Bithumb being hacked a second time in a year and hackers stealing $31 million.
Comment from Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge:
“Billions of dollars in digital currencies were stolen in the last twelve months according to various reports. Thus, this particular [minor] incident will unlikely alter the grim security landscape of cryptocurrency exchanges. It is very good to know that the victims will be duly compensated after the breach, but all this raises the question of economical practicality to operate crypto-exchange business in such a manner. A well thought-out cybersecurity strategy will likely cost much less than the losses caused by these consecutive incidents. Users who entrust their digital coins to third parties should be prepared to never see them again, this is the reality of modern Bitcoin Klondike.”
Why So Many Crypto Hacks?
Many crypto startups are competing in a very dynamic, turbulent and competitive market. An error or delay in product launch can easily drive you out of business. Thus, start-ups are often unable to properly implement web and mobile application security, simply because time of launch is essential and cannot be altered.
Another reason, is lack of awareness and general ignorance of cybersecurity fundamentals by executives of these start-ups who still believe that application development implies security and privacy. Developers are not paid for security and already have a lot of extra hours in many startups, and thus it’s a fatal error to expect a high level of security from them. Security “out of the box” also does not exist, you need to properly assess your risks and develop a well-though cybersecurity strategy. Otherwise, all your spending will be in vain.
Nowadays, attackers also enjoy impunity and high profits when stealing digital currencies via all imaginable techniques from trivial phishing and social engineering to sophisticated APTs against exchanges. Their victims will unlikely respond, unlike financial institutions who will not only leverage all available legal and technical avenues to investigate and prosecute the offenders, but may even use a hack-back technique. Frequently, stolen funds cannot be traced and recovered even if there is a court order to do so – in contrast to money in bank accounts.
Last but not least, quite a few self-proclaimed blockchain experts mislead today by exaggerating the security capacities of blockchain, going as far as “100% immune and hackersafe” claims.