As the cryptocurrency industry has grown exponentially, cybercrime and hacks have accompanied its massive expansion, with criminals recognizing a lucrative opportunity in the budding space that has seen large amounts of money moving around, as well as accumulating in crypto wallets.
Indeed, recent data has discovered that more than $3.45 billion in assets have disappeared in 48 different crypto exchange custody attacks since 2012, with the most frequent method of theft including hot wallet hacks (29.4%), according to a report by Binance Research published on May 30.
In fact, as the graphic demonstrates, the number of attacks in the cryptocurrency space has continued to grow, and crypto hackers had stolen more than $2.5 billion over the first three quarters of 2022 alone, as Finbold reported on October 25.
As the report further states, other attacks employed bugs (3.9%), malware (3.9%), protocol vulnerabilities (2%), data leaks (3.9%), internal staff mistakes (2%), compromised systems (11.8%), unauthorized transactions (2%), suspected trusted insiders (11.8%), or a combination of various methods (2%), whereas 23.5% of attack vectors remain unknown.
Cold versus hot storage
According to the explanation by the Binance Research team, the problem generally lies in the way crypto trading platforms store customers’ funds in their custody:
“While the top tier exchanges, such as Binance and Coinbase, store their customer assets in cold storage, this is unfortunately not the case for all exchanges. Furthermore, verifying whether the exchanges truly adhere to cold storage remains challenging.”
Specifically, cold wallets refer to storing users’ crypto assets offline in a physical device, whereas hot wallets store private keys on an internet-connected device. Each has its advantages and disadvantages, with cold wallets being more secure but hot storage being more convenient and accessible.
As a solution to this widespread problem, the report suggests using institutional custodians that focus on optimizing for asset security and protection, use cold storage, as well as include services like trading, staking, insurance, escrow, accounting, audit, and research offerings.
It is also worth noting that, more recently, identity fraud connected with crypto wallets on popular crypto exchanges has been rampant as well, with stolen verified Coinbase accounts selling for $610 and Kraken accounts going for $810 on the dark web, as Finbold reported on May 1.
Disclaimer: The content on this site should not be considered investment advice. Investing is speculative. When investing, your capital is at risk.