Losing access to your crypto assets can be a nightmare, especially if you’ve lost your private key. Unfortunately, it's far too common in the crypto world, even for businesses with existing security frameworks, to protect their customers' digital assets. It’s estimated that there are over 420 million crypto owners worldwide, many of whom don’t know how to protect their crypto correctly. It’s the industry’s responsibility to protect them and, in doing so, increase trust in the market and promote the widespread adoption of crypto.
With the 15th anniversary of the founding of crypto just around the corner, it’s surprising that we still have work to do to protect private keys from being compromised. So, let’s look at some real-life examples of crypto loss attributed to the loss or theft of private keys and how organisations could have prevented them.
Mt. Gox
Japanese-based exchange Mt. Gox filed for bankruptcy in 2014 after losing 850,000 Bitcoin, worth an estimated $450 million at the time. At one time, a massive player in the crypto universe, Mt. Gox, dealt with 70% of all Bitcoin transactions. The origin of the loss is thought to be the theft of the exchange’s hot Bitcoin wallet private key in 2011.
Bitfinex
In 2016, another crypto exchange, Bitfinex, lost approximately 120,000 Bitcoin, which is now worth over $3 billion. Hackers stole Bitcoin from users’ wallets and transferred them to a single wallet. In 2022, the US Department of Justice recovered $3.6 billion in Bitcoin by tracing transactions from the destination wallet.
Binance
Binance, the world’s biggest crypto exchange, had 7,000 Bitcoin hacked in 2019. According to Binance’s CEO, Changpeng Zhao,
“The hackers used various techniques, including phishing, viruses and other attacks.”
It later emerged that hackers stole API keys, two-factor codes and other information, which enabled them to transfer more than 7,000 bitcoins to their wallets.
Coincheck
Coincheck, another Japanese crypto exchange and NFT marketplace ranked in the top 20 exchanges in the world, lost around $523 million in XEM coins during a hack in 2018. Again, funds were stored in a hot wallet rather than cold storage, making them more vulnerable to attack. The wallet did not have multi-sig authentication in place either, so one person could make transactions.
FTX
More recently, in November 2022, FTX had over $600 million stolen from its hot wallets. The security failings were appalling and left FTX’s customers’ funds wide open to hackers. Fraud charges have been made against founder Sam Bankman-Fried for stealing millions to pay off the debts of his hedge fund. Some of the hacked funds have now been recovered.
How could these hacks have been avoided?
The speed of development in the crypto industry left security gaps in some organisations, which, if addressed earlier, could have prevented these hacks. The industry already has robust security protocols that all crypto service providers need to adopt to safeguard investors’ funds. Having a dedicated security team to manage infrastructure controls and security policies, and implementing an external audit programme should be standard practice. Safeguarding your keys requires specific controls which provide ultimate protection to your digital assets.
Use cold storage for your keys
Storing your keys online opens them up to compromise. It’s much easier for cybercriminals to hack keys kept online than those held offline. However, if you store them in a safety deposit box or a hardware wallet, the risk of theft is hugely reduced.
Back up your keys
Take several backups of your keys and store them in different secure locations. That way, if you lose access to your crypto, you can use your backup to get back into your wallet. Store your backup in a different place than you store your crypto, and if you are going to share it with someone, like a trusted third-party provider, encrypt it so they can’t access your digital assets.
Use strong passwords
It might seem obvious advice, but using a strong password for your keys can go a long way to securing your crypto. Best practice includes:
- Mixing it up by using a combination of upper and lowercase letters, numbers, and symbols
- Making your password long - at least 12 characters
- Not using common words or phrases
- Not using the same password for multiple accounts
- Storing your passwords in a password manager - you don’t have to remember them, and they are encrypted, making them difficult to hack
- Using two-factor authentication to add an extra layer of security
Educate your employees
Ensuring your employees understand the importance of security and the risks of losing private keys can reduce the risks surrounding key loss and theft. Train them on the latest cybersecurity threats, including spotting phishing attacks and creating strong passwords. Introduce a crypto security policy to outline what’s expected of them and how to protect the company from crypto theft. Finally, encourage your team to report suspicious activity – erring on the side of caution can stop a cyber-attack in its tracks.
Losing private keys to crypto wallets can be devastating to an organisation. Apart from the financial implications for the business and its customers, the reputational damage can be extensive and hard to shake off. Having our key backup service as part of your cryptocurrency security strategy will provide you with confidence that your assets are securely protected and accessible if disaster should strike. Contact the team today to talk crypto security.