Thieves tend to gravitate toward opportunities where there is a promise of easy riches. There are weaknesses in cryptocurrency networks that hackers can exploit, so your cryptocurrency can be stolen; however, it can only be done in certain scenarios.
So, how can you protect yourself and your cryptocurrency investments?
Key Takeaways
- Cryptocurrency is a decentralized digital currency that uses cryptography to secure transactions and ownership information.
- Cryptocurrency transactions are recorded in a digital ledger called a blockchain.
- The concepts behind blockchain technology make it nearly impossible to hack into a blockchain. However, weaknesses outside of the blockchain create opportunities for thieves.
- Hackers can gain access to cryptocurrency owners' cryptocurrency wallets, exchange accounts, or the exchanges themselves.
- Ransomware and scams are also used to steal cryptocurrency.
Blockchain Security
Cryptocurrency blockchains are generally public ledgers that record and verify all transactions in a blockchain network. Everyone can see transactions, the pseudonymous addresses involved, and the amount transferred. However, these public ledgers do not allow anyone to access them and submit or change entries; this is done automatically by scripts, programming, encryption techniques, and an automated transaction validation process.
How Is a Blockchain Secured?
Security is addressed in a blockchain through cryptographic techniques and consensus mechanics. Blockchains use encryption to encode transaction information and include the data from previous blocks in each following block. The entire ledger is chained together through encrypted data. Each newly created block makes it more secure.
An existing blockchain, therefore, cannot be hacked in the traditional sense of "being hacked," where malicious code is introduced into the chain or someone "hacks" into the network with brute force and begins making changes or asserting control.
How Can a Blockchain Be Attacked?
An attacker—or group of attackers—could take over a blockchain by controlling a majority of the blockchain's computational power, called its hashrate. If they own more than 50% of the hashrate, they can introduce an altered blockchain in what is called a 51% attack. This allows them to make changes to transactions that were not confirmed by the blockchain before they took over. Transactions—at least on the Bitcoin blockchain—are generally secure after one confirmation. However, they aren't considered wholly confirmed and immutable until six confirmations have been completed.
For instance, if you transferred 1 BTC to a friend, the transaction would be recorded and confirmed in one block—this is the first confirmation. That block's data is recorded into the next block, confirmed, and the block is closed—this is the second confirmation. This must happen four more times for a transaction to be considered immutable (on the Bitcoin blockchain). Transactions that have not been processed can be reversed in a 51% attack.
The attackers would then be free to use the tokens used in transactions that the network has not confirmed. They can transfer the coins to anonymous addresses, and the altered blockchain would act however they had programmed it to work.
Blockchains with smaller numbers of participants have been attacked in this manner, but larger networks—such as Bitcoin and Ethereum—make it nearly impossible to successfully attack due to the costs involved in acquiring 51% of the hashrate (BTC) or staked crypto (ETH).
Where Cryptocurrency Hacks Happen
Cryptocurrency ownership is essentially tied to data on a blockchain, a virtual token, and keys. Each token is assigned a private key, which is held by the owner or custodian appointed by the owner.
Wallet Hacks
Private keys and the way they are stored are two of the primary weaknesses in cryptocurrency and blockchain. There is a saying in the cryptocurrency industry:
Not your keys, not your coin.
This saying implies that no matter the circ*mstances, if you don't control the keys to your crypto, you can't control what happens to it. Allowing someone else to store your keys for you, referred to as a custodial relationship between key owner and key holder, gives that entity, or whoever might have the keys, control of your cryptocurrency.
A private key can theoretically be decrypted. However, one key is an encrypted number with 2256 possibilities (equal to 115 quattuorvigintillion possibilities—a quattuorvigintillion is a 1 followed by 75 zeros). It would take centuries, possibly millennia, to brute force the encryption with current technology.
This is where many hacks and thefts occur—a wallet, where private keys are stored. All private keys are stored in wallets, which are software applications installed on mobile devices and computers.
Electronic and software versions on wallets are either connected to the internet (hot) or not connected (cold). Cryptocurrency exchanges generally offer hot and cold storage methods for their users; these methods are custodial because they hold your keys for you.
Applications (software) and devices can be hacked. Because private keys are stored in applications and device wallets, hackers can access them and steal your cryptocurrency.
Exchange Hacks
No matter what a custodial key holder tells you or what level of security they advertise, they are a weak spot. Exchanges generally hold cryptocurrency in reserve for liquidity and the private keys for many of their customers. This makes them an attractive target for hackers.
If you don't store your private keys on an exchange, they cannot be accessed, and your cryptocurrency is safe—at least from an exchange hack.
