Like anything else that is digital in nature, virtual currencies such as Bitcoin and Ethereum are vulnerable to security and privacy breaches.
Such breaches can happen even if the cryptocurrency itself is highly secure. For example, Bitcoin’s blockchain ledger is designed with such robust safeguards in place that it is practically impossible to counterfeit BTC or make fraudulent transactions.
Instead, the chink in crypto’s armour is more likely to be crypto exchanges and wallets, widely used by individuals to trade and transact with digital money. These third-party platforms are much more vulnerable to hacking and fraud than the cryptocurrencies themselves.
What kinds of security risks might professional cryptocurrency investors face, and how can they be managed?
1. Fraudulent cryptocurrency exchanges
The internet is home to over a thousand crypto exchanges — virtual marketplaces for users to buy, sell, trade and transact with cryptocurrencies.
Although some countries do require exchanges to be registered and comply with local laws, they are, by and large, unregulated. This means investors get little protection from scams, fraud and Ponzi schemes when they use crypto exchanges.
As you can imagine, the low barrier to setting up an exchange makes doing so quite lucrative to scammers. Unsuspecting investors may transfer fiat currency to purchase Bitcoin or other altcoins — only to receive nothing in return as the scammers make off with their money.
For professional investors, who are used to doing their due diligence before investing, avoiding fake crypto exchanges might be less of an issue.
However, to be on the safe side, investors may want to consider regulated investment products such as a professionally-managed, institutional-grade Bitcoin fund as an alternative to trading on a crypto exchange.
That’s because even the most legitimate of exchanges are still vulnerable to security breaches, as we’ll explain below.
2. Crypto exchanges being hacked
Although investors should research their crypto exchange platforms thoroughly and weed out anything that looks suspicious, this is not enough to mitigate the risks of investing on an exchange. Far from it.
Even well-established crypto exchanges with excellent track records are vulnerable to hacking. Hacking and data theft is a given on all virtual platforms, but it is especially rampant on crypto exchanges. After all, crypto tokens have become more popular and valuable in recent years, incentivising hackers’ efforts.
According to the website hedgewithcrypto.com, there have been at least 46 major crypto exchange hacks since 2012, with the total value of cryptocurrencies stolen adding up to an estimated US$109 trillion*.
It’s not just small players that get hacked; even the more established exchanges are vulnerable too. Some of the biggest crypto heists in recent history include:
When it was hacked
Estimated amount stolen in today's terms*
*Assumes all stolen cryptocurrency was in the form of Bitcoin and at a Bitcoin price of US$60,000
Crypto exchanges are particularly attractive to thieves because users store their digital money on the platform, in e-wallets known as “hot wallets”, for convenient trading.
Hot wallets are usually locked with private keys auto-generated by the exchange and kept in its custody. Thus, once hackers gain access to a crypto exchange’s record of private keys, they can also use the stolen data to unlock and empty out exchange users’ hot wallets.
Of course, any crypto exchange worth its salt would invest heavily in secure data storage to ensure its users’ funds are not stolen. Many established exchanges have beefed up their security, so hacking incidents are not as common in 2021 as they used to be. (That said, one of Japan’s biggest exchanges, Liquid, was compromised in August, to the tune of US$97 million.)
In the event of a hack, the odds of victims getting their money back can be extremely slim. Unlike regulated entities like banks, crypto exchanges are not required to insure users’ deposits.
Investors who choose to use crypto exchanges should therefore avoid storing more than absolutely necessary in their exchange wallets. Any excess should be transferred into a separate wallet (ideally one that’s offline) for greater security or to a professionally-managed, institutional-grade Bitcoin fund.
3. Crypto wallets being compromised
Given that crypto exchanges are often targeted by criminals, transferring any excess balances to a separate e-wallet seems like a wise thing to do. But even this may not be 100% safe from hackers.
Of the many cryptocurrency wallets available, some are “hot” (online) while others are “cold” (offline).
Hot wallets come in the form of mobile or desktop apps, and live on internet-connected devices like a smartphone or computer. They are meant to facilitate day-to-day use such as paying for things with Bitcoin.
But because they are connected to the internet, hot wallets remain vulnerable, especially if the user applies lax security practices. Hackers can target individuals’ hot wallets by phishing for passwords, using malicious cookies to obtain personal data, working with hacking devices on public WiFi, and so on.
A cold wallet, which is not connected to the internet, is the safer alternative to avoid hacking. This is usually a USB stick-like device (known as “hardware wallets”) or sometimes a secondary, offline computer.
Being completely offline, cold wallets are far less likely to get hacked than hot wallets. However, there are trade-offs for this level of security — these devices can be costly, extremely complicated to operate with lengthy passwords, difficult to transfer crypto assets back and the USB can be faulty, fake and/or lost.
How can investors safeguard their crypto holdings?
The above is a broad overview of the various security breaches associated with different types of cryptocurrency platforms.
As digital money becomes ever more ingrained in our lives and essential components of our portfolios, investors face a pressing need to overcome such vulnerabilities. Unfortunately, the work-in-progress nature of all things crypto means that there is no perfect solution just yet.
Investors should adopt a wary stance even with seemingly legitimate tools and platforms, and be prepared to invest significant time and effort into protecting their crypto assets.
Given that there is no one platform without security risks and/or trade-offs, the most feasible option at present may be to invest in institutional-grade cryptocurrency funds managed by professional and regulated firms.