Surprisingly, one of the reasons why there are so many breaches of exchanges is because a lot are setups and scams. You see, setting up a “fake” cryptocurrency is not hard. All you have to do is build up a great amount of hype around your coin, making people think that it is valuable. Victims will then invest their money into it, effectively exchanging their actual legal currency for this cryptocurrency that they think will become more valuable as time goes on. But, the creators of the coin don’t actually care about increasing its value or improving the status of the crypto, rather they just want to exchange as many of these coins as possible to get real money from people. Then, once they feel they have tricked enough people into giving them loads of money in exchange for these coins, they stage a “breach”. Virtually everyone’s accounts are drained and they no longer have access to the coins they bought, meaning they can no longer exchange them for real legal currency anymore. The people behind the exchange just throw their hands up in the air and say “Must have been hacker”, but really, they were behind the breach and walk away with all of the actual money.
But, of course, not all cryptocurrency exchanges are scams and it appears that if everything works out, cryptos like Bitcoin could revolutionize how the average person makes transactions. But, everyone knows that will never happen as long as legitimate cryptocurrency exchanges also get hacked.
Many online wallets for cryptocurrencies have private “keys” that a user can use to access their personal wallet. Obviously, the exchange needs to be able to verify that the information a user is entering is correct, so they keep a database of these private keys or passwords. But they don’t just keep the plain password, they apply a cryptographic hash function to manipulate the password and they store that. That way, if an external threat were to gain access to the database containing the passwords, they would see the manipulated passwords and not the actual ones.
Unfortunately, however, if a hacker were to somehow gain access to the passwords prior to them being run through the hash function or they figure out the hash function, then people’s private wallets could be compromised. This means that the hackers could drain people’s accounts because they have all the information necessary to access their account. That is where two-step verification comes in to play. After you login with the correct username and password, that isn’t enough to access your account. Sites that utilize two-step verification will then request to send a code to the phone number associated with the account or the email associated with the account. Once you put in the right code, then you have access. More and more financial institutions are making use of two-step verification to help users protect their valuables, however, two-step verification still is not perfect. Hackers could still possibly intercept the code sent to the phone number or email account associated with the account.
So, in reality there are virtually no ways for cryptocurrency exchanges to completely avoid security breaches. Unless, they store all of the currency they currently have within a cold wallet. You see, a cold wallet is kind of like a savings account. It is a wallet that you can store your cryptocurrency on and it is offline which is extremely important because that makes it infinitely more difficult for external threats to gain access to it. However, if your a cryptocurrency exchange, you want to store your currency in hot wallets (wallets that are online) because this allows for users of the exchange to readily make trades. So, if you are a trader of the top cryptocurrencies, like Ethereum and Bitcoin, then it is probably best that you store the majority of your currency in a cold wallet. Creating a cold wallet is quite easy and the simplest form is called a paper wallet, where you create an offline document containing all your public and private keys and print them out on a physical piece of paper. There are some reputable software and hardware that also effectively store your cryptocurrency in a cold wallet and two of them are Trezor.io and Keepkey.
What did we learn today? That as long as your currency is stored in a hot wallet, then it is vulnerable to being taken from you by an external threat. So while nearly every cryptocurrency exchange stores user’s money within hot wallets, you need to be smart with your own money. Keep only what you want to trade soon within these exchange’s accounts and transfer everything else into a cold wallet. That will minimize the risk of you losing a lot of money because of an exchange’s security vulnerabilities.