CRYPTO: Hackery Hacker Hacks


So how likely are you to get hacked and lose all your magic crypto beans? If we believe this list, over 20 exchanges have gotten hacked. In total, there are probably 125-250 exchanges (data point 12). So that would suggest that over a 4 year period, 5-10% of all exchanges have been compromised in some way. We also looked at Bitcoin and Ethereum hacks that are in the public domain and added up the USD impact as of the time of the hack. We then also took that USD value as a percentage of the outstanding Bitcoin and Ethereum market capitalizations at the time to arrive at percentage of funds that were hacked per year.
2014 was Mt Gox and 2016 was the DAO, thus the big outlier numbers in those years. 2017 saw more regular smaller events consistently tied to ICOs. Outside of programming errors, exchange servers hacks, and attacks on wallets, human behavioral hacking increased. Think about ransomware or phishing on social media. If you're interested in more granular data along these lines, see Chainalysis. The good news is that as the overall marketcap grew, these losses became smaller as a percentage of the whole. Going forward, we would expect 50 to 300 bps of the market capitalization of cryptocurrency to be at risk for loss from hacking or other cybersecurity failures. Or alternately, it looks like crypto hacking is a $200 million annual revenue industry.


Can decentralized exchanges built into software, liberated from centralized servers to be their full capitalist selves, solve this problem? See Airswap, 0x. In theory, decentralized exchanges and atomic swaps should be more secure than centralized exchanges, which hold the keys for millions of user accounts on their servers. Decentralized exchanges are also much harder to shut down, as there should be no particular centralized counterparty once a project is off the ground. Think Bittorrent, rather than Napster. Napster was shut down, Bittorrent has spread all over the web and cannot be stamped out. But, decentralized exchanges face the same issue as the DAO. Bugs in the smart contract code itself, rather than in the security infrastructure, could lead to a smart hacker finding a way to trick the contract. Also decentralized exchanges may not be as liquid as centralized ones, something that is still being worked out.