It is once again unpleasant news for the security practices of third party cryptocurrency exchanges, with reports suggesting that a Turkey-based platform has suffered a multi-million dollar hack. Whilst the name of the cryptocurrency exchange in question has not been made public, Turkish publication the Daily Sabah has reported that the cryptocurrency equivalent of more than $2.47 million has been stolen by a group of online cyber criminals.
The publication continues to add that the cyber criminals behind the attack were using the hugely popular online multi-player game of PUBG to communicate with one another. Although the report of the theft has only just surfaced, we are led to believe that 24 individuals have since been arrested by Turkish authorities.
Once Turkish Police were made aware of the hack, authorities conducted a nationwide search for the suspects in question. It is believed that just $256,000 of the reported $2.47 million has been recovered thus far. As such, the recovered funds have been returned to the unnamed cryptocurrency exchange.
However, due to the underlying nature of the blockchain protocol, unless Turkish Police are able to recover the private key credentials pertaining to the wallets storing the stolen funds, it remains to be seen how they will be able to recover the remaining balance.
Alternatively, the suspects behind the exchange hack will need to voluntarily hand over the wallet credentials, which, if pressured to do so, could potentially result in the exchange getting their funds back. In terms of what was stolen, the report indicates that the $2.47 million consisted of Bitcoin, Ethereum and Ripple.
Of the 24 held individuals, it has been reported that 2 have since been released without charge. The Prosecutor’s Office for the case in question have made formal arrests for six of the suspects, with the remaining 16 subsequently released on judicial control. The hearing, which is yet to be given a date, will be held at the Istanbul Courthouse in Caglayan.
Failure to Name the Turkish Exchange Platform Presents Further Concerns
It remains to be seen why Turkish authorities have decided not to release the name of the exchange that experienced the hack. First and foremost, it is argued that those who are using the Turkish-based exchange to trade have a right to know that the platform they are using has exploitable weaknesses in its underlying security safeguards. If they were made aware, they would have the option of removing their tokens.
Moreover, it is also a concern that the unnamed cryptocurrency exchange did not make news of the hack public themselves. In the vast majority of cases, cryptocurrency exchanges that have had their security safeguards breached most commonly announce the hack themselves. Whilst a failure to protect customer funds in the most appropriate of manners is a never a good thing, the issue is further amplified if the platform does not make the news of the hack public.
Further Warnings to Those Storing Large Quantities in a Third Party Exchange
Whilst cryptocurrency exchange hacks are nothing new, if anything, it should once again be a further reminder to those that store large quantities of funds in a third party platform. Whilst holding a balance within an exchange is no doubt a minimum requirement for those that are looking to actively trades tokens, users must ensure that that the platform has installed notable security practices to protect customer funds.
At an absolute minimum, users should only store cryptocurrency holdings in a third party exchange if safeguards such as 2FA (Two-Factor Authentication) or Multi-Sig log-in requirements are offered. Moreover, users should ensure that a significant proportion of the exchange’s token fund balance is held in cold storage.