Home / Blogs

Predicting the Cost of Cryptocurrency Hacks in 2020

The last few years have proven to be a crucial moment for cryptocurrency security. The more cryptocurrency has risen in popularity, the more high profile security breaches have occurred, and the more key institutions have been targeted.

The young cryptocurrency industry has always been brimming with opportunity, but with this comes risk, especially when there are lapses in security. Crypto security is especially important to crypto owners because one of the main points of cryptocurrencies like Bitcoin in the first place has been to prevent criminals from accessing your database to access your currency as easily as actual money.

There are two key hacks that shed light on such lapses:

In early 2018, bad agents targeted Coincheck Japan and succeeded in stealing over $500 million in NEM tokens. To this day, it is one of the largest and most notable crypto heists, standing shoulder to shoulder with hacks such as the notorious Mt. Gox attack—a heist of roughly 800,000 BTC.

Even earlier, in 2016, Bangladesh Bank found itself in the crosshairs of ambitious and skilled hackers. Using fully authenticated transitions, thieves attempted to steal over $800 million across the SWIFT network. Although the thieves received a “meager” $101 million for their efforts, $81 million did eventually make its hands into beneficiaries in South Asia.

What is it that ties these examples together? The victims were sloppy. Both central banks and notable cryptocurrency exchanges had poorly managed security (such as login details) when it came to the transfer of cryptocurrency or fiat money.

Although the SWIFT network was at the center of the Bangladesh Bank heist and similar cybercrimes, the network itself was not hacked; the network’s users were. Likewise, in both the Coincheck and Mt. Gox hack, the blockchains central to the hack were never compromised. Rather, the exchanges themselves, and the users were. The login usernames, passwords, and even the systems themselves had such poor security that hackers were essentially left an open door. A door they had no compunction about using.

Thankfully, greater cybersecurity controls were put in place by the SWIFT community. The weak links were quickly identified, and the hackers’ go-to methods of attack were disseminated amongst the community.

Can the cryptocurrency industry claim at the enterprise level that it has done the same? Can it claim that it has learned from its own mistakes in an age where negative media coverage is one of the first things customers will often see online? It is difficult to say, but what is clear is that 2020 must see it come together and rise to face the growing risk of crypto threats.

Crypto has matured, but a lot of growth is still needed

The crypto industry’s security has grown more robust over the last few years. The solutions presented by custodial and noncustodial wallet providers are increasingly resilient.

Powered by new multiparty protocols or hardware security, these enable secure asset transfers on a consistent basis. Given how popular crypto trading has become with multiple codes in both the EU and USA, these new tools are essential.

Both hardware and software-based multi-signature wallet access are being widely used by organizations. Operating environments are increasingly being encrypted, addresses are being whitelisted, and many other areas of security are being monitored and tightened. Additional improvements have been seen in wallet management systems.

The security community now discusses hacks as they happen, taking steps to patch holes in their security and blacklist any addresses that were party to the theft. However, as these attacks have repeatedly occurred in 2019, there is still much more work to be done.

Upgrading security technology is important, yes, but even more important are the steps taken to improve the risk management operations at the enterprise level. While technology is important, having efficient operations will make all security efforts far more productive and effective. Likewise, more rigorous checks on access to customer assets are key.

Customer investments must be secured, and the industry must adopt standard business practices when it comes to security, access, and any conflicts of interest. In other words, the industry has to start taking itself more seriously.

While no typical asset manager in the world has custody over their customer’s assets, this is not the case in the crypto industry. This is a huge mistake. Without having the right principles in place, the industry will continue to deny itself the investment it needs—investment it often needs to keep it from remaining vulnerable.

Security has become a huge concern not just for companies and exchanges but also for individuals who possess cryptocurrency. More and more people are looking to security measures such as using hardware wallets, two-factor authentication, and VPN services to keep their cryptocurrency wallets and transactions safe.

But if they see an industry that isn’t doing the same, will they trust it? How long will it take the industry to realize that it needs to adopt the financial practices that have proven to work in traditional finance?

In the last year alone, countless foundations, exchanges, and funds have recognized that the crypto industry will never reach its full potential without mature business practices and complete transparency. These are the two things that incidentally protect the customers and their assets and are the elements that matter most. In an age where cybercrime seems to be hitting its stride, this is essential.

As the industry has started to shift towards transparency and best practices, it has increasingly seen enterprise-level solutions emerge to counter hacking risks. Machine learning, and AI, for instance, are cutting edge technologies that hackers struggle to counter. This has brought more willingness from insurance companies to cover third-party custodians who are using the right security technologies.

How will 2020 change the cryptocurrency industry?

For the cryptocurrency to evolve in the ways it needs to, there needs to be more awareness of security risks and a lot more education. Funds, foundations, exchanges, projects, and more must ensure that their processes are secure, transparent and follow best practices—the practices that keep their customer’s assets safe. Most players will correctly decide to outsource this important task to third party companies who specialize in these exact practices.

This will lead to a state of affairs that sees 2020 close with funds being more difficult to hack than ever. With more organization and collaboration between players and more adoption of enterprise-level security practices and principles, thieves will be far more discouraged from undertaking an attack on a crypto organization.

If the industry can manage to galvanize and make this happen, then the future of the cryptocurrency industry will be looking bright.

By Samuel Bocetta, Security Analyst and Consultant

A former defense contractor for the US Navy, Sam Bocetta turned to freelance journalism in retirement, focusing his writing on US diplomacy and national security, as well as technology trends in cyberwarfare, cyberdefense, and cryptography.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix


Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC


Sponsored byVerisign

Domain Names

Sponsored byVerisign