lolloj - Fotolia

Bitcoin exchange hack highlights security weaknesses

The breach of the Bitfinex bitcoin exchange highlights the need to follow best practices and to improve security around exchanges and wallets, say security experts

The theft of roughly $66m worth of bitcoins from the Hong Kong-based Bitfinex exchange highlights poor security practices and weaknesses in bitcoin exchanges and wallets.

Reports of the hack resulted in an initial drop of nearly 20% in the value of the digital currency, and all transactions on the exchange have been halted while investigations into the breach continue.

The hack is one of the biggest bitcoin thefts to date, but is relatively small in comparison with the loss of more than $450m worth of bitcoins by the Tokyo-based Mt. Gox bitcoin exchange in 2014.

In a statement on its website, Bitfinex said it was working to enable users to log in to view the state of their accounts, but that all core site functionality would be disabled initially.

“To accommodate the relaunch, all withdrawals, open orders and open funding offers will be cancelled,” the company said.

In the latest status update, Bitfinex said it is investigating the hack and co-operating with authorities and the top blockchain analytic companies to track the stolen bitcoins.

Read more about cyber crime

Industry pundits said that while the core bitcoin protocol is robust and has not been hacked, bitcoin trading platforms and wallets that store the private keys used to access a bitcoin address and sign transactions are still vulnerable to hackers.

“Bitcoin exchanges like Bitfinex get hacked on a regular basis,” said Mustafa Al-Bassam, IT security adviser at Secure Trading, a UK-based payments company.

However, he added that industry standards around the secure storage of bitcoins in exchanges have evolved greatly over the past few years. “It appears that Bitfinex weren’t following basic recommended practices.”

Most Bitcoin exchanges nowadays, said Al-Bassam, store the majority of customer funds in a “cold wallet” that is not connected to the internet to prevent hacks.

Inherently secure

“Although bitcoin itself is inherently secure, a hacker can steal the keys to your wallet if you don’t store the keys securely. This isn't an inherent flaw of the bitcoin protocol, and this is what happened with Bitfinex,” he said.

Al-Bassam said although there has been progress in the past few years with technology to allow secure wallets, such as hardware wallets and cold wallet software, there is still a lot more to be done.

“Users who store a large amount of Bitcoin in an exchange should be aware that if they don’t have the cryptographic keys to their Bitcoin, they don’t have total control over it,” he said.

Read more on Hackers and cybercrime prevention