At the time of this writing, the exchange remains down due to investigations, leaving investors unable to log in or withdraw funds. New Zealand authorities are investigating the matter at Cryptopia’s headquarters in Christchurch.
Surprisingly, and unwittingly, the hackers are moving funds to Binance. Binance CEO Changpeng Zhao tweeted that they are aware of and freezing the stolen Cryptopia funds.
There is limited information on the hacking, and the hackers have not yet been identified. The amount stolen from Cryptopia is detrimental considering the volume that they facilitate. We hope that in the near future the hackers are identified and funds are returned to investors.
This is yet another valuable learning opportunity for the cryptocurrency community. Experts always suggest keeping no more than is required for trading on exchanges. The rest of your digital assets should be kept in a hardware wallet such as Ledger or Trezor. These devices are disconnected from the internet and can only be accessed by the owner.
A famous motto in the industry is that “if you don’t own your private keys, you don’t own your funds.” Which is true. Exchanges control the private keys to user funds, which is why users have to request to withdraw. On the other hand, if a user takes advantage of a desktop or hardware wallet, then they can withdraw whenever they like and any quantity. Some exchanges will forbid users from depositing or withdrawing more than a certain amount of capital per day – depending on their verification level with the exchange.
Hardware wallets are arguably safer than desktop wallets because if a hacker gains access to a user’s computer, then they can access their wallet. A hardware wallet is a physical device, which can be disconnected from the internet altogether. Paper wallets are another example of cold storage, where users have access to their fund’s stored on the blockchain, but the wallet itself is disconnected from the internet.
To explain a bit more. Technically, coins are not stored in a wallet, they are actually stored on the blockchain. The private and public keys are what allows a user to gain access to the coins stored on the blockchain. This is a common misunderstanding and shows how important private keys are – they allow users to access and withdraw their funds.
We will end this by noting that if you do want to keep a majority of your funds on an exchange, then there are a few that are well trusted in the community, but always susceptible to hackers just like any other technology company. In our opinion, some of the well trusted, highly secure exchanges that exist are Bitfinex, Poloniex, and Bittrex. Bitfinex and Poloniex have actually suffered breaches in the past, but they dealt with it well and are still around today. Ultimately, be responsible for your crypto assets and follow best practices.