It’s a pretty common news story nowadays – a cryptocurrency exchange gets hacked and the hackers make away with millions of dollars in Bitcoin. But how are these exchanges being hacked exactly? Aren’t blockchain networks supposed to be extremely secure? And what does it mean that Bitcoin is stolen?
Blockchain networks are extremely secure for a variety of reasons. These networks incorporate distributed ledgers and encryption to keep information safe. If you want to learn more about what a distributed ledger is please click here. However, cryptocurrency exchanges do not utilize blockchain networks to facilitate trades and carry out other functions. The exchange is using a centralized network to create a market for traders and investors.
But wait? If cryptos are products of blockchain networks how can the exchanges operate without using one?
An exchange is just a marketplace that pairs buyers and sellers of cryptos. When a buyer and a seller are paired the actual transaction takes place on the applicable blockchain network. But the exchange does not need to run on a blockchain network to pair buyers and sellers.
Why Are Exchanges So Hackable?
Take a look at the diagram below. In a centralized network all network participants feed their data to one central repository. This data warehouse houses all the information and one party, in our case the exchange, secures and updates this information constantly. You can think of it like a master database.
As you can see all the data is sitting in one place and it is constantly updating as new information comes in and replaces old information. Because all the information is stored in one place it is easier for hackers to steal information. The custodian of the information will try their best to protect this information but hackers know exactly where the information is stored.
Since hackers know where the information is contained they can throw all their computing weight at one point. If their brute force attack is successful they have access to all the information that the database contains. So what does a decentralized network look like and how does it make it more difficult for hackers to steal valuable information?
Here we can see that all participants are connected to each other – there is no central database. All the parties to the network hold a ledger or database that holds all relevant information that the central database would hold if there was one. If you would like a further understanding of what a decentralized ledger is and how it works please click here to access our Blockchain 101 article.
So what if the hacker wants to steal the information now? Hacking a decentralized network is so difficult because the hacker does not have a great idea on where he or she should concentrate their efforts. It was easier for the hacker when there was a centralized ledger – all the information is in one place and they knew where that place was.
How is Bitcoin Stolen?
We all know that Bitcoin and other cryptocurrencies are digital. They are pieces of computer information that can be sent from one person to another. The digital information that represents your ownership of a Bitcoin is called a private key. To explain it simply a private key is a password that allows you to access your currency and in turn gives you the right to send it to others.
When you buy cryptocurrency and keep it on an exchange the exchange is holding your private key for you. The exchange is acting as a custodian on your behalf.
These private keys are being stored on the exchange’s central database. Because they are using a centralized network the private keys of everyone are stored in one place. Once a hacker gains access all he or she needs to do is take the private keys. Now they have the right to transact in that share of Bitcoin. a hacker is able to gain access to this central repository he can steal the digital information and claim your right to your bitcoin. In essence, f you lose the private key then you Bitcoin is no longer yours.
This is why it is important to understand how cryptocurrency wallets work. If you are investing in cryptocurrency it is best practice to move your investment off of the exchanges. In this way you take ownership of your private keys.