Cyber threat grows for
bitcoin exchanges
Send a link to a friend
[August 29, 2016]
By Gertrude Chavez-Dreyfuss
NEW YORK (Reuters) - When hackers
penetrated a secure authentication system at a bitcoin exchange
called Bitfinex earlier this month, they stole about $70 million
worth of the virtual currency.
The cyber theft -- the second largest by an exchange since hackers
took roughly $350 million in bitcoins at Tokyo's MtGox exchange in
early 2014 -- is hardly a rare occurrence in the emerging world of
crypto-currencies.
New data disclosed to Reuters shows a third of bitcoin trading
platforms have been hacked, and nearly half have closed in the half
dozen years since they burst on the scene.
This rising risk for bitcoin holders is compounded by the fact there
is no depositor's insurance to absorb the loss, even though many
exchanges act like virtual banks.
Not only does that approach cast the cyber security risk in stark
relief, but it also exposes the fact that bitcoin investors have
little choice but to do business with under-capitalized exchanges
that may not have the capital buffer to absorb these losses the way
a traditional and regulated bank or exchange would.
"There is a general sense in the bitcoin community that any
centralized repository is at risk," said a U.S.-based professional
trader who lost about $1,000 in bitcoins when Bitfinex was hacked.
He declined to be named for this article.
"So when investing, you always have that expectation at the back of
your head. I lost a small amount compared to the others, but I know
of traders who lost millions of dollars worth of bitcoins," the
trader said.
The security challenge for the bitcoin world does not appear to be
letting up, according to experts in the currency.
"I am skeptical there's going to be any technological silver bullet
that's going to solve security breach problems. No technology,
crypto-currency, or financial mechanism can be made safe from
hacks," said Tyler Moore, assistant professor of cyber security at
the University of Tulsa's Tandy School of Computer Science who will
soon publish the new research on the vulnerability of bitcoin
exchanges.
His study, funded by the U.S. Department of Homeland Security and
shared with Reuters, shows that since bitcoin's creation in 2009 to
March 2015, 33 percent of all bitcoin exchanges operational during
that period were hacked. The figure represents one of the first
estimates of the extent of security breaches in the bitcoin world.
In contrast, data from the Privacy Rights Clearinghouse, a
non-profit organization, showed that of the 6,000 operational U.S.
banks, only 67 banks experienced a publicly-disclosed data breach
between 2009 and 2015. That's roughly 1 percent of U.S. banks.
Among the world's stock exchanges, however, security breaches are
much higher, with hackers attracted to the large pools of cash
moving in and out of these trading venues. The latest survey of 46
securities exchanges released three years ago by the International
Organization of Securities Commissions and World Federation of
Exchanges found that more than half had experienced a cyber attack.
Moore collaborated on the research with Nicolas Christin, associate
research professor at Carnegie Mellon University and Janos Szurdi, a
Ph.D. student also at Carnegie.
In 2013, Moore and Christin wrote a research paper on security risks
surrounding bitcoin exchanges when Moore was still a professor at
Southern Methodist University. That research entitled “Beware of the
Middleman: Empirical Analysis of Bitcoin Exchange Risk” was
peer-reviewed and presented at the 17th International Financial
Cryptography and Data Security Conference in Okinawa, Japan in 2013.
In the most recent study, the rate of closure for bitcoin exchanges
in Moore's research edged up to 48 percent among those operating
from 2009 to March 2015. Hacking did not necessarily trigger the
closure in each case.
[to top of second column] |
A Bitcoin (virtual currency) paper wallet with QR codes and a coin
are seen in an illustration picture taken at La Maison du Bitcoin in
Paris, France, May 27, 2015. REUTERS/Benoit Tessier/File Photo
"A 48 percent closure is not acceptable, but not surprising given that bitcoin
is a new technology," said Richard Johnson, vice president of market structure
and technology at Greenwich Associates. Johnson has written reports on risk and
security issues in the crypto-currency world.
Profitability is a big problem for bitcoin exchanges, with many of them unable
to generate enough volume to keep afloat.
Bitcoin exchanges overall could be launched for as low as $100,000 up to $1
million, said Erik Voorhees, founder and chief executive officer of digital
currency exchange ShapeShift. That is a fraction of what U.S. forex exchanges'
are required to put up.
Retail FX trading platform FXCM, for instance, is required by the Commodity
Futures Trading Commission to have at least $25 million in capital at all times.
RECOVERING LOSSES
A key factor tied to the risk posed by exchanges is whether customers are
reimbursed after closure or after the loss of bitcoins following a hack. Each
closure and breach have been handled differently, but Tandy's Moore said the
risk of losing funds stored in exchanges are real.
In the case of Bitfinex, which is now up and running after the hack August 2,
customers lost 36 percent of the assets they had on the platform and were
compensated for the losses with tokens of credit that would be converted into
equity in the parent company.
At Tokyo's MtGox, customers have yet to recover their investments more than two
years after closure.
Experts say trading venues acting like banks such as Bitfinex will remain
vulnerable. These exchanges act as custodial wallets in which they control
users' digital currencies like banks control customer deposits.
"The big exchanges that hold customer deposits are a big target for hackers,"
said ShapeShift's Voorhees, "and unfortunately most bitcoin exchanges store user
funds."
When customers' checking accounts are hacked, there is always a third party at
the bank that can step in to deal with the theft.
Not so with bitcoin, said Seattle-based Darin Stanchfield, chief executive
officer at KeepKey, a hardware wallet provider. He expects more of these attacks
to happen despite efforts to improve security at bitcoin exchanges.
"Unfortunately because of its irreversible nature, bitcoin requires near perfect
security."
(Reporting by Gertrude Chavez-Dreyfuss; Editing by Edward Tobin)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |