Is the current hacking spree on cryptocurrency exchanges a force for change?

Hacks and thefts have been a running problem for cryptocurrencies throughout their lifetime, but will the spate that have taken place over the last six months be a catalyst for a better outlook in the future?

The price of Bitcoin, along with all the various cryptocurrencies and altcoins whose prices appear inextricably linked to its fortunes, has suffered badly due to two thefts from Asian exchanges over the last 10 days. Such attacks, and others that preceded them, have recently become a driver for regulation and increased oversight across the globe, most markedly in Japan.

There, the Coincheck debacle (and, looking further back, the digital burglary of Mt.Gox’s wallets and the fallout thereof) did significant damage to the reputation of the cryptocurrency sector – even among some of the most enthusiastic users of digital money in the world – but things are changing rapidly.

So, have things actually got worse, or is it just more of the same – and could regulation slow down the spate of attacks and fraud?

A not-so-brief hack-story of crypto

There are many, many instances of hacks that had short term effects on the prices of individual cryptocurrencies, or indeed the market in general. However, in the same way that bank robberies don’t effect the value of money in the same way that macro issues or bank collapses do, not all leave permanent scars. Thus, I’d like to focus on three that came at almost the same distance apart, and most certainly did.

The DAO goes down

It’s almost exactly two years ago since the infamous hack on The DAO – a decentralised autonomous organisation that acted as a consensus driven investment fund – lost investors nigh-on $50m-worth of the Ether that had been ploughed into the project. What was hailed as a “a paradigm shift in the very idea of economic organisation” by TechCrunch in May 2016, was gone completely by late Autumn after vulnerabilities in its smart contract system saw the coins disappear. The losses eventually led to a hard fork in the Ethereum blockchain, instigated to compensate those who had lost out, a schism in policy that eventually led to Ethereum Classic’s existence.

Mt.Gox erupts

Those events came two years-and-change after news broke of the debacle that would eventually bring down Mt.Gox, then the biggest Bitcoin exchange in the world when Bitcoin was one of only a few cryptocurrencies. It’s a theft that is still causing ripples in the BTC market to this day, that was (as one of the first Bitcoin related events to really gain traction in mainstream media) a lot of people’s first exposure to the idea of Bitcoin, and served as a salutary reminder that initial coin offerings (ICOs) and altcoins, the tranche of cryptos that came in the wake of Bitcoin, was going to continue to be a risky thing to put your money into for some time to come.

The Mt.Gox exchange hack cost the company and its customers something in the region of 650,000 BTC – $450m at the time, somewhere in the region of $12bn at the peak price of Bitcoin last January (say $19,000), and around $4.2bn right now (with BTC at roughly $6,500). It appears to have been the result of some naivety by the creators of the site, and its struggles to cope with the exceptional growth the sector experienced almost immediately after Mark Karpeles took over the exchange from its creator, Jed McCaleb, in March 2011.

By 2013 Mt.Gox was handling 70% of BTC transactions worldwide. By February 2014, it was on its knees, the victim of a long-running attack vector that had seen the coins lifted from its hot wallet steadily over the previous three years using an exploit of the Bitcoin code that allowed a hacker or hackers to move Bitcoins without it appearing that they had done so. Systems at the exchange did not highlight what was going on until it was too late. Creditors were, however, eventually saved by the selling off of 200,000 bitcoins “discovered” in a cold wallet well after the exchange had ceased to be.

The fallout

In terms of percentage loss, Bitcoin’s price receded 36% as revelations steadily cut through the uncertainty surrounding Mt.Gox in February-March 2014. Eventually, BTC settled at about 50% of what it had been worth in early December 2013. However, with that high being under $1,200, looking at a chart showing the history of its price now, it’s hard to even see the blip when set against early 2018’s high of just below $20,000. Time is, as they say, a great healer. At the time, it felt like the whole crypto project was teetering.

If you consider these to be two of the biggest scandals to hit the cryptocurrency markets so far – and, depending on whether you were affected or not you’ll have your own opinions on whether they are – it shows something of a cyclical pattern. Bitcoin’s price broke $1,000 late 2013/early 2014, before Mt.Gox happened, crashing the price. The DAO, two years later, rode on the back of rising interest in Ethereum and its corresponding value, then that suffered a high-profile hack.

