Perspectives

A Japanese crypto exchange lost millions in a hack: What we can take away from it

August 23, 2021 - 3 min read

Japanese cryptocurrency exchange Liquid was subject to a cyberattack, which incidentally comes at the backdrop of the hacking of Poly Network, a decentralized finance firm, within the span of little over a week.

What happened at Liquid

Both these attacks led to the stealing of millions of dollars worth of digital coins and tokens. Liquid put out a tweet, informing that their warm wallets were compromised and of the subsequent movement of assets into their cold wallet. Blockchain analytics companies estimate that the damage could be upwards of $90 million. Liquid has put out a blog post talking about the hack, and they claim that a multi-party computation wallet used by their Singaporean subsidy was targeted by the hackers.

Warm wallets

Liquid used the term ‘warm wallets’ instead of hot wallets. Warm wallets are used to manage liquidity between hot and cold wallets. That could mean either a fully automated wallet (hot wallet) where the keys are protected in dedicated secure hardware or a semi-automated wallet where a certain level of human approval is required to move funds. Warm wallets provide better security compared to hot wallets, but they still fall short of being immune to hacking.

“Efficiency of warm wallets as a liquidity management tool is critical in the Japan market to reduce the cost of business. All VASPs in Japan are eager to reduce their Hot wallet exposure,” says Glenn Woo, Head of Sales APAC at Ledger Enterprise Solutions.

Cyber-attacks cause millions in losses

An interesting yet concerning fact to note is that Liquid is one of the world’s top cryptocurrency exchanges in terms of daily trading volumes. And yet, it succumbed to the cyber attack, which has led to the loss of digital assets worth millions and the subsequent operational losses due to suspension of deposits and withdrawals. Stolen digital assets can be easily converted to other cryptocurrencies through decentralized exchanges such as Uniswap. Because of no intermediaries, it is not possible to freeze the assets of the hackers, thus exposing institutional custodians of cryptocurrencies to extreme financial risk in case of a successful cyber attack.

Ledger Vault is the perfect solution

MPC alone is not enough. Institutions need to prepare themselves against the risks posed by cyber-attacks. The cases of Liquid and Poly Network are stark reminders of the need to upgrade digital asset custody solutions in order to mitigate the risks associated with the management of crypto assets, especially if the value of the digital assets is in the millions.

Ledger Vault provides industry-leading digital asset custody technology for all types of institutions. Ledger Vault provides a more secure and efficient alternative to warm wallets while providing better agility in moving crypto assets between hot and cold wallets. Our solution also provides the ability to customize the approval flows and integrate or eliminate automation as required by regulation or internal compliance mechanisms of the company. Ledger Enterprise Solutions are experts in the digital asset ecosystem and the Ledger Vault is the result of our expertise in this field.

Contact us at [email protected] to explore how your organization can mitigate its risks in the best possible way.