Cryptocurrency has had a wild ride this year. After reaching all-time highs in the December-January timeframe, prices entered Long January, from which they have yet to recover.
In addition to the usual series of market shocks and regulatory pressure, 2018 has seen some of the highest profile hacks in the industry thus far.
We’re going to look at the major incidents and try to figure out what they mean for the industry at large.
January 2018: $500 million
In late January, hackers targeted the hot wallet of Tokyo-based Coincheck, ultimately stealing about $500 million. The exchange subsequently reported that the theft was not a result of an inside job and that the cybercriminals were able to hack into the NEM hot wallet due to a lack of multi-signature security. Coincheck published 11 addresses containing the compromised NEM tokens and flagged them so that the hackers could not trade the stolen funds on other exchanges. However, that doesn’t preclude the coins leaving the crypto market. Coincheck has agreed to repay its investors to the tune of $420 million as recompense for the hack.
June 2018: $40 million
South Korean exchange Coinrail suffered a hack in June that cost the exchange $40 million in ERC-20 tokens. The stolen tokens included NPXS, ATC, and NPER. Pundi X project developers – originators of the NPXS token – elaborated in an unaffiliated blog post, indicating that almost 2,000 ETH had also been stolen, as well as a multitude of other tokens. Coinrail flagged an Ethereum address linked to the hack, though it wasn’t immediately clear whether the hacker managed to liquidate the ill-gotten gains. The hack resulted in the loss of 30 percent of the exchange’s total value, two-thirds of which was subsequently frozen.
June 2018: $31 million
Again targeting a South Korean exchange, hackers stole $31 million in June by compromising XRP wallets. The hackers may also have compromised other tokens. The exchange immediately agreed to compensate victims for their losses and reportedly ramped up its security in the face of an investigation by the Korea Internet & Security Agency.
A rocky first half of the year for cybersecurity, indeed. Several common denominators link the hacks. All involved substantial dollar-values stolen, in most cases, from a single wallet or family of related wallets. All appear to have been hacks by outside agents that made use of internal security weaknesses, rather than inside jobs perpetrated by exchange personnel. And, oddly, all occurred within the Asian market. Doubly odd that two of the hacks occurred within South Korea, which until recently has had a fairly conservative view of cryptocurrencies in general.
This conservative view had been slipping a little in light of the immense popularity of cryptocurrencies within Korea, but the high-profile hacks may slow or even reverse this process. In an industry struggling to prove itself worthy of investor and regulatory confidence, million-dollar losses may not be palatable.