Earlier in December, the Crypto trading platform Bitmart announced they were the victims of a large scale security breach in which close to $200 million of crypto currency was stolen by hackers. Being that it is the holiday season, lets skip to the good news. Bitmart quickly agreed to reimburse those customers who lost coins because of the breach.
The breach took place because of a compromised private key. Using the key, the hackers were able to withdraw crypto coins from two hot wallets. A crypto wallet allows an account holder to store, send and receive cryptocurrencies. A hot wallet means that the wallet is connected to the Internet so that active trading can take place. Approximately $100 million of the stolen funds involved the Ethereum blockchain along with $96 million of Binance smart chain. A small amount of miscellaneous other coins was seized as well.
The breach was discovered by a blockchain security company that noticed an unusual outflow of currency that was being withdrawn unabated. The hackers were well educated in the art of stealing cryptocurrency and thus were able to cover their tracks well. Bitmart quickly acted upon being notified of the breach and shut down multiple systems to confine the breach. They also temporarily stopped all active trading and coin withdraws until a proper investigation into the attack was completed.
The Rise of Crypto Crime
Unfortunately, this type of crime is nothing new and is significantly rising. This past August cybercriminals breached the cryptocurrency company Poly Network and made off with $600 of crypto coins after exploiting a discovered vulnerability in their systems. The successful attack represents the largest heist yet involving cryptocurrency. This past November, a similar attack was implemented against the crypto trading firm Cream Finance that involved $130 of funds. One week after the Bitmart attack, the crypto trading platform AscendEX suffered a lost of $77.7 million after having one of its hot wallets compromised by hackers as well.
However, not all cryptocurrency breaches are the result of cybercriminals. This past summer, the Justice Department recovered $2.3 million in Bitcoin from the ransomware gang that successfully attacked the Colonial Pipeline. Like other attacks, the FBI was able access the coins after obtaining the private key from its storage location. The recovered funds represented about half the ransom payment that Colonial Pipeline paid the attackers to regain access to their encrypted systems. The price of Bitcoin and other cryptocurrencies have tumbled in recent months. It is speculated that one of the contributing reasons is the relative ease in which these digital coins can be compromised.
Protecting the Private Key at All Costs
Like any lock box, if you steal the key, you can break in and steal its contents. Digital wallets are no different, which is why it is imperative to secure all digital keys. Besides crypto wallets, digital keys are also used to secure things such as websites and wireless access. Keys are also used to encrypt and decrypt data. The most effective way to protect a private key is to store it in an offline storage device. Some solutions allow for a user to interact with the storage device over a wireless connection using a secure companion app. USB tokens and smart cards can be used as well. It’s also important to backup the key to another location in the event of a disaster. There have been several documented cases of crypto currency investors losing access to their coins because of a lost key.
Download Free Guide: Complete Network Security Checklist
Users Need to Take Precautions as Well
Users that take part in cryptocurrency trading need to realize the security risks and take necessary security measures on their own behalf. Crypto security experts say that users should disperse their risk exposure by not putting all their eggs in one basket. This means using more than one crypto trading platform and using multiple wallets. Wallets should be protected by a highly complex password that is reinforced by multifactor authentication.