Cryptocurrency is an interesting beast. Unregulated by governments. Not backed by reserves or governments. Difficult to track IF DONE RIGHT. Completely transparent if not done right.
For all of these reasons, it is the target of attackers of all stripes.
The first attack this week was in England. Armed robbers broke into the home of Bitcoin trader Danny Aston and forced him at gunpoint to transfer an unknown amount of Bitcoin from his account to an account under the control of the burglars.
The attack is kind of old school. Hold someone up at gunpoint and make them turn over their money.
But a couple of things are different. First, unlike money you can’t deposit it in a bank where there is government assurances of protection. Also, it is highly unlikely that you can obtain insurance to protect yourself in this case, although it is possible that traditional burglary insurance might cover it. Typical burglary insurance, however, has very small limits of reimbursement like a thousand dollars of cash or maybe a few thousand.
On the other hand, I am not quite sure how the burglars are going to convert the bitcoin into cash. The blockchain is very transparent – every transaction is visible to anyone who wants to see it. In this case since we know or could know the wallet ID of Danny Aston, we could follow the bitcoin no matter how many twists and turns it makes. But, there is a problem – of course. While we know Danny’s wallet ID, if it went from there to wallet A, then B, then C and D and so on, there may not be a way to identify those other wallets. Especially if the wallet is not associated with a Bitcoin exchange (it doesn’t have to be) or is associated with an exchange in a country not friendly to us. In any case, the bread crumbs will live on for ever, so those robbers need to not make any mistakes. Ever.
Now onto the second incident.
Hackers stole more than $500 million in a cryptocurrency called NEM. The NEM coins were stolen from a cryptocurrency exchange called Coincheck. Apparently, the wallet from which the money was stolen was a “hot” wallet, meaning that it was connected to the Internet. I don’t know about you, but I wouldn’t leave a half billion dollars exposed to the Internet.
There has been no explanation of how the attack was carried out.
The good news is that Coincheck says that they are going to reimburse depositors some percentage of their money, but have not explained how, when or where they are getting the half billion or so dollars to do that. Likely depositors will NOT get reimbursed for 100% of their losses.
And so, the attacks continue and are not likely to stop any time soon.
And equally likely, people will continue to lose their money.
None of the attacks that I have seen attempt to compromise the cryptography. Instead they either find software bugs or just do an old fashioned stick-em-up (although that was the first time a Bitcoim stickup was ever reported in England).
Even if Coincheck does come up with the half billion dollars to reimburse the depositors, someone is going to be out the money. After all, unlike the government, Coincheck can’t just print more money.