Can Bitcoin or Ethereum be hacked?
To new users, Cryptocurrency is a 21st century gold rush. The opportunity to strike it rich, or lose everything are equally abundant. Many new investors wonder if their Bitcoin or Ethereum can be hacked or stolen. While possible in some ways it’s not a worry in others. It varies depending on the asset, the storage location, etc. Let’s take a look.
Personal Crypto Assets
If your crypto assets are stored in a personal wallet it cannot be hacked directly. Your private key is the identifier that provides proof of ownership to the wallet address containing your assets on the block chain. Being the sole holder of the key you have sole control of your funds and how they are accessed. However, you need to be diligent and avoid phishing attempts. Your wallet can be compromised through two common ways:
- A hacker gaining access to your private key through a phishing attempt.
- Using your wallet to sign a permission to a hackers wallet or a nefarious smart contract that grants them access to a specific asset they are targeting.
It is important to always verify the websites and transactions you end up interacting with through your wallet, there is little to no recourse for victims of attacks of this nature.
Exchange Wallets: Not your Keys, Not Your Coins
If you have your funds on a centralized exchange, the crypto is stored in a custodial wallet. While you can access these funds through the exchange’s website, the private key to that wallet is owned by the exchange. You essentially have an IOU equivalent for the funds stored on your exchange account. You don’t have full ownership until they are transferred into a personal wallet. Meaning:
- If the exchange exposes its private keys in a data breach, your funds are at risk
If you have any serious amount of funds invested into crypto currency it is important to store them on a personal wallet, as it mitigates risk and gives you the sole responsibility of keeping your assets safe.
Can Ethereum, Bitcoin be hacked
While attacks, can be carried out on the network, it does not put the funds in a personal wallet at risk. The most commonly talked about type of attack is a 51% attack. This is when a miner is able to control 51% of the computing power of the network to confirm their own transactions and ignore others. This would allow the attacker to alter transactions that occurred while in control of 51% of the network, and double spend their own coins. However, the attacker would not be able to destroy or steal other users coins, or create new coins. While the Bitcoin or Ethereum would most likely lose value due to the panic and uncertainty of such an attack occurring to the network, the asset would still be safe in your wallet.
It’s important to note this is a cost prohibitive attack. A user would need a substantial amount of hardware to run this attack. Lets take a look at Bitcoin’s network to show why:
- 51% Bitcoin Hash rate = 100630140 Terahash/s
- ~$10,000 Bitcoin mining hardware hash rate = 110 Tera Hash/s
- 100630140/110 = ~914,819 Bitcoin Miners
- 914,819 * $10,000 = ~9.15 billion dollars of hardware
This 9.15 billion dollar estimate does not factor in the electricity cost of running that amount of hardware either. Ultimately, it is extremely unlikely for such an event to occur, and not one the average user should worry about.
What about Aave (or other alt-coins)
Aave and many other “alt-coins” (but not all) are ERC-20 Tokens. ERC-20 tokens exist directly on Ethereum. However there are also other blockchains beyond Ethereum that also host altcoins. Always make sure you are purchasing the right asset on the right blockchain. If a token is an ERC-20, it grants the token some of the innate security associated with the Ethereum network. However, these tokens are still at risk to their own programming.
- If the programming is faulty for the token contract or the underlying protocol the token supports has a vulnerability, they can be at risk to major price corrections if an exploit were to occur.
- Scam tokens can also act as honey pots, where the programming prevents selling of the token, except from the scammers wallet. With other users only able to buy tokens, it drives the price up. Then the scammer sells all his coins and abandons the token.
- “Rug Pulls” or “pump and dumps” can happen. Where a team or influencers hype up a new token to make money and quickly abandon the project or sell their token to make a profit at the average investor’s expense.
Some important avenues of research into a project are
- A vetted team and their past project history
- Proper documentation (whitepaper, roadmap, protocol goals)
- Audits on protocol programming (smart contracts)
- github history
Unexpected events can still occur. Because of this, it is important to mitigate risk by covering your tokens. That way if a hack occurs, you are covered from the loss. For information on how coverage protocols work see our article titled, How do DeFi Insurance Alternatives Work.