A recent blog post from Xapo called “What happens if Xapo gets hacked?” the company discusses the unfortunate Bitfinex heist that took place on August 2, 2016. Xapo says that if they were compromised the company would cover the losses from its own reserve. This is a glaring difference to the many exchanges that failed to reimburse their customers.
Cold Storage Reserve Plan Would Cover Losses
Bitfinex was compromised for roughly 120,000 BTC and has decided to pay its customers back with a socialized loss plan including a BFX token that gives customers a stake in the company. Many people have been unhappy with the method Bitfinex is utilizing to recover from the hack and there are users ready to take legal action against the exchange.
Xapo believes it could pay its customers back through what they call the “Xapo Bitcoin Reserve,” which is cryptocurrency they own and keep in cold storage. The company at first maintained a third-party crime insurance plan, but the policies grew “narrower” and did not cover significant risks involved with exchanges. So Xapo implemented the reserve, which keeps more bitcoins than the hot wallet system used on a daily basis. Xapo explains:
As such, we are essentially self insuring against a hack of our hot wallet. If our hot wallet got hacked Xapo would cover the loss for its customers in full.
Another interesting aspect of Xapo’s reserve plan is how it is kept secure. The author of the post, Xapo Founder and CEO, Wences Casares, claims 97% of customer funds are kept in “deep cold storage” (DCS). The method of Xapo’s DCS security is that these specific Bitcoin reserves are never held online, they are “air-gapped” and stored inside bunkered vaults, there are multiple access controls, mantraps, armed guards and monitoring systems. The multiple access controls Casares says is the use of multi-signature technology that uses five corresponding keys in remote physical locations worldwide.
“Since we originally set up the Xapo deep cold storage vaults over two years ago, we have continuously endeavored to improve our security infrastructure,” Casares adds. “Some of the main improvements we have made include improved physical security for our cold storage vaults, consensus-based security for our bitcoin operations and risk profiling for our bitcoin movements.”
Other Exchanges Have Reimbursed Customers
There have been quite a few breaches within the cryptocurrency landscape, but only a few of them have offered to pay their clients back in full. Yet there are some who have reimbursed their customers and have maintained respectability within the cryptocurrency community.
Last year Blockchain.info was compromised for 267 BTC from customers’ wallets. Immediately following the attack, CEO Peter Smith said the firm would reimburse its users who were affected. Luckily for Blockchain.info, the hack was committed by a white hacker named Johoe who eventually returned all the funds back to the original wallets.
Back in March, the popular exchange Shapeshift’s hot wallet was hacked for 315 BTC by a rogue employee. The former Shapeshift worker also sold information to another hacker after the incident and Shapeshift was compromised a second time. Shapeshift is one of the rare exchanges that made good on its losses after the hacks and returned back to business following a few days of downtime.
Another well-known breach back in January of 2015 was the loss of roughly 19,000 BTC from the exchange Bitstamp. The company said its wallet system had been compromised and immediately suspended operations. However, Bitstamp assured its customer base that customer funds would be paid back, and the exchange went back online a couple of days after the incident. Before they returned to business Bitstamp CEO Nejc Kodrič explained to customers that they need not worry about the losses:
We would like to reassure all Bitstamp customers that their balances held prior to our temporary suspension of services will not be affected and will be honored in full.
According to the Blockchain Graveyard, there have been 41 recorded incidents so far since Bitcoin’s inception. Yet there is only a small number of exchanges and wallet services that have made good towards their customer’s funds. It is worth noting that businesses that have honored their user’s funds are still operational today.
It will be interesting to see how Bitfinex fares after their losses as it was the biggest Bitcoin exchange heist since the demise of Mt Gox. It’s safe to say exchanges that don’t pay their customers back in full will discourage new users from entering the Bitcoin space.
Do you think exchanges should have a plan in place to pay customers back in full after a compromise? Let us know in the comments below!
Images courtesy of Pixabay, Xapo’s Blog, Bitcoin.com