The early morning of May 8th, digital currency exchange currency security theft incident, hackers from hot wallet stolen coins an about 7000 bitcoin. Currency an official announcement said, this is a large system of attack, hackers access to a large number of users API key, Google 2FA verification code and other related information.
Although the official said the money an investor protection fund (SAFU) will bear the full loss of all the attacks in recent years, the exchange of security incidents still emerge in an endless stream worthy of vigilance.
The United States digital currency security company CipherTrace released a report, only the first 3 months of 2019, the global currency exchange is encrypted by hackers to steal $356 million worth of assets encryption.
Over the past few years, the center of the lost coin exchange events also emerge in an endless stream:
In February 2014, Japan exchange Mt.Gox stolen 750 thousand bitcoins, became the largest amount of bitcoin theft;
In March 2014, the United States 12.3% stolen bitcoin exchange Poloniex;
In January 2015, Europe’s established exchanges Bitstamp stolen 19 thousand bitcoins;
In August 2016, the headquarters is located in Hongkong’s Bitfinex exchange about 120 thousand bitcoins stolen;
In June 2017, South Korea’s largest stock exchange Bithumb stolen billions of won, thirty thousand user information was leaked;
In January 2018, Japan’s largest bitcoin exchange Coincheck stolen $530 million.
The security center of the exchange of assets, in addition to face external attacks, but also face potential risks, such as internal, at the beginning of this year, Canada exchange QuadrigaCX founder died suddenly causing the user loss of assets of $190 million, is the only platform private key kept by the founder, founder of accidents resulting in user assets is difficult to recover.
At present, the center of the exchanges occupy the leading position in the field of digital currency transactions, a large number of digital assets deposited in exchange, compared with the ordinary users wallet easier to attract the attention of attackers.
The exchange as a frequent and high-speed flow of funds transfer of assets to the user places, coins, currency trading, filling a number of processes, gives the attacker more opportunity. Exchange users began facing from the login attack risk is everywhere: the fake Web site phishing attacks, filling stage assets provided address posing and hijacking, personal account information leakage, exchange the wallet is stolen and so on.
In addition, the center of the exchange as an organization, process and personnel involved numerous, embezzlement, misappropriation of assets exchange users when events occur.
How to protect the personal safety of digital assets
For security reasons, everyone should have their own digital currency wallet, the assets in higher security wallet charge.
The wallet has a lot of kinds, according to the storage of the private key can be divided into hot and cold wallet purse. Cold wallet is completely isolated from the network, to avoid the risk of the private key was stolen by hackers, the hot wallet may at any time to trade in the case of networking, for some frequent trading friends more convenient. Currently on the market the main hot money package is divided into two types: managed HD wallet and purse. The main difference is whether the user needs to charge private key.
1. backup / mnemonic key
The private key is the most important thing is the management and use of digital currency, digital subscriber for all users, the private key determines the ownership, possession of the private key is truly with digital currency assets. So how to secure private key is the basic knowledge for everyone to master in the field of digital currency before.
The private key is generated by the encryption algorithm is a 64 bit sixteen hexadecimal characters, equivalent to the bank card password. For many novice digital currency, the private key cognitive threshold is relatively high, store up more trouble, so the private key is a kind of easy memory and backup form mnemonic, the algorithms of the 64 bit private key into several common English words.
Mnemonic and private key as a lost or stolen risk, must be properly kept. Don’t exist in the mobile phone or online screenshots stored in the cloud disk, the traditional method is to copy on paper, but the paper easy to damp and can fire, it is difficult to preserve, you need some permanent, solid and reliable things to store your mnemonic word.
2. white users: hosting wallet can choose safe and easy to use
For entering the world of digital money users, personal custody secret / mnemonic words have a certain threshold. In addition to hacker attacks, many lost coins event is because the user did not take good care of your private key / mnemonic word.
In this case, you can choose a safe and reliable hosting wallet (also called cloud wallet).
Hosting wallet to help users to keep the private key, so at the time of registration only mobile phone number or email, does not need to input the mnemonic word, also do not support key import function. You only need to keep the login password, even if the mobile phone is lost, can still find assets.
In order to ensure the safety of different accounts, wallet, exchange account to make use of the one and only the password, it can generate high random password by 1Password, such as Lastpass tools, and take good care of the master password; opened two verification, such as Google verification code to your account multiple security.
Of course, the use of cloud wallet is not permanent, for beginners, is more important to study digital currency based safety knowledge, grasp the method of personal custody of the private key. The wallet hosting +HD wallet “double purse” mode has become the mainstream, to meet the needs of different users.
3. cold store Coin Wallet, the most secure method
The stolen coins on 7000 BTC are from the hot wallet, and history, the center of the exchanges many theft is because the hot wallet is attacked, you want to store digital money safely, cold wallet is essential.
Cold wallet from the Internet, theoretically allowing private key never net, so as to avoid the attacks from the Internet, and easy storage, cold wallet is considered as a kind of digital currency storage the most secure, digital users to store large amount of assets.
At present, many large assets more options to store digital currency with hardware purse, wallet is a real hardware equipment, digital assets of the private key stored separately in the chip, when the user needs to use the private key, can also call the private key data from the hardware, wallet, purse by hardware can perform data backup, once the device is lost digital assets can also come back.
You can choose different storage methods according to their own situation, and remember that “don’t egg in one basket”, the digital assets in a certain proportion on risk diversification in exchange, hot and cold wallet purse.