Another week, another bitcoin exchange hack.
The latest in the long list of breaches occurred at China’s BTER exchange, which has lost 7,170 bitcoin (valued at ~$ 1.75 million at today’s exchange rates) via an apparent hack to its cold wallet system.
The company is offering a 720 BTC (~$ 170,000) reward for information leading to the return of the stolen funds. The offending transaction can be viewed on the blockchain, meaning that the bitcoin ecosystem has at least some shot at tracking the missing funds and identifying the party or parties responsible.
The company issued a statement in Chinese on its Weibo that read, in part:
To ensure the safety of other funds, we have taken technical measures to stop and turn off all the virtual currency trading in online wallets in order to do further checks
At the same time, we plan to arrange CNY and other virtual currency extractions as soon as possible to reduce user’s concerns.
Please be assured that we will not run away, we will assume responsibility for the user to recover the stolen Bitcoins.
The issues at BTER come a week after Hong Kong exchange MyCoin was revealed to be a $ 385 million Ponzi Scheme and less than two months after Slovenia-based BitStamp suffered a hack that cost what was at one time the world’s largest exchange more than $ 5 million in customer deposits. In late 2013, fraud by the owners of China’s GBL exchange cost customers $ 4.5 million.
But if BTER’s own statements are to be believed, this incident has the most in common with the Mt. Gox debacle in that both companies saw their respective cold wallets breached – in Mt. Gox’s case costing depositors a staggering $ 450 million in crypto-currency wealth (based on exchange rates at the time of the breach).
The use of cold wallets, which are by definition stored offline and in most cases protected by extensive physical security, are meant to prevent this very type of scenario. Most modern exchanges keep less than 5 percent of all deposits in their hot wallet at any time, with the balance meant to be safe from would-be hackers. For example, it was BitStamp’s hot wallet, not its cold wallet that was breached, meaning the exchange lost just a fraction of its assets and has been able to continue as a going concern (despite suffering a blow to consumer confidence).
One thing that all of these incidents have in common is that they occurred at international exchanges in jurisdictions that have little to no regulatory oversight pertaining to digital currency businesses. As I wrote last month when Coinbase launched the first regulated bitcoin exchange in the US in partnership with the New York Stock Exchange:
For bitcoin to “cross the chasm” it needs reliable institutions that users of all sizes and levels of sophistication can trust. Coinbase, in partnership with the NYSE and other major financial institutions brings a new level of sophistication and credibility to the market – even if many bitcoin idealists will bristle at the centralization and institutionalization.
Bitcoin is, in many ways, still navigating its rebellious teenage years. As the technology matures and adoption grows — not only among online anarchists but mainstream consumers and businesses — there will be less tolerance for the type of amateur hour operations and fly-by-night founders that have plagued the industry’s first half-decade. But with several venture-backed organizations like Coinbase, BitPay, Circle, Blockchain, Xapo, Kraken, Ripple, Gemeni, SecondMarket and others seemingly operating under the full scrutiny of US regulations and the oversight of boards of directors with significant vested interests in their success, this transition is already taking place.
The Coindesk Bitcoin Price Index sits at $ 236 currently, up nearly 34 percent since bottoming out on January 14 at $ 177 – a low precipitated in part by the above-mentioned BitStamp hack and the trial of accused Silk Road mastermind, Ross Ulbricht – but down significantly from its all-time high of $ 1,120 reached in November 2013. Sentiment within the industry remains high, despite the overwhelmingly negative news cycle in recent months.
Lest you look at the above list of bitcoin hacks and conclude this is a technology that is somehow more risky or less worthy than the existing legacy banking system, note that the world’s leading banks were just hacked to the tune of $ 1 billion and didn’t know for months that it was taking place.
Hackers steal $ 1 billion from banks; Bitcoin not involved but I assume somehow to blame :-). http://t.co/HFq9n9egFB
— Marc Andreessen (@pmarca) February 16, 2015
The rule of thumb in bitcoin, as with most things in life, is choose wisely who to do business with and know what recourses you might have if things should go wrong. This isn’t the first time BTER was the victim of a major hack. In August 2014, the company had £1 million ($ 1.65 million) of the NXT digital currency stolen from the exchange.
In the case of BTER, it’s unlikely that affected customers will get their funds back. With the latest generation of regulated exchanges, like the banks affected by the above hack, FDIC insurance covers those unlucky enough to be caught up in any breach.
It’s still early for bitcoin, meaning the Darwinian process of weeding out bad actors continues. At the same time, the industry is beginning to identify and embrace those good actors, who will likely be the seminal companies as the digital currency ecosystem matures. There are now more reputable exchanges and wallet providers than at any point in history. In the meantime, if you have doubts about your bitcoin service provider, trust your instincts and do something about it. This is one lesson no one wants to learn the hard way.
[Illustration by Brad Jonas for Pando.]