8-Figure Exchange Hack: Exmo Loses 5% Of Holdings
On December 21st, 2020 the UK based cryptocurrency exchange EXMO reportedly suffered a devastating hack. Although hacks of the actual Bitcoin blockchain are rare, hacks of frequently used apps or cryptocurrency exchanges are frequent, and generally devastating, for the app in question.
What is EXMO
Exmo is a cryptocurrency exchange based out of London in the UK that offers a number of different cryptocurrencies in exchange for fiat currencies such as the Euro or the Russian Rubble. Exmo does not allow US traders but does accept the US dollar. Users can use credit cards, debit cards, and a number of payment apps to purchase cryptocurrencies through the app. Exmo has its own internal payment system known as Ex-Code. Exmo has both hot and cold wallets for security as well as 2FA and IP recognition to prevent unauthorized log in attempts. Exmo is known for their excellent customer service, whom can be reached using a chat function directly in the app. There are fees, but they are reportedly low, and users report the app has excellent communication.
The Hack
On December 21st, the exchange employees began to notice weird withdrawal activities on their platform. There were a number of large Bitcoin withdrawals, as well as large withdrawals from five other cryptocurrencies. These currencies were Ripple, Zcash, Tether, Ethereum, and Ethereum Classic and were all rapidly executed from customer hot wallets. Exmo estimates that hot wallets compromise 5% of their total commodities. At this time Exmo has stated that all currencies held in cold wallets are safe and were not affected in the hack. Over $10.5 million dollars of cryptocurrency assets were lost.
Exmo’s customer service team has emphasized that customers who were victims of the hack will have their lost funds replaced by Exmo and they need not to worry. In the meantime, Exmo is pleading with other exchanges to block the addresses which were used to carry out the hack in hopes that a hack won’t happen at another exchange. The case was reported to the London police, but the exchange has no idea who perpetrated the hack. This crime is still extremely recent and hopefully more information about the hack will be discovered in the coming days.
In the meantime, if you are an Exmo customer who had funds in their hot wallet on December 21st, give your funds a check and ensure there are no unauthorized withdrawals. If there are, contact Exmo customer support immediately.
How to Protect Yourself Against Hacks
Unfortunately, cryptocurrency hacks are all too common and are growing to become a huge issue in the cryptocurrency world. One only has to mention the name Mt. Gox, for serious Bitcoin holders to shudder. The good news is, there are a number of simple ways to protect yourself from hacks.
First of all, as many users in the Exmo hack learned, keeping your coins stored in a cold wallet when they are not being actively traded is always in your best interest. In fact, never store your coins in a wallet on an exchange platform period. Cold wallets aren’t attached to the internet and are almost impossible to hack unless someone has your personal code. While normally this is about as safe as you can get with your coins, there was sadly a recent breach to Ledger customer data, leaking information such as names and addresses, phone numbers and even email addresses. Which brings us to the second point, always safe guard your passcode. Don’t write it where someone else can find it and certainly don’t share it with anyone. Make sure the password you use for your cryptocurrency market accounts (if not an automatic 20-word seed required by most cold wallets) are long, complicated, and difficult to guess. Aka, please don’t continue to use your mothers maiden name, or worse, the word ‘password.’ If you find yourself with a plethora of passwords which are difficult to manage, there are a number of password management apps you can use. KeypassXC is an example of a password app which is user friendly and can be deployed on both your phone and laptop.
Now even if you guard your password, and your funds, via cold wallet, there are still times where you will have to make transfers. And when you do so, make sure you are on a WIFI network you trust and that you are not in a public place. Why is this? Because thanks to technology there are now fancy devices on the market which can be purchased to easily hack a computer via WIFI or intercept texts as they are sent. This means that even if you are using 2FA to protect your account, a hacker could use one of these devices to steal your SMS code.
Even if you follow all the steps above, there are still other types of “hacks” which could result in the loss of your coins, and the number one-way people lose their tokens is actually in ICO’s. In the ICO boom in 2017, a number of scams slipped through the cracks along with a number of legit companies who stole from investors, resulting in losses of millions of dollars of cryptocurrency. This is why it is absolutely critical that you research any and all information regarding a company before giving them your coins. And if it’s an especially large investment, inquire about their recuperation options in the case your capital is lost. You may just be surprised by what you end up learning.
Overall, becoming involved in the cryptocurrency world is risky no matter how you look at it, so the last thing you want to worry about is your funds being stolen from the places you consider safe. Before you get involved in an ICO, cryptocurrency exchange, or investment of any kind, make sure you research the company which will be holding the coins, yes this includes any exchanges you may trade on. Also ensure you are always storing coins in a safe (cold) wallet when you aren’t actively exchanging them and always protect your passwords from a breach. Doing all these things won’t completely protect you from theft, but it will set you up in a much better scenario than someone who is currently storing their coins in a hot wallet on an exchange.