Investors worldwide have swarmed on Bitcoin and other cryptocurrencies, lured by the promise of quick riches regardless of the risks. Bitcoin’s success has fueled legions of follow-on projects, imitators, and fans. Thieves, not to be left out, discovered opportunities as well—because where there is a promise of riches, there is an opportunity to steal it.
There are weaknesses that hackers can exploit, which means your cryptocurrency can be hacked; however, it can only be done in certain scenarios. So, how can you protect yourself and your investments?
- Cryptocurrency is a decentralized digital currency that uses cryptography to secure transactions and ownership information.
- Cryptocurrency transactions are recorded in a digital ledger called a blockchain.
- The concepts behind blockchain technology make it nearly impossible to hack into a blockchain. However, there are weaknesses outside of the blockchain that create opportunities for thieves.
- Hackers can gain access to cryptocurrency owners’ cryptocurrency wallets and exchange accounts to steal crypto.
Bitcoin launched in 2009—it is a decentralized digital currency, meaning it is not overseen or regulated by an administrator, group, government, or other entity. Peer-to-peer transactions fueled the rise of digital currency, which transitioned into a digital landscape where anything could be represented by a blockchain token.
Cryptocurrency blockchains are public ledgers that record and verify all transactions in a blockchain network. Everyone can see transactions, the pseudonymous addresses involved, and how much was transferred. However, these public ledgers do not allow anyone to access them and submit or change entries; this is done automatically by scripts, programming, and an automated transaction validation process.
How Is a Blockchain Secured?
Security is addressed in a blockchain through cryptographic techniques and consensus mechanisms. Blockchains use encryption to encode transaction information and include the data from previous blocks in each following block. The entire ledger is chained together through encrypted data. Each newly created block makes it more secure.
An existing blockchain, therefore, cannot be hacked in the traditional sense of “being hacked,” where malicious code is introduced into the chain or someone “hacks” into the network with brute force and begins making changes.
How Can a Blockchain Be Attacked?
An attacker—or group of attackers—could takeover a blockchain by controlling a majority of the blockchain’s computational power, called its hashrate. If they own more than 50% of the hashrate, they can introduce an altered blockchain in what is called a 51% attack. This allows them to make changes to transactions that have not been confirmed by the blockchain that existed before they were able to take over. Transactions are considered to be successful when six confirmations have been completed.
For instance, if you transferred 1 BTC to a friend, the transaction would be recorded and confirmed in one block—this is the first confirmation. That block’s data is recorded into the next block, confirmed, and the block is closed—this is the second confirmation. This must happen four more times for the network to process the transaction. Transactions that have not been processed can be reversed in a 51% attack.
The attackers would then be free to use the tokens used in transactions that the network has not confirmed. They can transfer the coins to anonymous addresses, and the altered blockchain would act however they had programmed it to work.
Blockchains with smaller numbers of participants have been attacked in this manner, but larger networks—such as Bitcoin and Ethereum—make it nearly impossible to successfully attack due to the costs involved in acquiring 51% of the hashrate.
Where Cryptocurrency Hacks Happen
Cryptocurrency ownership is tied to a token, or a long string of encrypted numbers, on a blockchain. Each token is assigned a private key, which is held by the owner or custodian appointed by the owner. The token and number itself could be hacked, but it would take several years of attempts to be successful because of the encryption methods.
This makes the private keys and the way they are stored the weakness in cryptocurrency and blockchain. There is a saying in the cryptocurrency industry:
Not your keys, not your coin.
This saying implies that no matter what the circumstances are, if you don’t control the keys to your crypto, you can’t control what happens to your cryptocurrency. Allowing someone else to store your keys for you, referred to as a custodial relationship between key owner and key holder, gives that entity control of your cryptocurrency.
A private key can theoretically be hacked. However, one key is an encrypted number between one and 2^256, or 115 quattuorvigintillion (a quattuorvigintillion is 1 followed by 75 zeros). It would take centuries, possibly millennia, to break the encryption with current technology.
