Cold storage is usually the safest part of a crypto exchange, and for this reason huge pools of crypto are stored in them. However, hackers have found a way to work their way into Trade.io’s cold storage system and loot more than $11 million worth of TIO tokens. This hack is significant due to the fact that Trade.io uses the industry-wide standards for cold storage, meaning this flaw could potentially be present in a number of other exchanges.
How Does Cold Storage Work?
Cold Storage is a pretty tough beast to hack, as it involves a number of offline steps with secure and unknown locations being used. Cold storage is essentially a tamper-proof crypto wallet, which is disconnected from the internet, then stored in a safety deposit box in a bank. This means that in order for someone to steal cryptos from cold storage they will need to know which bank location the safety deposit box is stored in, have the key to the safety deposit box, and the password required to open up the wallet. While these measures might seem a bit excessive, they have been designed to prevent hacks of this nature from happening.
Bank Not Compromised
In a bid to discover how the hackers managed to gain access to its cold storage system and withdraw the 50 million TIO tokens, Trade.io immediately looked to the bank for a solution. However – according to Trade.io – the bank reported that the safety deposit boxes had not been compromised.
Catching the Hackers
Trade.io has a few options to take, and timing is critical. It can either wait around for the tokens to be moved again so it can track the wallets in a bid to hopefully catch the hackers and return the funds, or it can implement a hard fork. A hard fork will render all the stolen coins useless, but it will mean the funds are lost forever – a tough choice for the platform. If it waits, investor funds could be at risk if the hackers decide to take another pass and clear out all other cold storage wallets. On the other hand, if it goes for a hard fork then the platform will face writing off $11 million.
TIO Trading Suspended
TIO also trades on Bancor and Kucoin, two other exchanges that have recently been hit by hackers. Trade.io has pulled the trading of its TIO token from those exchanges, meaning the hackers now have nowhere to change the stolen tokens into another crypto. In addition to suspending TIO trading, Trade.io has also suspended withdrawals and deposits to the platform. Any traders with funds in the platform can continue to trade as normal.
Crypto Exchanges Still Being Targeter
Competition in the crypto exchange industry is heating up by the day. There are more crypto exchanges than ever before, and in a bid to get their products to market as soon as possible, many are skipping vital security auditing. This has led to a record number of successful hacks on crypto exchanges so far this year.
Zaif – a Japanese crypto exchange – was recently hacked and it lost more than $60 million. In the case of Zaif, its parent company had to sell itself order to repay investor funds. Bancor was also hacked earlier this year and the hackers made off with $23.5 million worth of various cryptos. How a crypto exchange deals with a hack appears to determine its future in the industry, but having your cold storage hacked means that it’s pretty much game over.
Cold storage is supposed to be the most secure way to store cryptos, and if Trade.io cant secure its cold storage properly then perhaps it’s time for it to check out of the exchange game. There is a good chance the hack was an inside job, or used malware that was installed on a company machine. Either way, no crypto exchange should ever have its cold storage hacked.