Cryptocurrencies Under Attack
A story that seems to be repeated with way too much frequency is cryptocurrency attacks. This is because most users don’t understand how easy these attacks are.
I am aware of *NO* attacks that compromised the cryptography of cryptocurrencies. Always it is the software. Sometimes on the user’s side. Other times on the exchange’s side.
The cryptocurrency exchange called Coinrail lost $40 million to an attack. Coinrail has taken its service offline and has moved what is left of its currency into cold storage to make it harder for the hackers and to help investigators figure out how the attackers got in (source: Techcrunch).
The Japanese exchange Coincheck lost $400 million to hackers. They say they do not know how the attackers stole the money. They are considering compensating users who lost money – whatever that means. (Source: Techcrunch)
Tether, a cryptocurrency startup lost $31 million to attackers. (Source: Techcrunch)
Bitcoin lost $500 of value in an hour after the most recent attack. The industry as a whole lost $42 billion in value. (Source: Bloomberg)
As a coin speculator, what should you be doing?
First, you need to understand that you are a speculator in a wildly volatile commodity and that commodity has zero inherent value, unlike hog bellies or gold.
Second, understand that there is no insurance, very limited government regulation and no government protection from losses suffered. This is about as risky as loaning money to your cousin Vinny.
Third, like all investments, diversify. Whether that means stocks, bonds and Crypto or just different crypto exchanges (and not different currencies at the same exchange), diversify. I recommend the first; you do the second at your own peril.
Keep your wallet offline. Hackers stole $20 million in Ethereum because users had opened a port on their local machines which allowed hackers to empty their wallets. Offline is not a silver bullet, but it will stop that particular attack as long as the wallet stays offline.
Only run cryptocurrency transactions on a machine that you know to be secure. One recent attack used DNS compromises on user’s machines to make their software think they were connecting to their exchange when, in fact, they were connecting to their attacker’s computers.
Bottom line – it is your money. Treat it like it is important.