You may have heard about the famous exchange hack on Mt. Gox where hundreds of thousands of Bitcoin were stolen from users. Bitcoiners learnt a very valuable lesson from that, and since then around 75-78% of Bitcoin is kept in cold storage, and off exchanges.
This wasn’t the last hack. There was one 2 months ago, on the Japanese exchange, Liquid, where around $80m in Crypto was stolen.
Here is a list of other hacks to put it into perspective:
|Sep 26 2020||KuCoin – private keys to the exchange’s hot wallets were obtained.||$280,000,000|
|Sep 8 2020||Eterbase – hacked byt threat actors||$5,400,000|
|Nov 27 2019||Upbit – 342,000 Eth stolen from hot wallet||$49,000,000 (at the time)|
|July 12 2019||BITPoint – funds stolen from hot wallet||$32,000,000|
|June 27 2019||Bitrue – assets hacked and stolen||$4,200,000|
|April 1 2019||Bithumb – EOS stolen (inside job)||$13,000,000|
|March 25 2019||Coinbene – funds went ‘missing’||$100,000,000|
|Sep 14 2018||Zaif – exchange hacked||$60,000,000|
|July 9 2018||Bancor – a ‘decentralized’ exchange hack||$23,500,000|
The list goes on and on.
As of 10 November 2021, approximately $2.1Billion has been stolen from exchanges in 52 hacking events.
This doesn’t mean that local exchanges will get hacked. But the risk that most exchanges are taking is that every new ‘Altcoin’ (or what we like to call Sh!tcoin) that is added to an exchange, there is a requirement to add the infrastructure to support this coin.
This means there is continuous room for error and thus, risk. Every added layer, means more potential attack vectors for hackers.
Exchanges make a lot of money from adding more altcoins. More assets means more trading. More trading means more fees for the exchange. This is a dangerous path and what we are seeing now is that mobs chase the latest fad like some ‘doggy coin’ extremely quickly and there is little time to capitalise on this demand. Exchanges quickly add support for this coin, most likely with inefficient testing – and so the room for error and risk grows more and more.
It’s not only the exchange’s central hot wallets that get attacked – but the users themselves. Some of you may have gotten SMS’s recently alluding to one large exchange in South Africa. It is a scam of course and quite easy to spot – but unfortunately there are quite a lot of people who fall prey to these scams.
Some Coinbase users in the US have gotten hacked by 2FA with SMS, better known as sim-swapping. These users lost millions of dollars in crypto because of these attacks.
Exchanges in South Africa are not regulated, nor insured. It would be a very hard fight to get your funds back if you were to get scammed – that is the simple truth.
Then, let’s look at regulatory risk. We saw what happened in Nigeria when the Central Bank ‘banned’ Crypto overnight, but overturned this a few weeks later. Something like this could happen in South Africa – but there would probably be a grace period before it went live.
That’s regulation on the negative side – but let’s also look at the ‘positive’ side. What if Bitcoin were to become regulated and the exchanges (or service providers) were to become regulated as well. When/if this happens – expect a plethora of new terms and conditions that need to be agreed to, a new set of processes, structures and all the wonderful bureaucracy that comes with it.
If you’re holding your own Bitcoin – there’s never any Ts and Cs to agree to. It’s yours and no permission is ever required to do with it what you want.
Now, let’s look at some horrible, yet rational things to think about. I knew of a person who had +12 Bitcoin on an exchange. That is ~R12,000,000. What if that person died? What is the process, on an unregulated service provider, to pass that asset to the deceased’s beneficiaries?
These are scenarios that are being answered today in legal chambers at enormous costs – because the rules are not clear.
When custodying Bitcoin yourself – there are methods available to ensure this asset can be passed on securely and in most cases, privately. No need for permission, a will or an executor.
Another point that I worry about, and will probably become more important over time – is whether exchanges are rehypothecating Bitcoin, essentially creating a new fractional reserve system. I have no doubt that some, maybe most exchanges are doing this right now.
What this means is that if everyone at an exchange were to decide to withdraw their assets – the exchange wouldn’t have enough in their reserves.
This fractional reserve system created the mess in 2008, and now it’s starting all over again.
This is why ‘Not Your Keys, Not Your Coins’ is becoming more and more clear to people every day.
To conclude, let’s go back to the first point. Close to 80% of users are holding Bitcoin themselves. Some learned to do so through the hard way, or from others. But most likely they have to come to understand that if Bitcoin was supposed to allow people to be their own bank – why would +20% of people hold this asset with a third party, essentially making that third party a bank?
With Taproot being activated and the incredible developer community in Bitcoin – you can expect it to become easier and easier to self-custody your Bitcoin every year – and we’ll be there to help as many people as we can along the way.