Hacks on cryptocurrency exchanges are everyday news now. Several cryptocurrency exchanges including the most prominent ones have been a victim to these hacks. One such exchange, Bitfinex has been time and again targetted by hackers. Despite asserting that the exchange would refrain from storing assets in hot wallets since they are prone to be attacked by hackers, Bitfinex encountered several hacks. One of its earliest hacks was back in 2015, which cost the cryptocurrency exchange nearly $400,000 and the next year itself, Bitfinex encountered another hack causing the loss of $73 million from the accounts of its customers. The exchange’s CTO, Paolo Ardoino recently appeared on Charlie Shrem’s Untold Stories podcast elaborating on the same.
Ardoino detailed that Bitfinex hasn’t entirely eliminated the storing of funds in hot wallets as the exchange still stores a limited amount of funds in the same. However, about 97 to 99 percent of the funds are stored in cold wallets and hardware wallets. The exchange aims to reduce the exposure of funds in the exchange directly, despite having reliable security, he added. Furthermore, he suggested that the exchange mostly uses its own machine for hardware rather than cloud services like AWS as security is the most important aspect when it comes to managing someone else’s money.
He also pointed out that Bitfinex is not the fastest medium to send out funds as the exchange ensures that there are enough funds in the hot wallet to fulfill the withdrawal. If in case there is too much in the hot wallet, it immediately gets swapped into the cold wallet and only a manual operation between multiple signers would refill it. Ardoino further said,
“So we take that really seriously and we don’t want to have prominence problems on the security side.”
Additionally, he went on to categorize exchanges that have never been hacked and exchanges that have never been publicly hacked. While highlighting how these hacks could be tackled, Ardoino said,
“I think that hot and cold wallets are the best mechanism to prevent hacks in general.”
Ardoino stated that hacks are not always external as they can be internal too. He cautioned exchanges by suggesting that they should make sure that there is not a lot of money on the exchange to raise interest from the outside as well as the inside.