On June 19, 2018, Bithumb, one of Asia’s largest crypto exchanges, lost $30 million worth of cryptocurrency in a system hack. When the announcement broke at 1 AM UTC on June 20, the cryptocurrency market had already taken an immediate hit. The price of Bitcoin fell over $200 dollars within minutes.
Bithumb quickly suspended all withdrawals and deposits on their system and moved all assets to cold wallet storage.But the question we should all be asking is, why weren’t the assets in cold storage in the first place?
What is a hot wallet and what is a cold wallet?
Here’s the simple difference: hot wallets are connected to the internet while cold wallets are not. This means that the security of hot wallets is dependent on the security of third party service providers, such as exchanges. As long as something is connected to the internet, it is vulnerable to attack. This is why most security-conscious exchanges keep only a small portion of users’ money in hot wallets - it wouldn’t be worth the time of a hacker to only gain access to smalls amount of money.
Many major exchanges, however, are still storing users’ assets in hot wallet. Bittrex now holds more than $2.3 billion in its hot wallet. If they were to get hacked, all of their users would lose their money.
The loss is real
The cryptocurrency industry already lost $673 million to hacks by the end of the first quarter. One of the biggest heists in history happened to CoinCheck in January, where hackers drained $500 million from their hot wallet, which lacked even multi signatory security, a measure requiring multiple sign-offs before funds can be moved.
While hot wallets allow quick transaction times for users, they pay the price in risk. Crypto exchanges have the responsibility to protect their user’s assets. How many more hacks will it take before we concede that cold storage is the only way to protect our funds?