As the cryptocurrency universe expands and trading in the burgeoning alt-currency marketplace grows, a variety of inherent risks have developed in tandem. Scam currencies and increasing government regulation have been widely covered. The legitimacy of digital currency exchanges not so much, though high-profile hacks and collapses of currency exchanges often garner headlines—even as these events push digital currency prices lower, at least for the short-term.
Over the brief history of cryptocurrency trading there have been a few incidents that justify investor due diligence regarding the exchange with which they are considering doing business. Perhaps the most high-profile collapse involved Mt.Gox, a Bitcoin exchange based in Tokyo which caused the price of a Bitcoin to fraudulently drop to one cent on the exchange in 2011, after a hacker allegedly used credentials from the compromised computer of the exchange's auditor to illegally transfer a large number of Bitcoins to himself. Though trading on the exchange eventually resumed, in 2014 Mt. Gox was shut down after blaming hackers for additional, major losses.
Less than a year later, in 2015 Bitstamp went offline due to a possible hack. The UK- and Slovenia-based Bitcoin exchange had a similar situation in February 2014, going offline while it investigated a security compromise. After the service disruptions, however, the exchange recovered and remains in business.
In 2017, Slovenia-based crypto-mining marketplace NiceHash, revealed its payments systems was compromised and that $64 million in Bitcoin had been stolen. Nevertheless, after some downtime, operations returned to normal.
Just this month, BitGrail, a lesser-known Italian exchange claimed it was hacked, losing roughly $195 million worth of cryptocurrency owned by its customers, mostly Nano, of which the exchange says 17 million tokens were stolen. Subsequent allegations, coupled with ensuing activity by the exchange, could however indicate that the exchange had been mismanaging customer assets and were trying to hide that via a hacking claim.
Similarly, and more recently, the Hong Kong-based Binance exchange halted trading which it blamed on system upgrades, though many feared a hack or worse.The extended shut down sparked customer withdrawals.
And on Monday, Coinprism, a Dublin-based exchange said it would shutdown its services on March 31st, 2018. The reason for the shutdown remains unclear.
So how can anyone interested in trading or accumulating digital coins spot problem exchanges before they begin trading, or safeguard against potential security issues? Is there any way to know in advance if an exchange has the potential to implode? As one skeptical buyer recently tweeted:
Technical Glitches
Dror Medalion, CEO and co-founder of bitJob, a decentralized P2P student marketplace for online short-term jobs, notes that currently, we see a lot of trading platforms that have recurring bugs, or exchanges that actually get hacked or fail to complete their user obligations. All of these failings can make them favorite targets of hackers, especially distributed denial of service (DDoS) attacks:
“One of the most popular attacks is the DDoS attack, which aims to bring down a site temporarily by loading the site's servers with endless calls in a very short time. Users must be on full alert when they are trading in cryptocurrency trading environments. Let's not forget - those are not regulated. Most platforms give traders a very safe and user-friendly experience, but sometimes it is just not possible to know what is happening behind the scenes, what technical, political or business problems are occurring without the users noticing.”
Xiahong Lin, founder of Bodhi, a decentralized prediction market platform focusing on the Chinese market, explains that a huge priority in determining which exchange to trade on is to first ensure the security of your tokens. The best practice for guaranteeing the safety of your digital assets is to not store tokens on exchanges at all. He says:
“Maintaining control of your own crypto-assets on a local wallet or a hardware wallet is much more secure than allowing an exchange to control them. In the event that an exchange is hacked, you are not vulnerable if your funds are stored on your personal system. If you would like to store your crypto assets on an exchange, it may be wise to start on one that offers protection for any loss of funds, including FDIC-insured accounts for U.S. exchanges. This allows the centralized exchanges to add additional value to its users. Exchanges that don’t offer any protection are inherently risky.”
In some cases, the impact of regulation in a particular country can also cause a sudden closure of a trading arena. Medalion points out that this form of 'collapse' is generally completely unexpected and can't always be predicted.
The best protection therefore is ongoing awareness of related news and regulation policies both for where you reside and in the country where your chosen arena is based. He emphasizes that the importance of this can't be stressed enough.
Custodial or Non-Custodial Exchange?
One key consideration all investors should be making: do you entrust your digital assets to a custodial or non-custodial exchange? A custodial arrangement means your tokens reside with the exchange, whereas when you opt for a non-custodial exchange your coins aren't entrusted to anyone but you. You take responsibility for your own funds by saving your own private keys to non-custodial wallets.
Nolan Bauerle, director of research at CoinDesk notes:
“The first question to ask is whether you'll use a custodial or non-custodial exchange. Concerns are different for each. Non-custodial exchanges that do not store private keys are generally crypto-crypto exchanges. Red flags for custodial, fiat-crypto exchanges start with their cold storage policy: what percentage of private keys do they keep away from the internet?”
He believes the worst BTC hack on record was aimed at Mt. Gox, which held most private keys in a hot wallet that had been compromised by an online attacker.
Dror Medalion provides an additional point worth noting:
One last thing about the security level of the platform. Users must make sure that there is 2FA registration and that the domain is stored on their bookmarks, to avoid any phishing attempts.
Though cryptocurrencies are a developing asset class, it's certain that as it progresses so will security refinement and advancement. Nevertheless, as with every other investable asset, the best protection remains smart due diligence and a thorough knowledge of the instrument and investment landscape.