The world has witnessed several cryptocurrency hacks and some of them have literally shaken the world. In this write-up, the sole objective is to educate the readers about the possibilities of hacks and the plausible options to safeguard their crypto assets. This educative piece of information would act as a guide for people with used cases and real life examples of events which have already happened for our benefit!
The Mt. Gox Hack – A Robbery of $473 Million
The initial problems were recognized by a software developer and he bared open the risks which lay in store. There were clear indications of things to come when an initial minor hack happened in the year 2011. Some of the loopholes which were identified by the developer who went for the interview have been summarized below:
- There was no VCS in place. A VCS or Version Control Software helps in tracking any minor or major change to the code base. This platform helps in code rollback and identify the party/parties involved in the edit
- The company did not have a standard coding policy and relied on manual testing leaving several loopholes in the system
- The company lacked proper management guidelines and the owner lacked the acumen to run a company
On the 17th of June, a loophole in the smart contract formation named DAO was utilized by one of the hackers and phished off around $50 million cryptocurrency hack which was close to a third of the total funds. The exact path taken by the hacker to carry out the operation was pretty simple if explained clearly in the language of a layman.
Within the ecosystem of the DAO smart contract, if one of the members wished to exit from the network, then they could do the same by sending in a request! The splitting function would occur in the following way
- Return the user his/her Ether cryptos in exchange of the DAO dockets
- Get the transaction registered in the ledger and get the internal token balance updated
The hacker used a recursive function to manipulate the request and the splitting function went on as:
- Take the DAO tokens from the end user and provide them with the Ether requested
- Before the transaction could be recorded, the recursive function forced the code to go back and transfer more coins
The second point was the break off point which lead to a severe loss of revenue worth $50 million! The second point or rather the process itself kept on repeating itself till a whopping value of $50 million was taken off. It is obvious that the incident created a huge confusion in the markets.
The Bitfinex Hack
This is a Hong Kong based crypto exchange platform! A total of $120,000 BTC worth a value of $72 million was taken off! The official announcement was made on August 2, 2016. The root of the problem lay in Bitfinex’s quest to find a system which would maximize the liquidity and security options. Most of the exchanges being simple hot wallets which implies that they are always in line for being hacked by external parties!
Bitfinex also entered into a contract with BitGo. This happened in the year 2015! It was basically a multi-signature wallet. This implied that the keys are divided between several users or owners to mitigate and manage risk.
The entire purpose of Bitfinex was to beef up the security and validate transactions coming out of Bitfinex. Hackers attacked the servers and made Bitfinex sign off on illegitimate bitcoin withdrawals. If one can come to a technical conclusion, then you can always say that the Bitfinex servers were compromised.
On the 6th of December, 2017, a Slovenian mining company lost 4700 BTC to hacking. The equivalent loss was worth $80 million. The establishment had a very strong security system in place but unfortunately, it got compromised. One of the employee’s computers was compromised and the hacker got access to a large number of bitcoins.
Parity Multi Sig Wallet
The Parity Multi Sig Wallet was designed to help transacting parties get complete immunity against hacking and other network level penetrative activities. For laymen, the concept is analogous to that of a multi key safe. A safe which requires multiple access keys had two primary objectives:
- Enhance the security for the wallet and safeguard from human error or manipulation
- To make the wallet democratic in terms of features & functionalities
In order to understand the semantics of the Parity Wallet Hack, one must understand the vulnerabilities initially which led to the attack:
Attacker sends 2 transactions to each affected contract
- To get exclusive ownership
- Move out all the funds
Conclusion: The 5 major cryptocurrency hacks occurred due to compromised security systems. Thus, the challenge lies for the crypto exchange companies to design their exchanges and wallets to mitigate risk.