It’s not just the volatile price of bitcoin that can keep cryptocurrency investors up at night.
Hundreds of millions of dollars’ worth of digital currencies have been stolen by hackers in recent months. Experts say the problem is unlikely to go away anytime soon, and fears about security have hit prices this year.
In the latest incident, South Korean exchange Coinrail announced Monday that it had been targeted by cyberthieves, who stole about 30% of its virtual currencies.
“I expect hackers to continue to target crypto exchanges,” said Henri Arslanian, the head of financial technology in Asia at consultancy PwC. “The rewards are high, and some of these exchanges grew so fast” that they haven’t yet implemented proper security, he added.
In January, Japanese exchange Coincheck said hackers stole more than $500 million worth of cryptocurrency. Last year, two bitcoin exchanges went bankrupt after falling victim to similar breaches.
That’s just the tip of the iceberg, according to Yo Kwon, the CEO of Hosho Group, a Nevada-based company that specializes in securing applications that use blockchain, the technology behind bitcoin and other cryptocurrencies.
Kwon estimates that about a third of all cryptocurrency exchanges have been hacked at some point. And he predicts “many more” will suffer the same fate.
Regulators ‘confused and concerned’
The spectacular rise in the price of bitcoin and other cryptocurrencies last year brought them widespread attention. Many of them have struggled in 2018: bitcoin has fallen more than 50%.
“Investors have been increasingly worried about cybersecurity issues,” said Adrian Lai, founding partner at Hong Kong-based cryptocurrency investment firm Orichal Partners. “At this stage, obviously, the standard is not high enough.”
Authorities around the world have so far taken different approaches in their attempts to regulate virtual currencies. Some industry insiders say that complicates efforts to make exchanges more secure.
At one end, China has tried to ban trading in bitcoin. Japan, meanwhile, officially recognized bitcoin as legal tender last year and started licensing exchanges — but it took a tougher line after the Coincheck hack. In the United States, the Securities and Exchange Commission has been increasing its scrutiny of digital assets.
“Confused and concerned regulators periodically clamp down,” prompting some exchanges to relocate elsewhere, said Eiland Glover, CEO of Tennessee-based blockchain company Kowala. This is “not conducive to high security, or the broader adoption of cryptocurrencies,” he added.
Smaller investors more at risk
PwC’s Arslanian said the people with most to lose from hacking incidents are mom-and-pop investors who are more likely to deposit their entire cryptocurrency savings with one platform out of convenience.
This makes them much more vulnerable to losing their investments in the event of a heist like those at Coinrail and Coincheck. (Coincheck said in March it had compensated its customers for their losses out of its own funds.)
Major investors — like banks and insurance funds — will probably be less concerned by these kinds of hacks, Arslanian added. That’s because they can spread their risk across various platforms, as well as invest indirectly through derivatives and other avenues that are generally less accessible to regular investors.
Some experts say vulnerability to hacks is the result of the infancy of virtual currencies compared with more established assets like stocks and bonds.
“The markets will probably adjust over time,” said Hosho Group’s Kwon.
He say the cryptocurrency industry will have to adapt and become more secure as an increasing number of big investors move in.
“Exchanges that understand the increasing importance of security — for not only their longevity, but as a competitive advantage — will do better,” Kwon said.
First published June 13, 2018: 6:00 AM ET