Another week, another hack, another exchange, another theft. Welcome to the recurring world of crypto attacks and the reason why appalling cryptocurrency security is holding back the industry from entering the mainstream.
This time it was Singapore-based digital exchange KuCoin and its customers that were taken for $150 million after the exchange noticed large withdrawals of Bitcoin and Ethereum last Friday to an unknown address.
The targets were hot wallets, not the safer cold wallets that are unconnected to the internet and are safer vaults to protect assets and the private keys that appear to be so vulnerable if they are ever used on a connected computer.
In this case, KuCoin seems to have had their heads and data in the right place. Its CEO not only livestreamed the following day, holding a mirror to the exchange’s transparency, but also ensuring customers they would get all their money back through its insurance.
Moreover, KuCoin acted fast by freezing customer deposits and withdrawals and transferred all vulnerable hot wallets to new ones and, according to a company statement, even worked with other crypto exchanges to ‘blacklist’ the wallet addresses.
For those who have been in the industry for a few years, this concerted effort by KuCoin feels light years ahead of what was previously the case.
As the Co-Founder of crypto podcast BlockSpeak I can speak not only from the experience of my guests, but also my own painful experience when 163 ETH was spirited away from MyEtherWallet at the end of 2018.
I won’t explain it again in detail, but I know it’s an issue for many. The piece I wrote for the BBC about the theft received more than five million views where I explained my frustration at the lack of interoperability between wallets and exchanges and how helpless the experience was for me.
Even with the help of bounty hunters and the surprisingly modern and intelligence of the Sussex cybercrime unit, I will never get back those 163 Ethereum… unless CZ of Binance wants to buy me an early Christmas present, but I’m not holding my breath.
I brought it up when I interviewed him for BlockSpeak, but he held a straight bat and decided that it was probably best for him not to set a precedent. Still, I’m a patient man… you never know.
That’s why I wanted to highlight the lack of crypto security when I invited Paul Lipman, CEO of Silicon Valley-based anti-virus cybersecurity company to the show.
As somebody who completely understands security, but had previously been bemused by the Wild West of crypto, Lipman was the perfect person to tell us where we’re all going wrong.
Naturally, when the words anti-virus and crypto are put together, all eyes go to the panopticon vision of the immortal John McAfee who seems to have an evil laugh to himself whenever it comes to crypto security.
Sometimes I really wonder if he is Satoshi himself… there’s something about his confidence that makes me think so. His reputation as a pirate is well known, but when it comes to security he looks down on us from the crows’ nest of the McAfee yacht, a different type of pirate. One who doesn’t need to raid other boats, just sails his own course.
Bullguard’s Lipman offers a more measured and less buccaneer version of security, not least when it comes to mobile crypto security, often an even more vulnerable platform when it comes to security.
While often referring to his competitors as well as Bullguard itself, Lipman says that less than $50 a year, people can protect their hot wallets with complete safety. Not that this would have helped with the KuCoin hack, but it seems a small price to pay.
On desktop, and where many prefer to make their crypto transactions, Lipman iterates the need to install anti-virus software and talks about how the frequency of cyber attacks continues to accelerate as bad actors clamber to invade the stage of good users. It’s easy to hear the frustration in his voice that people still don’t protect themselves as they should.
Lipman says his company has prospered until lockdown, believing that people have had time under lockdown to update their security and take it seriously. This company success he almost apologises for, but argues that there are winners and losers in all crises.
The relationship between cybersecurity and crypto has to improve. Stories of crypto thefts and exchange break-ins are always going to substantiate the confirmation bias of those who think crypto is a valueless set of zeroes and ones, and humans like catastrophic stories. Nobody is going to read stories about efficient cybersecurity and people never being hacked.
No doubt, there will be another story next week about another theft and those who are afraid of the volatility and insecurity of crypto will continue to stay clear.
They have the right to do so, but the industry has to improve, even if things have moved on significantly since the crazy IPO days. Well done to KuCoin for being insured, well done for being transparent and realising what was going on, but the CEO of BullGuard will undoubtedly have something to say about that… and that’s why we’re going to invite him back to the show.
The world loves a pirate, but the world also needs sobriety and common intelligent sense. Maybe the cybersecurity and crypto worlds are converging and then crypto will hit critical mass. It certainly won’t be before time.