By Joe Tidy-Cyber reporter
https://www.bbc.com-image source-Getty Images
Taxi driver Chris is obsessively checking his phone for updates.
“I’m set to lose almost 2,500 euros (£2,100) worth of cryptocurrency coins,” he says.
Chris describes himself as “a small crypto-holder from Austria” and is one of many victims of a hack attack on cryptocurrency exchange Liquid Global last week.
The company has insisted it will pay all customers who lost out in the $100m (£72.8m) attack.
But until they get the money back, many customers are worried.
Every time 38-year-old Chris picks up a customer in his ageing Volkswagen, he’s reminded of what’s at stake.
“My car is more than 20 years old and I could have bought a new used car with that money,” says Chris. “It’s not catastrophic, but still quite a sum for me. I need at least one year to save that sum.”
‘My stress is at eight out of 10’
In Indonesia, 27-year-old Dina says she is in shock. “I’m feeling so angry with the hackers, and I’m feeling stress for myself. I have around $30,000 and I need that money to live on. I’m just a housewife trying to make money from crypto.”
At the other end of the scale, a 42-year-old Norwegian doctor says he is struggling to concentrate, because he could lose a fortune that he’s watched grow over the years.
“My Liquid balance is 969,000 euros. It’s extremely worrying to me and my stress is at eight out of 10. I’m always thinking about it.”
In Sydney, James describes the stress the hack has put on his parents, who managed to cash out at a loss before the company blocked transactions.
“My mum and dad had one Bitcoin on there, so about 70,000 Australian dollars (£37,000). It was, and is, a lot of money to them.
“There’s obviously stress created. At first they had no idea what was happening, then they felt they were basically forced to sell in a panic and withdraw which means they lost about A$10,000.”
Liquid Global was hacked last week, with the money unlikely to be recovered.
The Japanese firm said on Wednesday that it is carrying out a robust security review and wants to “reassure users that they will not suffer any loss due to the incident”.
Are exchanges safe?
Exchanges like Liquid are a vital part of the growing world of cryptocurrency. They are the websites that allow people to buy and sell digital coins like Bitcoin and Ethereum, and a place where many people leave their coins for safekeeping.
However, the safety of exchanges is questionable.
Earlier this month, another crypto platform called Poly Network was also hacked, and lost $610m of its customers’ funds.
Dozens of other hacks against cryptocurrency platforms have seen at least £1.6bn stolen by hackers since 2014.
The largest-ever cryptocurrency hacks
- BitGrail: $146m was hacked from the Italian exchange in 2018. It’s estimated that 230,000 BitGrail users lost funds.
- KuCoin: $281m was stolen by suspected North Korean hackers from this attack on the Seychelles-based exchange in 2020. The company recovered most of the funds and refunded customers.
- MtGox: $450m of mainly Bitcoin was hacked in 2014 which collapsed the Japanese exchange. None of the customers has been reimbursed yet.
- Coincheck: $534m was stolen in 2018 from the Japanese exchange. Customers were eventually reimbursed.
- Poly Network: $610m was hacked from the Chinese platform earlier this month in various coins. The hacker returned all the funds and customers have started being reimbursed.
Incidents involving tens of millions, or even hundreds of millions, of dollars are happening almost every few months and, because these platforms are largely unregulated, there’s no guarantee that customers get their money back.
Taking a ‘hair cut’
There have been cases of customers losing every digital penny or only being partially refunded – affectionately known as ‘taking a hair cut’.
“There will be zero hair cuts,” Seth Melamed, chief operating officer of Liquid Global, tweeted on Tuesday.
Financial commentator Frances Coppola says cryptocurrency systems are not learning lessons about security fast enough.
“The standard banking system is incredibly protective about security and it is regulated to death about it,” she said.
“Banks are actually suffering hacking attacks all the time. They’re just better defended, and also they have responsibility to reimburse their customers, which cryptocurrency platforms don’t have.”
She says it’s individual users who are more likely to be hacked or defrauded in traditional banking systems, which is happening all the time and costing millions.
Traditional bank hacks
Dr Amber Ghaddar, who has worked for big banks and is now a founder at crypto platform AllianceBlock, says traditional banking has seen its fair share of big hacks too.
She points to the hack of $81m suffered by a Bangladesh bank in 2016, and the 2017 incident at Union Bank of India that saw hackers steal $171m, which was later recovered. In each case, no customers lost out.
Dr Ghaddar says crypto-hacks are a symptom of a still new sector that’s growing too fast.
“Part of the problem is that these systems are built on open source technology. Open source is great because it uses the collective intelligence of a community to improve software and protocols, but one of the flip sides of open source is that some brilliant mind out there might find some weakness in the code.”
Dr Ghaddar thinks that the only way to prevent these attacks from happening is to bring in more regulation and rules.
“We need auditing and testing. We need to have various standards that need to be monitored in order to protect market integrity if we really want cryptocurrency to reach mass adoption.”
As well as cyber-attacks, everyday investors have been stung over the years by other types of crypto-catastrophe like so-called exit scams and rug pulls.
Investigators are still trying to ascertain how many millions, or maybe even hundreds of millions, were lost in the mysterious demise of the Africrypt exchange which collapsed earlier this year when the founders disappeared.
Customers of Canadian exchange QuadrigaCX are also still fighting for reimbursement after its founder died leaving $135m of coins unaccounted for in 2019.
The traditional finance system is of course littered with victims of large-scale pyramid schemes and other fraud which probably outweigh the losses in the cryptocurrency world.
But despite rapid growth, the crypto market is far smaller overall and recent history points to an industry-wide security problem.
As the $600m hacker warned in a recent public post: “We, the hackers, are the armed forces. If you are given weapons and guarding billions from the crowd while being anonymous, will you be a terrorist or the Batman?”