This is where most hacks and thefts occur—a wallet, where private keys are stored. All private keys are stored in wallets, which are software applications installed on mobile devices and computers. They can also be stored on devices similar to USB thumb drives, or written down on paper.
Electronic and software versions on wallets are either connected to the internet (hot) or not connected (cold). Cryptocurrency exchanges generally offer hot and cold storage methods for their users; these methods are custodial because they hold your keys for you.
Applications (software) and devices can be hacked. Because private keys are stored in application and device wallets, hackers can access them and steal your cryptocurrency.
No matter what a custodial key holder tells you or what level of security they advertise, they are a weak spot. Exchanges generally hold cryptocurrency in reserve for liquidity and the private keys for many of their customers. This makes them an attractive target for hackers.
Thieves target exchanges for access to the cryptocurrency keys. If you don’t store your private keys on an exchange, they cannot be accessed, and your cryptocurrency is safe—at least from an exchange hack.
How to Secure Your Cryptocurrency
You can take several easy steps to keep your cryptocurrency from being stolen. The critical factors are understanding how your keys are stored, how you and others can access them, and what you can do to make them inaccessible.
As mentioned, wallets are hot, cold, custodial, or non-custodial. The least secure wallets are any hot wallet, or one that has a connection to another device or the internet. For security purposes, you should never store your keys on a device that has a connection that is always on or accessible. If it has a connection and an application is used to access your keys, it can be hacked.
Contrary to advertising and cryptocurrency wallet reviews, you don’t need a commercially manufactured device to act as a wallet. A USB thumb drive with encryption can also work. However, USB connections can degrade over time; additionally, once a cold storage device is connected to a computer or other connected device, it becomes hot storage until it is disconnected.
There is no 100% secure, non-degradable, long-lasting key storage method. However, consider that many people fall victim to hackers and scammers and lose money from their bank accounts because personal information is used to access them. Safeguarding private keys is no different than protecting your personally identifiable information.
The most secure wallets are non-custodial cold wallets. These can range from a piece of paper with the keys written on it in a safe to a device that uses passkeys and extra encryption. Paper wallets should only be used as a temporary measure because they are easily damaged.
You’ll find many products that offer security and convenience for your Bitcoin or other cryptocurrencies, but the best way to ensure your crypto is safe from hackers and thieves is to remember some simple rules:
- Don’t store your keys in the wallet on your mobile device or any other device that has a connection to the internet.
- Your private keys should always be held in cold storage.
- Don’t let someone else store your keys for you unless you’re comfortable with the risks.
- If you want to use your cryptocurrency, only transfer the keys you need to your hot wallet, conduct your transaction, then remove them from the hot wallet immediately.
- Keep your cold storage method in a secure, humidity-controlled environment without a wired or wireless connection.
- Check on your devices periodically to ensure they’re not degrading. If they are, transfer your keys to a new storage device.
- Never share your private keys with anyone else.
Which Cryptocurrency Has Been Hacked?
Cryptocurrencies themselves have resisted hacking attempts. However, there have been several 51% attacks on cryptocurrencies like Bitcoin Satoshi Vision (BSV), Bitcoin Gold (BTG) and Ethereum Classic (ETC).
Can Someone Steal My Cryptocurrency?
Your cryptocurrency can be stolen if proper measures are not taken to secure and control your private keys.
Can Hackers Steal Crypto?
Hackers can steal and have stolen crypto. Favorite targets are exchanges, wallets, and decentralized finance applications because these are the points where there is weakness.
Investing in cryptocurrencies and other Initial Coin Offerings (“ICOs”) is highly risky and speculative, and this article is not a recommendation by Investopedia or the writer to invest in cryptocurrencies or other ICOs. Since each individual’s situation is unique, a qualified professional should always be consulted before making any financial decisions. Investopedia makes no representations or warranties as to the accuracy or timeliness of the information contained herein.