Recently, Japan’s largest Bitcoin exchange, Coincheck, issued a statement announcing that its servers had been hacked, resulting in the theft of NEM tokens worth $523 million. The exchange immediately suspended all cryptocurrency withdrawals and halted trading of all tokens except Bitcoin.
Hot Wallets vs. Cold Wallets
This isn’t the first time a cryptocurrency exchange has been compromised. Four years ago, Mt. Gox—once the world’s largest Bitcoin exchange—was hacked, losing $450 million worth of Bitcoin at the time. The exchange filed for bankruptcy shortly afterward. In December 2017, South Korean exchange Youbit suffered a cyberattack that wiped out 17% of its assets, forcing it into bankruptcy.
Many people wonder: If Bitcoin and other tokens are built on blockchain technology—which boasts security as a core feature—how do these thefts happen?
Tan Yuan, a core smart contract developer at Distributed Technologies, explains that exchange hacks have little to do with blockchain itself. Centralized exchanges store user funds internally, and while transactions may eventually settle on-chain, the intermediate processes are vulnerable to server breaches.
How the Theft Happened
Coincheck typically stores customer funds in a cold wallet—an encrypted offline storage system that physically isolates assets from online threats. However, co-founder Yusuke Otsuka admitted that due to "systemic difficulties," the stolen NEM tokens were kept in a hot wallet, which was connected to the internet, making them an easy target for hackers.
In short, tokens meant for offline storage were left exposed online.
Understanding Wallets
- Cold Wallet: Offline storage (e.g., hardware devices, paper wallets). Considered more secure but vulnerable to physical damage.
- Hot Wallet: Online storage (e.g., exchange accounts, software wallets). Convenient for frequent trades but higher risk.
No System Is Fully Secure
An industry insider noted that no security mechanism is foolproof. While blockchain excels at preventing data tampering, it can’t eliminate risks like theft, fraud, or privacy leaks.
Key Vulnerabilities
- Algorithm Risks: Bitcoin relies on cryptographic algorithms (e.g., SHA-256, elliptic curve multiplication). If any are compromised, the entire system could collapse—unlike centralized systems, decentralized networks can’t quickly update protocols.
- Private Key Exposure: Private keys (like bank passwords) grant full control over funds. If stolen, assets are irrecoverable. Unlike traditional finance, blockchain offers no account freezing or asset recovery.
Safety Recommendations
- Store large holdings in cold wallets.
- Use reputable hot wallets for small, active trades.
- Never share private keys online.
FAQ
Q: Can blockchain itself be hacked?
A: The protocol is secure, but exchanges and wallets are weak points.
Q: What’s the safest way to store crypto?
A: Offline cold wallets for long-term holdings; trusted hot wallets for liquidity.
👉 Learn how to secure your crypto investments
Q: Why can’t stolen funds be recovered?
A: Decentralization means no central authority to reverse transactions.
By staying informed and cautious, users can better protect their digital assets in an evolving—and often risky—landscape.