With the recent Bithumb hack, the question on many investors’ minds is: how safe is my crypto? Although hacking is an issue for all cryptocurrencies, for this note, we decided to use Bitcoin as a proxy for hacking probability. Buying cryptocurrency is becoming less of a wild west experience. Yet, investors still face plenty of instability and risk around every turn. These risks are not only associated with the theoretical argument over whether cryptocurrency is here to stay, but also whether some hacker will steal your precious coins. Remember, cryptocurrency exchanges are not insured by the Federal Deposit Insurance Corporation so, unlike equities or bonds, there are no assurances for those investors who lose their money. In addition, the Securities and Exchange Commission has recently called crypto exchanges “potentially unlawful online platforms” as none of the exchanges are registered with the securities regulator.
As a result, investors are often hesitant to invest in cryptocurrencies and for good reason. Since 2011, around 28 crypto exchanges have been hacked, resulting in nearly 1.2 Million Bitcoins stolen. This amounts to almost USD 900 Million in stolen Bitcoin at the time of the hack and USD 9.8 Billion at current exchange rates. This approximately represents 0.7% of all the existing Bitcoin supply.
The biggest hack in the history of Bitcoin came in 2014 (see table2) when around 850,000 Bitcoins vanished from, the now infamous, Mt. Gox exchange. This hack alone accounts to over 70% of all Bitcoin hacks since 2011 (see Table 2).
If you owned Bitcoin when Mt. Gox was successfully hacked, you had a 6% chance of losing your Bitcoin. The truth is that the Mt Gox exchange hack is an outlier and the average probability of your Bitcoin being stolen or hacked in any given year over the last decade is closer to 0.3% (see table 2). The chance of your Bitcoin being hacked on an exchange has declined over the past years. In the early 2000s the average chance of your Bitcoin getting hacked was 0.4%. Today that number is closer to 0.02%, which represents a 93% improvement in the last 7 years (see chart 1). Although the probability of a successful hack is low, its not zero, and to many investors, especially those investing a large amount of capital, a 0.02% chance is still unacceptable. The question then, is how can you lower the chances of getting hacked as much as possible? Well, there are a few popular options such as multi-signature wallets and the cold storing of your wallet.
Before getting too deep into this topic, it’s helpful to understand, what a ‘wallet’ is in the crypto world. A wallet is a piece of software that tracks ownership of a digital asset. Wallets are always coin-specific and generally do not have cross-compatibility (e.g. use a Bitcoin wallet to store Ethereum). The most important components of this piece of software are the public and private keys. Public keys allow the network to “see” ownership of each wallet. The private keys allow transactions to occur. In fact, the private keys are used to “sign” a transaction, thereby proving ownership. Keys are of extreme importance since these allow the withdrawal of money from wallets. Accounts within digital asset exchanges, like Poloniex and Bittrex, are considered ‘hot wallets’ because these companies hold your information in their infrastructure and servers which allows you to make quick transactions. If a hacker is able to attack Poloniex and you have an account with them, then there is a chance the hacker will be able to steal your coins. Luckily hot wallets are getting more secure thanks to advents such as multi-signature wallets.
A multi-signature wallet or multi-sig is more like a safe that needs multiple private keys to transact. For example, BitGo, one of the premier service providers and the one we use at DigiCor, offers multi-sig wallets and issues 3 different keys. One key is held by BitGo, another key is held by the user, and the third key is a backup that the user can keep for themselves or give to someone trustworthy for safekeeping. To withdraw your crypto, you will need 2 to 3 keys to operate depending on your agreement with BitGo. As a result, even when hackers are able to get access to your computer and therefore your private key, it’s very difficult for them to also get their hands on the other two keys. This makes multi-sig an important development in keeping Bitcoin out of the hands of would-be criminals. However, multi-sig is not full proof as was realized with the BitFinex hack. Although it’s not clear how the hackers got access to the various keys, it begs the question, what else can I do to keep my crypto safe? Two words: Cold Storage.
Cold storage wallets are one of the most effective ways to keep your crypto safe. This is because it involves storing your Bitcoin wallet keys offline–meaning, away from internet access, hackers and malware. This can be done in multiple ways from simply storing your private key on a piece of paper, hardware such as a USB, or a third-party service provider. Each method of cold storage comes with different risks, hassles, and prices. For example, keeping your private key on a USB locked in safety deposit box means that the USB could become corrupted or damaged during transportation. On the other hand, paper wallets can be very inexpensive (its literally a piece of paper with your private key information) but also risky since the paper can get torn, lost, burnt, stolen, or otherwise damaged. As a result, those investing large amounts may consider having others manage their cold storage wallets and the sensitive cryptographic keys required to access funds. For example, at DigiCor we use a qualified custodian and BitGo security technology to keep your investment safe. Although, this option is currently only available to accredited investors, for those with long investment horizon, this method of securing cryptocurrency provides the highest level of security.
In the end, as the value and popularity of cryptocurrency grows, hackers will come up with new and innovate ways to try and steal your money. Although exchanges are reducing the numbers of hacks, keeping large amounts of crypto assets on the exchange is still risky. Luckily, cryptocurrency security is not necessarily mutually exclusive, and many choose to use a combination of multi-sig wallets and cold storage solutions to ensure their bitcoin is secure. However, setting up this process can be a daunting task for beginners and still does not guarantee the safety of your coins as all investors are susceptible to general human error or dependence on cold storage options. Fortunately, there are service providers that offer cold storage solutions but it’s important that you always do your own due diligence to ensure they are going to handle your investment wisely. Additionally, cold storing small amounts of crypto can be expensive and cumbersome which makes this methodology most efficient for large scale investments.