A small attack on a fairly niche virtual currency exchange plunging the crypto value makes the point that the biggest setback of cryptocurrencies beyond security is volatility.
Cryptocurrencies always presented themselves to consumers as ultra-secure stores of value, as every transaction was verified by blockchain, a form of distributed ledger. In real life, though, storing your cryptocurrency in private wallets online – so that it’s actually easy to use – seems to be about as safe as putting it behind a bench in a public park.
The problem is not the blockchain itself, which is still much more secure than today’s banking networks – the problem is elsewhere. As many said before “the Achilles heel” is the security protocols of the cryptocurrency exchanges that store users’ private wallets.
Most exchanges – such as Mt. Gox, in this case, Coinrail – simply haven’t invested enough in strong and smart security, including fraud analytics and continuous strong and risk-based user authentication.
That’s because cryptocurrency exchanges are usually nothing like the exchanges and banks in the real world. Some are run by just two or three people. No wonder then that they might not know much about how to protect themselves against hackers.
That – combined with the fact that many advanced hacker groups have migrated from attacking banks to attacking crypto exchanges because they are more lucrative targets.
And it’s not just crypto exchanges. There has recently been a surge in a different kind of cyber-attacks called 51 percent attacks; criminals take action when more than half – more than 50 percent, hence the name – of the validation of transactions (or computing power) is controlled by one party, so that validation is not trustworthy because there are no checks and balances on that party’s power. Hackers get enough computing power to compromise smaller networks, prevent new transactions from getting confirmed, thus halting payments between users – and steal large sums of digital money.
At least five virtual currencies – monacoin, bitcoin gold, zencash, verge and litecoin cash – have recently been hacked.
Such attacks were developed specifically to overcome the safeguards of the blockchain. There are even websites that estimate the cost of and even provide the processing power required to carry out such an attack.
Some say the possibility of an attack is as high as 51 percent. Which is why users should only trade in crypto that has substantial hashpower. Hash power refers to the number of computer nodes (servers) that validate the transactions – so the more validation nodes (also known as miners), the more hash power in the network, and the less likely the validation of transactions can ever be manipulated since there is no ‘majority’ owner.
For now, bitcoin meets that test. It’s ironic that it’s hash power that has grown exponentially since the crypto bubble price of $19,000 that started crashing last year. Bitcoin has never been more secure because of that – in other words, more and more nodes are needed to achieve consensus, or to validate or cross-validate the deals.
Users should stay away from centralised crypto blockchains as these types of attacks are real and prone to happen.
As for extreme volatility it’s possible the large traders are shorting bitcoin and other crypto currencies to drive prices down – so they can buy in at low prices.
The plunge might also be due to panic-selling. People hear of yet another cryptocurrency exchange being hacked and they sell their cryptocurrency, believing it might also be at risk. That selling then causes more media stories and the media stories ignite yet more selling.
So what can bitcoin owners do to secure their digital riches? Using a “cold wallet”- one that is not connected to the internet – is a good idea to enhance security. Most crypto exchanges got hacked because the currency was kept in an online hot wallet.
But there is a trade-off – in usability and convenience. Maintaining the ability to trade rapidly, introduces extra steps by offline storage that might not be as attractive.
One option is to opt for a hardware-based private cold wallet like Trezor. The usability of such wallets is improving, and if a user can’t manage that, then he or she should use well-known established exchanges that are open to regulations, for example Coinbase.
Another option for consumers is to invest in crypto funds managed by regulated financial institutions, but that’s costly because of fees, and liability rules are still unclear.
Despite the high-profile hacks, cryptocurrencies are no more vulnerable to theft and fraud than cash and even mature banking systems. The difference is that any raid on a cryptocurrency exchange triggers much more volatile trading than a cyberattack on a traditional bank – simply because the traditional financial system is much larger than all cyber currencies taken together.
Cryptocurrencies may have gained in popularity during the past few years, but investors should not forget that they are an immature financial asset – although the arrival of large financial institutions like Fidelity and Goldman Sachs, who have set up crypto trading operations, may change that quickly.