Centralized Exchange Hackers Strike Again: Assume Self-Custody or not?
Cash.Tech Newsletter #7: BitMart suffers $150M loss, joining infamous list of exchange hacks
The history of the cryptocurrency industry is laden with several cases of security breaches on centralized exchanges. The causes of these multi-billion losses range from private key losses, to personnel mismanagement, and even the sudden demise of a founder. Last week, BitMart added itself to the infamous list of compromised centralized exchanges, losing $150 million to hackers.
In this week’s Cash.Tech Newsletter, we review the BitMart hack and some of the most high-profile centralized exchange breaches in the industry’s history. These events make a strong case as to why crypto investors should embrace self-custody and utilize user-friendly options like the Cash.Tech wallet. First, we bring you some exciting development updates.
Cash.Tech development update
Cash.Tech is mainnet ready! Following a period of rigorous testing and review of feedback from both security auditors and our amazing community, the development team is pleased to announce that the Cash.Tech wallet is ready for a mainnet release. The first release will feature all current app functionalities, including the recently announced NFT Display.
The development team is also pleased to report that it has finalized the UI design and mapped out the technical components for the planned token swap feature. The team estimates that the feature will be ready within six to eight weeks and will be a significant improvement to the current experience where users must connect to decentralized exchanges (DEXes) to swap tokens.
Finally, Cash.Tech’s mainnet release will be followed by a period in which the development team prioritizes the deployment of retail-focused features, especially those that boost the utility of our native $CATE tokens. The team remains committed to sharing regular updates with the community regarding upcoming feature releases on the development roadmap.
BitMart suffers $150M loss in security breach
Headquartered in the Cayman-Islands, BitMart officially launched in 2018 and brands itself as the “most trusted cryptocurrency trading platform.” BitMart claims to have over 9 million users, and recorded daily trading volumes that surpass $1 billion during periods of peak activity.
On Dec 4, the exchange reported a “large-scale security breach” that allowed hackers to withdraw approximately $150 million worth of assets. BitMart said the hacker stole a private key that controlled two hot wallets holding BitMart’s Ethereum and Binance Smart Chain (BSC) tokens.
The exchange fell short of disclosing exactly how the key was stolen but halted user deposits and withdrawals for three days in response to the incident. Trading has since resumed, as BitMart claimed the loss consisted of a “small percentage of assets” on the platform and compensated users from its self-managed insurance fund.
BitMart’s refund makes it easy for newcomers to assume that all centralized exchanges swiftly refund losses during a security breach. However, a review of history confirms that is not always the case. Some compensations take many months or years to materialize and sometimes never happen.
QuadrigaCX’s CEO allegedly buried alongside $190 million
The now-defunct Canadian cryptocurrency exchange QuadrigaCX, closed shop following the death of its founder, Gerald Cotten. The founder allegedly was the only one who held the private key to $190 million worth of customer assets, meaning that these funds were permanently lost following his demise in early 2019.
While speculation continues regarding the circumstances surrounding Cotten’s death, over 17,000 customers have been affected and are now certain they are not getting a full refund. Out of the $190 million worth of reportedly missing assets, only $30 million was recovered by the appointed trustee, Ernst & Young.
Bitfinex suffers 120,000 BTC ($76 million) hack
In August 2016, cryptocurrency exchange Bitfinex was the victim of a 120,000 BTC hack (worth $72 million at the time). The funds were reportedly stolen from “user segregated wallets,” despite Bitfinex claiming at the time that its platform was highly secured through a partnership with custodian platform, BitGo.
Fortunately, Bitfinex committed to refunding its users by issuing BFX tokens that represented the debt with the promise to buy them back at a future date. However, some users even lost funds by choosing to sell their BFX tokens earlier, as it took six months for Bitfinex to completely refund the losses.
Not Your Keys: Assume Self Custody or Not?
The phrase “not your keys, not your coins” was coined by the industry to remind investors of the vulnerabilities they expose themselves to by choosing to store funds on centralized cryptocurrency exchanges. For one thing, users of these platforms do not offer the same assurance when they store funds in a traditional bank account.
Hence a key takeaway from the recent BitMart hack and other past security breaches is that even seemingly secure centralized exchanges are vulnerable to attacks that could result in serious losses. BitMart’s $150 million heist could easily have stretched beyond a “small percentage of assets,” a term used by the platform to minimize the severity of the incident.
Security breaches also remind investors that they can suddenly lose access to their assets on a centralized exchange because of downtime or other technical issues. BitMart’s three-day downtime certainly affected those who may have wished to respond to market movements during the period.
Choosing a secure self-custodial solution and embracing the best security practices is a viable alternative to using a centralized exchange. Cash.Tech’s mobile wallet has been designed from scratch to offer a superior experience while allowing users to maintain custody of their funds at all times. The advent of decentralized exchanges (DEXes) means users can now access most of the functionalities available on centralized exchanges, without putting themselves at risk of losing funds to security breaches.
Therefore, while a secure cold storage solution is the best idea for long-term holdings, investors who choose Cash.Tech’s wallet solution can utilize it for daily transactions and seamless trading on DEXes. The upcoming in-app token swap feature will further enhance the experience, removing the ambiguity of connecting to DEXes and allowing users to exchange assets on a simple UI. Cash.Tech’s commitment to providing the ultimate crypto user experience makes it increasingly likely that the solution sees wider adoption as investors flee centralized exchanges in search of more secure self-custodial options.
Cash.Tech wallet is already connected to the testnet and fully functional for Android and iOS devices. Make sure to download the wallet to get a first-hand experience!