Crypto prices exploded in late 2017, and now we’re seemingly embroiled in another long list of crypto crimes coming in thick and fast.

The latest of these is Bithumb, seemingly the victim of a $32 million theft of coins. That was preceded by a hack on Coinrail, another South Asian exchange only 10-days previously, with LiteCoin particularly affected. Both had a marked effect on price of cryptocurrencies in general, with news of the latter apparently wiping $40bn-plus from a market that was beginning to look like it was recovering from a torrid 2018. It has, at best, set any price recovery back a few months. They’ve been big news, short-term, but neither have caused anything like the ructions Mt.Gox did – their value compared to the total market is just too small to be anything more than a footnote.

The one that, arguably, has done more ‘damage’ than anything we’ve mentioned so far, however, is the removal of $500m-worth of NEM from Coincheck’s coffers. Market-wise, when it was reported in late January of this year, the news placed heavy downward price pressure on cryptocurrencies that had already been in something of a free-fall for the previous fortnight. Exactly how much influence it had on the market is a subject for debate, but BTC lost close to 50% in the week following the news breaking. Two weeks later, it had reclaimed much of that loss, but its pretty clear that it has been a considerable factor in creating the tense climate in the market that has depressed the price of cryptocurrencies steadily since.

The market, as it always has – so far – recovered. The bigger effect of the hack took longer to be seen.

The future

Ironically, Coincheck, Coinrail and Bithumb could be a catalyst for ending the era where large scale hacks can have such an effect.

Like the users of The DAO and Mt.Gox, victims of the NEM theft were compensated from Coincheck’s own reserves. The restitution, though not perfectly handled, came in a much more timely and professional manner than was seen in the case of The DAO or Mt.Gox. The fact Coincheck actually had reserve enough to cover the losses meant that the decision by the cryptocurrency’s foundation not to take the Ethereum route and step-in meant nobody was out of pocket. Therefore, I’d argue that it shows just how far the market has come in terms of professionalism in a relatively short time. Equally importantly, that professionalism and adherence to at least some tenets of standard banking practice could allow customers more confidence in the future.

As cryptocurrency has steadily increased in value, so has the regulatory overwatch on the sector. This, I’d posit, is not such a bad thing for the average punter – exactly the kind of people that need to begin to trust cryptocurrencies if they are to flourish.

Now, led by the Japanese authorities’ reaction to Coincheck, which has forced some other players to leave the country and others to step-up standards to take advantage of the gap left by it, central banks and financial conduct bodies across the globe are beginning to formulate laws to cover the sector. Exchanges are realising that they are going to have to conform to some of the same rules as traditional financial instrument markets if they want to compete with the established players, should (maybe ‘when’) they decide to get involved in cryptocurrency – something that some people argue is inevitable.

When news of a relatively minor hack, like Coinrail, can have the effect it did on the market, you know investors are jittery and fragile. Ironically, a big wallet hack in late 2017 – when $115m was taken from users of Parity – had nothing like the same impact on a rapidly rising bull market as Coinrail did on the bearish charts of 2018. When people are making big money, things going wrong can be overlooked – but not when markets are struggling like they are now. Thus, I’d argue that regulatory adaptation, and the confidence it can bring, is perhaps as important as any factor going forward.

Not everyone will agree that regulation is a good thing in the ICO space, especially among those already embroiled in the sector who may see it as an affront to the principles on which Bitcoin was founded. However, if the cryptocurrency market is ever to stop lurching from crisis-to-crises and court the mainstream, which it must if it’s ever to realise the price predictions those same people are often prone to making, the entities we trust to store and trade cryptocurrency must become more secure and more mature. If crypto is ever going to be a truly global trusted method of payment, its infrastructure needs to look like it’s capable of taking on the task.

If they want to act like banks, it seems intuitive to say that exchanges and repositories for cryptocurrency need the same security, systems, and oversight that banks do (whatever you think of the effectiveness of that), with the kind of reserves and underpinning that means a single group of people with malicious intent – and amazing ambition – cannot rock the boat.