Exchange hacks are becoming the new normal. Just two weeks after Conrail’s $37.2 million hack, it was time for Bithumb’s $31 million hack, with the difference being that Bithumb is the world’s sixth largest cryptocurrency exchange based on CoinMarketCap data, far larger than Coinrail. Last December, another South Korean exchange called Youbit filed for bankruptcy after suffering hacks. Of course, these hacks are still much smaller than the infamous Mt. Gox hack. With such a terrible track record, why would anyone still work with crypto exchanges?

Bitcoin, the world’s first cryptocurrency, was a direct response to the Great Recession of 2008; as central bodies collapsed, it offered a peer-to-peer, independent alternative with which to transfer funds. Blockchain is all about decentralization and removing the intermediaries which profit off one’s earnings and impose their biased will. But by removing them, we are also removing the protection they offer.

What Are Crypto Exchanges Used For?

The first notable Bitcoin “transaction” was the famous pizza purchase, when 10,000 Bitcoins were used to buy two pizzas. There has to be demand before money has any value. In 2010, it took 10,000 Bitcoins to convince someone to hand over two pizza boxes.

This brings us to another fundamental aspect of transactions: they always have two sides. Whether you want to jump on the crypto wagon or cash out, there has to be someone who wants to do the opposite. Bitcoin lets you transact peer-to-peer, but how do you find that other person? That is where crypto exchanges come in, and they are especially valuable to day traders.

Crypto exchanges also take care of storing your money, much like a bank would. We’ve all heard stories of people who lost the passwords to their fortunes, or lost or erased their hard drives, and were never able to recover the lost funds. That never happens with crypto exchanges where you can recover your password or use identity verification.

How Much Money Do Exchanges Make?

The short answer: tons. According to Bloomberg, the top 10 are generating as much as $3 million in fees a day, which translates to more than $1 billion per year. They earn money from transaction fees, which average 0.2%. In the case of the infamous Mt. Gox hack in which 650,000 BTC were stolen, some people even suspected an inside job by the employees of Mt. Gox. As for the Bithumb hack, the exchange is so big that they promised to cover the losses.

Hacking Bitcoin

To be clear, Bitcoin has never been hacked. Hacking Bitcoin would require a 51% attack, which is nearly impossible due to Bitcoin’s large network and processing power. A much easier alternative is to steal one’s private keys.

In Bitcoin, every account holder has a private key. It works like a password and is extremely hard to guess or crack. The person in charge of one’s private key has full control over that account. And because of the way Bitcoin works, once the money is out of your wallet, it is out for good (no centralized bodies, remember?) Thus, safekeeping private keys is very important. For this reason, we have the concept of cold wallets and hot wallets.

You typically store your cryptos in a ‘wallet’. When you want to use your wallet, you typically need to connect it to the internet to conduct an online transaction. Hot wallets are constantly connected to the internet, making them ideal for daily transactions. But your private keys also reside in this wallet, and thus they are under constant threat of being hacked.

Cold wallets, on the other hand, are totally disconnected from the internet. They are a safe way to store your investments for the long term. To withdraw money from your cold wallet, you might use a USB stick to sign the transaction in the cold wallet, and then transfer that signed transaction to the internet. This is also how Bithumb responded; after becoming aware of the hack, they moved funds to their cold wallets, preventing further breaches but also freezing active transactions.

Why are crypto exchanges such a lucrative target? They hold a lot of money and thousands of private keys. Most of them, unfortunately, have inadequate security measures. Breaking into one is much more profitable than breaking into an individual’s computer. Also, what the hackers steal has immediate value.

The End of Crypto Exchanges?

Despite Bitcoin’s (and blockchain’s) promise of decentralization, it seems we have ended up with another form of centralization – one that brings back everything blockchains promised to avoid, just in other ways. The government of South Korea is going to impose harder regulations on the crypto exchanges and regulate them like banks. What we can hope for are decentralized exchanges.

Unlike centralized exchanges, decentralized exchanges aren’t coordinated by one entity. Decentralized exchanges do not hold customers’ funds – they only serve as a matching platform for trade orders. Traditionally, they have also been harder to use and less popular than their centralized counterparts. How this competition will work out remains to be seen. But if you want centralized, just go with fiat.

I'm a developer and freelance tech blogger that covers various topics from cyber-security and artificial intelligence to hacking and blockchain. I try to identify the intersection of tech in human life and how it affects our future.