance, Changpeng ‘CZ’ Zhao, who is never shy to express what he feels, even when his comments might come off as a bit self-serving. He noted that investors have three options: 1) Leave your funds at a “reputable” exchange; 2) Use an “offline” cold wallet; or 3) Leave your funds at a decentralized exchange (DEX).
Other industry leaders balked when they heard the last option. Decentralized exchanges have been hacked. They typically have low volume, which is one reason they are not targeted, but Binance and Zhao intent to launch a DEX in 2019. Zhao later did clarify his remarks, admitting that his comments bordered on self-promotion. In 2018, hackers did compromise Bancor, a supposed ‘decentralized’ platform, to the tune of $12 million.
Jesse Powell, Kraken’s ebullient CEO, was next to chime in, claiming that the safest method was to store your keys and funds in a “reputable” hardware “cold” wallet-like Ledger and Trezor. He questioned the use of “reputable” with exchanges, since in 2014, Mt. Gox was the most reputable and largest exchange in existence, but still sustained a major hack of nearly $500 billion. His counsel was: “PLEASE do not store more coins on an exchange than you need to actively trade”.
Pierre Rochard of Bitcoin Advisory countered that more funds have been lost at exchanges, in excess of $1 billion in 2018 by most estimates, than with “cold” wallets. The issue with wallets is that you can always lose your device, which becomes problematic on its own accord. Many “reputable” exchanges, however, have gotten the message. The best ones place up to 98% of your deposits in “cold storage”, far from the online “hot” wallet that could be compromised in the event of a hacker attack.
The last leader to speak up was Alena Vranova, the former CEO of Trezor. Her advice to crypto traders was to limit your risk exposure “by controlling your own private keys. Instead of using third-party services like online exchange wallets, [use] hardware wallets with multi-sig function [to] provide far greater security.”
In summary, there is no perfect solution to protect your crypto funds from professional hacking gangs. Offline “cold” wallets seem to be the best option, but hackers have found ways to compromise updates to the software that drives these devices, too. At the end of the day, however, it is best to maintain balances at an exchange to a minimum, leaving only amounts that you intend to trade in the short term.