August 18, 2019

August 16, 2019

Subscribe to Latest Legal News and Analysis

August 15, 2019

Subscribe to Latest Legal News and Analysis

Surge in Cryptocurrency Exchange Hacking Activity

Cryptocurrency exchanges have always been a prime target for hacking activity due to the vast amounts of cryptocurrency and money held within each exchange.  Finding and exploiting weaknesses in exchanges can be very profitable for hackers, and such hacking activity has grown exponentially year on year.

In late December 2018, Coindesk published an article revealing that the amount of cryptocurrency stolen from exchanges increased 13 times in 2018 compared to 2017.  Analytics firm Chainalysis reported that approximately $1 billion worth of cryptocurrency was stolen from digital currency exchanges in 2018.

Many successful hacking attempts can be attributed to the failure of cryptocurrency exchanges to secure their services, as can be seen from the following examples:

  • in January 2018, Japan-based Coincheck fell victim to a hack in which 523 million NEM tokens (at the time worth $534 million USD) were stolen.  This was due to the lack of protection mechanisms used, such as storing funds in “cold” (offline) wallets and using multi-signature protection requiring the approval of multiple parties to initiate transactions; and
  • in June 2018, South Korean-based Coinrail fell victim to a hacking attack worth $40 million USD.  Following the incident, Coinrail was unable to provide any information regarding the theft, prompting analysts to point to the lack of security personnel and limited investment in security within smaller cryptocurrency exchanges.

Hacking methods have also become increasingly sophisticated, with a rising trend of “51%” or “double spend” attacks launched by cybercrime organisations. A group that controls the majority of a blockchain’s computing power (thus a 51% attack) can create a separate chain which allows the group to re-spend funds that have already been spent on the original chain. An attack in January 2019 on Ethereum Classic caused $1.1 million USD worth of funds to be lost, with cryptocurrency exchange Gate.io losing $200,000.

A recent decision by an Italian Bankruptcy Court held that a director of an exchange operator was personally liable for not implementing suitable safeguards to avoid the loss of its users’ assets. Similar litigation is currently on foot in Singapore in relation to whether an exchange operator acted in “breach of trust” as a custodian. In addition, regulators in some countries such as South Korea have commenced conducting security audits on cryptocurrency exchanges.

Exchange operators must ensure that they take all reasonable steps to ensure the security of their users’ funds. Failure to do so may expose them to liability for breaching their duties to their users or cause them to be at risk of being shut down by regulators.

Copyright 2019 K & L Gates

TRENDING LEGAL ANALYSIS


About this Author

Jim Bulling, KL Gates, financial services lawyer, funds management attorney
Partner

Mr. Bulling's practise focuses on banking and financial services and he acts for a range of entities in the financial services and funds management industry. His clients include Australian and international investment managers, banks, trustees of superannuation funds, wholesale and retail investment trusts, funds management companies and financial planning groups.

His main areas of focus include banking and financial product disclosure issues, financial services compliance issues, financial product distribution issues and superannuation and...

61-3-9640-4338
Edwin Tan, KL Gates, investment fund attorney
Lawyer

Mr. Tan is a commercial and regulatory lawyer with a focus on the financial services industry. He advises on a range of Australian regulatory and compliance issues relevant to FinTechs, fund managers, financial advisers and other financial services entities.

Mr. Tan also provides advice on governance and compliance measures targeted at the prevention of bribery, corruption and anti-money laundering.

61 3 9205 2176