AscendEx, on December 11, 2021 22:00 UTC, announced the hacking of its HOT wallet.
Our #1 priority is to protect our users. This means that all impacted accounts will be covered 100%. It also means opening deposits and withdrawals in a SAFE and timely manner. We will share in thorough security post-mortem on this incident in the days to come.
— AscendEX (@AscendEX_Global) December 13, 2021
This brings us to the big question of, which exchanging platform is safe? If amidst the amount of security splurged around AscendEx, and yet, still got hacked. What’s then the fate of Binance, KuCoin, Coinbase, and others?
AscendEx is a popular (and global) cryptocurrency exchanging platform. With a comprehensive product suite, including spot, margin, and futures trading for 200+ blockchain projects. The website, with the domain name “ascendex.com”, according to WHOIS(dot com) was registered on 27th July, 2008.
What is Hot Wallet?
A Hot Wallet (also referred to as “Online Wallet“) is stored online through platforms who offer a storage service (such as Luno). It is heavily encrypted. With a hot wallet, users trust the platform to store and secure their private and public keys. Because it is online, it means you can gain access to your crypto more easily.
What is Cold Wallet?
A Cold Wallet (also referred to as “Offline Wallet“) is a preferred choice for people who want to have more control over their cryptocurrency. They offer a higher level of security from digital threats, as they are kept offline. Where hot wallets are more vulnerable to hackers, cold wallets are more vulnerable to physical threats.
An offline wallet involves installing the wallet software on a bootable USB or a live CD to ensure the OS is virus-free and doesn’t cache, log or store wallet keys anywhere. The cold wallet needs to be kept offline and physically secure — maybe even in a traditional bank vault — as the loss or theft of a wallet means the permanent loss of the bitcoin it contains. For example, a hard drive storing 7,500 bitcoin was thrown away in 2013 when the owner forgot it contained the cryptocurrency. Worth roughly $7.5 million at the time, as of this writing, the amount would be valued at around $322 million.
For hackers to steal bitcoin from cold wallets, they would need physical access to a wallet and would need to know any associated PINs or passwords used to access the funds in the wallet. If an offline wallet is encrypted, it is important to not forget the passphrase. Some experts prefer not to encrypt this type of wallet because, in the event of death, descendants would not be able to access their inheritance.
Hot Wallet is connected to the internet and vulnerable to hacks/attacks. While cold wallets are offline. So basically storing everything in a hardware. Instead of the HOT wallet that’s linked to the internet. The HOT wallet is where their day-to-day transactions happen. But the COLD wallet is basically the BANK of the exchange. The way banks have money in vault. That’s same thing as the COLD wallet.
“You might ask why don’t the exchanges just keep everything in the COLD wallet. I’ve once thought that too. But you don’t expect the bank to open their vault for every transactions. That’s why they store the funds in that ATM. So COLD wallet is basically a VAULT and HOT wallet is an ATM.” – Ezuwore Uzezi Simeon
Security Guarding Cryptocurrency
Several elements help secure bitcoin from theft. Cryptography controls the creation and transfer of a cryptocurrency, and the protocols underlying bitcoin have proven to be strong. Bitcoin’s use of a distributed ledger technology (DLT), commonly known as blockchain, gives owners a record of all their transactions that cannot be tampered with because there is no single point of failure. Bitcoin’s DLT transparency means all transactions are available to the public, but the individuals concerned remain anonymous so there is no possibility of a data breach as with traditional financial systems.
However, DLT’s and blockchain’s strengths haven’t stopped attackers from exploiting vulnerabilities within crypto-exchanges, which are platforms on which customers make payments and trade cryptocurrencies for other digital or conventional currencies, and crypto-wallets, which are the software used to store bitcoin on computers and smartphones.
Crypto-exchanges and -wallets generally do not provide enough insurance and security to be used to store money in the same way as a bank. Not surprisingly, as the value of a bitcoin has increased, so too has the number of viruses designed to steal bitcoin from wallets, as well as cyber attacks against exchanges. With the value of a bitcoin trading from anywhere between $29,000 and $63,000 so far in 2021, attacks can be lucrative. CrowdStrike Intelligence noticed hackers shifting from operations targeting large financial institutions to crypto-exchanges. In 2019, about $293 million worth of cryptocurrency and 510,000 user logins were stolen from 12 crypto-exchanges, while 2020 saw nearly $3.78 billion stolen, according to Atlas VPN, with around $281 million taken in one attack against the KuCoin exchange.
Cryptomining malware attacks, also known as cryptojacking, also continue to plague internet users, with their devices’ power and resources being hijacked to mine for cryptocurrencies.
Fate of the victims of Hacked Wallets?
So, what is the fate of owners of the wallets that got hacked?
1) Update to 12/11 Security Incident: #AscendEX is in the process of standing up a new hot wallet infrastructure. We estimate deposits and withdrawals to resume in the next 36 – 48 hours. Trading, staking, and yield farming are still accessible to all users.
— AscendEX (@AscendEX_Global) December 14, 2021
Few moments after AscendEx got hacked, the platform on its official Twitter account announced that it would hold a Live with the CEO, George Cao, to unveil to the public updates regarding the hack.
“Our CEO @George_AscendEX will conduct an AMA today at 16:00 UTC Twitter to share more info regarding the security breach, compensation arrangement, resuming operations. Any impacted users will be refunded 100%. We will continue providing transparency and appreciate your support!“
The situation is certainly unfortunate and we are working round the clock to reach timely resolutions and provide transparency to users. We have confidence in the resilience of our community and the deep relationships we share with members of the cryptocurrency community.
— AscendEX (@AscendEX_Global) December 12, 2021
However, no further talks on whether to refund the owners of the hacked wallets or not. Which indirectly means, nothing! It’s all GONE!
Binance, KuCoin, Coinbase, and Others?
Truth is, no one can give accurate guaranteed security as far as internet is concerned, one can only try.
Regardless, the incident will definitely send signals to Cryptocurrency exchanging platform to up their security to avoid getting bursted.
Cryptocurrency is the future. Cryptocurrencies are here to stay. Many countries — including the U.S. and countries in the European Union — have taken steps to allow their use under financial and tax laws and regulations. Other countries, such as China, are more circumspect. While not banning them outright, many of these other countries have passed measures to limit their use due to concerns over price volatility and potential use for money laundering and illegal transactions.