Reputable exchanges can store your keys for you in what is called "deep cold storage." These are generally offline data storage units with enterprise security, and some—like Gemini—even offer the equivalent of insurance if your cryptocurrency is stolen as a result of a direct hack or security breach of their systems.
Other Types of Theft
Everyone hears about the large exchange hacks on the news, but what isn't often mentioned is the techniques other than hacking used to steal cryptocurrency.
Scams have always been a method used by thieves. However, it seems in 2023, romance scams were among the biggest techniques used by them to acquire crypto. In these scams, thieves pose as romantic possibilities until a target is comfortable, and then begin a quest to convince their unsuspecting love interest that they urgently need cryptocurrency to fund an emergency.
Ransomware, once on the decline regarding cryptocurrency, began gaining traction in 2023 as well. This is a category of techniques—thieves might encrypt files or data and demand cryptocurrency, or resort to intimidation tactics unless they are paid.
How to Secure Your Cryptocurrency
You can take several easy steps to keep your cryptocurrency from being stolen. The critical factors are understanding how your keys are stored, how you and others can access them, and what you can do to make them inaccessible.
As mentioned, wallets are hot, cold, custodial, or non-custodial. The least secure wallets are any hot wallet—one that has a connection to another device or the internet. For security purposes, you should never store your keys on a device that has a connection that is always on or accessible. If it has a connection and an application is used to access your keys, it can be hacked.
Contrary to advertising and cryptocurrency wallet reviews, you don't need a commercially manufactured device to act as a wallet—but these devices are designed specifically for cryptocurrency key security.
A USB thumb drive with encryption can also work as cold storage. However, USB connections can degrade over time; additionally, once a cold storage device is connected to a computer or other connected device, it becomes hot storage until it is disconnected.
There is no 100% secure, non-degradable, long-lasting key storage method. However, consider that many people fall victim to hackers and scammers and lose money from their bank accounts because personal information is used to access them. Safeguarding private keys is no different than protecting your personally identifiable information.
The most secure wallets are non-custodial cold wallets. These can range from a piece of paper with the keys written on it in a safe to a device that uses passkeys and extra encryption. Paper wallets should only be used as a temporary measure because they are easily damaged.
You'll find many products that offer security and convenience for your Bitcoin or other cryptocurrencies, but the best way to ensure your crypto is safe from hackers and thieves is to remember some simple rules:
- Don't store your keys in the wallet on your mobile device or any other device that has a connection to the internet.
- Your private keys should always be held in cold storage.
- Don't let someone else store your keys for you unless you're comfortable with the risks.
- If you want to use your cryptocurrency, only transfer the keys you need to your hot wallet, conduct your transaction, then remove them from the hot wallet immediately.
- Keep your cold storage method in a secure, humidity-controlled environment without a wired or wireless connection.
- Check on your devices periodically to ensure they're not degrading. If they are, transfer your keys to a new storage device.
- Never share your private keys with anyone else.
- Keep current backups of your keys.
And remember, "not your keys, not your crypto."
What Crypto Platform Was Hacked?
There have been several 51% attacks on cryptocurrency blockchains like Bitcoin Satoshi Vision (BSV), Bitcoin Gold (BTG), and Ethereum Classic (ETC). More recently, the now-bankrupt exchange FTX was hacked shortly after declaring bankruptcy in November 2022.
What Is a Crypto Hack?
A crypto hack is one of several forms of theft that results in cryptocurrency being stolen.
Has Bitcoin Been Hacked Yet?
There are no reports of Bitcoin's blockchain and network being hacked as of May 11, 2024. However, service providers, wallets, and applications are all vulnerable and have been hacked.
The Bottom Line
Cryptocurrency is still relatively new as far as payment methods and currency go. Most of them are convertible, meaning they have a fiat value. This makes them a target for thieves. The techniques used in cryptocurrency blockchains make them virtually unhackable if the networks are powerful enough to outpace hackers. Smaller networks are more susceptible to network takeovers.
Cryptocurrency thieves' primary target is wallets, where private keys are stored. Wallets can be accessed by hackers using various techniques and can even be locked by ransomware. With that in mind, it's essential to make sure your private keys are stored offline and only transferred to your connected wallet when you're going to use them. Additionally, using wallets from a reputable company or exchange might offer a little extra security. These companies need to maintain their reputations, so they will ensure their software is up to date and has no malicious code written into it.
The comments, opinions, and analyses expressed on Investopedia are for informational purposes only. Read our warranty and liability disclaimerfor more info. As of the date this article was written, the author owns BTC and LTC.
