Newcomers to the cryptocurrency space are generally not aware of how frequently crypto exchanges are hacked.

It is much less risky and much more profitable to hack an exchange than a bank vault. Picture: 123RF
Loading ...

Newcomers to the cryptocurrency space are generally not aware of how frequently crypto exchanges are hacked. As recently as last month, Binance, the largest cryptocurrency exchange available today, was hacked. It is generally considered to be one of the most secure exchanges. Nevertheless, $41m (about R600m) worth of funds were stolen.

Looking back, 2018 was a record-breaking year for cryptocurrency exchange hacks. The records include the number of exchanges that were hacked, the total value of cryptocurrencies that were stolen, and the largest hack of all time – the theft of more than $400m (about R5.9bn) worth of XEM tokens from Coincheck. According to, about $865m (about R12.7bn) worth of assets were stolen in 2018.

While it might be obvious for some, many newbies do not realise that once they have opened an account with an exchange such as Luno and purchased bitcoins or ether, they are not in possession of their own private keys.

Loading ...

The exchange has the keys. A private key is a secret number that allows someone to unlock the currency to spend or send it to someone. Once someone has your private key, they can spend your cryptocurrency! Pretty much like having the keys to your car.

Unfortunately, because of the billions of dollars’ worth of cryptocurrencies that exchanges have keys for, they are a magnet for hackers. It is much less risky and much more profitable to hack an exchange than a bank vault.

Hackers are becoming more sophisticated. As cryptocurrency becomes more mainstream, hackers are dedicating more of their time to developing state-of-the-art techniques to steal from these exchanges.

So, what is the ordinary cryptocurrency owner supposed to do?

Cyber security is a vast and complex subject, so here’s a set of simple security tips for the average cryptocurrency holder.

Hardware wallets

The conventional wisdom generally bandied about is that you should not store your cryptocurrency on an exchange for the long-term, but rather on a hardware wallet. A hardware wallet is a physical device that securely stores your private keys offline, and the only time you can spend your cryptocurrency is when the device is physically connected to your computer/internet.

Using a hardware wallet such as Ledger Nano X or Trezor T is good, but these devices are not cheap. It also does not save you from your own carelessness if you lose the device. However, hardware wallets require a PIN, without which your cryptocurrencies cannot be spent if the device is stolen. These wallets also give you a 24-word recovery phrase that you must store safely on a piece of paper. This phrase can later be used to restore the private keys onto a new device.

Be sure to use a hardware wallet with a screen. Since the hardware wallet is nearly impossible to hack, its screen is more trustworthy than the data displayed on your computer.

If you are not inclined or able to get a hardware wallet, then at least consider using an exchange that has insurance, uses offline ‘cold storage’, has never been hacked and uses multi-sig security.

An exchange such as Coinbase has insurance to help them reimburse customers who have been compromised. It also keeps 98% of its crypto assets in secure, offline cold storage (like a hardware wallet) to minimise losses.

An exchange such as Luno holds your bitcoins in multi-sig wallets. This means that multiple signatures, provided by multiple holders of private keys, are required to sign off on any transaction that uses your bitcoins. The private keys are held by both Luno and a partner company. A hacker would have to hack both Luno and the partner firm to get all the keys needed to spend your bitcoins.

Beware of phishing scams and don’t click on any links in an SMS or email prompting you to act on a website. This could be an identical, fake site or wallet page that will direct any information you enter to hackers.

Lastly, keep your holdings private. You don’t want to tempt anyone to harm you just to gain access to your cryptocurrency.

* Terblanche is an independent consultant in retail banking and retirement funds. He's also a crypto adviser.

Loading ...
Loading ...
View Comments