Crypto exchanges have always been the main target of cyber criminals, who through hack attacks have managed to steal a total of $3.45 billion since 2012.
Institutional investors, given the frightening figure, are looking for intermediary solutions capable of safely guarding their assets while providing convenience in operations.
Let’s try to delve into this issue by reporting on analytical research published by Binance.
Crypto exchange hacks since 2012: research by Binance
Since 2012, crypto exchanges have fallen victim to numerous hacks and cyber attacks, which have stolen a substantial amount of assets through a variety of methods.
In total, the sum amounts to about $3.45 billion across 48 different exchanges, with the theft curve accelerating from 2020, most likely motivated by the reputation the crypto industry has earned in recent years.
Those who lose out, without a shadow of a doubt, are mainly the investors, who punctually see their capital disappear from one moment to the next and in most cases are never compensated.
Although exchanges are supposed to serve exclusively as fiat onramp and trading solutions, it is now well known that many users use them as custodial solutions, given the user-side simplicity offered and given the low commission costs compared to non-custodial providers.
In addition, software or hardware non-custodial wallets underlie the need for good knowledge of best practices in terms of private key management and the mechanisms inherent in blockchain on the part of their users, who are still part of a narrow niche.
The average retail user prefers to download the Binance app, make a transfer from their home banking, trade (or gamble) on centralized markets that are much more liquid than decentralized counterparties, and custody assets directly on the exchange.
The dual custodial/operational role of these infrastructures, in addition to attracting smaller investors, also attracts many hackers, who try hard to find out the private keys to exchange wallets, thereby hitting a jackpot.
Binance’s research showed that of the 3.45 billion stolen since 2012, 29.4% comes from capital leaks through the hot wallets of these platforms, representing the most common method used by cybercriminals.
Next we find numerous other techniques used by hackers such as compromise of security systems and exchange servers, insider participation, data leaks, unauthorized transactions, internal staff errors, vulnerabilities in protocols and bugs.
The risks of self-custody for institutional investors and the role of centralized custodians
While retail investors, as mentioned in the previous section, prefer the convenience of exchanges, institutional investors are looking for more flexible solutions that can compromise between the security trade-off and operational convenience.
This kind of investor, who manages assets on behalf of third parties, is increasingly interested in cryptocurrencies and the volatility present in these markets but necessarily requires professional services with high security standards and easy access to assets to conduct trading operations.
Binance has classified traders who custody assets on behalf of institutions into 3 categories: custodians, custody technology providers, and hybrid custodians.
Each of these has advantages and disadvantages regarding private key management of wallets, regulatory protections such as insurance and audits, and speed of access to assets.
There is still no single solution nowadays that can enable maximum security and at the same time offer all the conveniences and advantages related to the management of trading operations.
In this regard, experiments are underway that can find a meeting point between these two institutional needs.
In any case, according to the study conducted by Binance, The Off-Exchange Settlement (OES) represents one of the best examples regarding custody providers offering advanced trading services.
Specifically, OES allows institutions to access their assets in much the same way as on retail exchanges, but without the need to actually deposit capital on the platform.
The mechanism consists of 3 steps:
- an institutional custodian holds the assets internally on behalf of a client;
- the custodian locks the majority of the fund into a multi-signature / MPC wallet;
- a crypto exchange provides the institutional client with a tradable credit on the platform that reflects the amount of assets managed by the custodian.
This provides the right trade-off between security, dictated by the presence of a multi-signature wallet and the guarantees offered by the custodian, and the trading-side convenience offered by the exchange.
To date there are few providers of OES solutions, among them we can mention Ceffu, a partner of Binance and Copper, which provides this service for transactions of smaller volume.
Mt.Gox: the largest hack in the history of crypto exchanges
The largest hack in the history of crypto exchanges concerns the attack that hit the MT.Gox exchange platform in 2014, which at that time held the record for volumes generated by traders in the industry.
MT. Gox was founded in 2007 by Jed McCaleb, a computer programmer who initially established the platform as an exchange venue for cards from the well-known game “Magic.”
In fact, the initial name of the exchange was “The Gathering Online Exchange,” but it was renamed MT.Gox the moment there was a shift into the cryptocurrency world.
In 2014, the platform handled about 70% of all Bitcoin trading activity, both because of its centrality and the fame it had gained, and because there was not as much competition in those years as there is today.
In February of that year, the largest hack in the history of cryptocurrency theft occurred, taking 850,000 BTC from the exchange.
The platform quickly declared bankruptcy and investors were left holding the bag for many years until a settlement was reached between creditors and bankruptcy attorneys.
Specifically, given the recovery of 200,000 BTC and the disproportionate rise in the price of the asset in the years that followed, the MT.Gox trustee found himself holding a dollar countervalue capable of repaying all creditors based on the balance in FIAT (not BTC) held in early 2014 on the exchange.
In practice, creditors recovered everything they had lost in dollars, but they lost the opportunity of a lifetime in holding the best-performing asset of the entire decade.
Liquidations are still ongoing and currently the MT Gox trustee still holds 137,890.98 BTC while the remaining 64,214.99 were sold to the market between December 2017 and May 2018
From that event onward began the first narratives of Bitcoin maximalists about the importance of holding one’s private keys personally and the dangers of exchanges as cryptocurrency custody platforms.