In the period 2013-2017, 29 hacks took place on the Bitcoin market, in which a total of 1.1 million Bitcoin were stolen. Noting that the average price of Bitcoin (BTC) exceeded $ 20,000 in December 2020, the corresponding monetary equivalent of the losses is more than $ 22 billion, which greatly underscores the societal impact of this criminal activity.
What has the crypto exchange done to address this problem? Today about 90% of exchanges use a cooling system, which means that digital assets are stored offline. Keeping Bitcoin offline greatly reduces the threat of hacking attacks.
Connected: Summary of the crypto hacks, exploits and heists in 2020
However, Jean Baptiste Su, principal analyst and technology futurist at Atherton Technology Research, points out that hackers stole over $ 4 billion in 2019, which was more than double what it was in 2018. In fact, cyberattacks are a very serious one Problem that raises doubts about the security of modern blockchain-based applications in the financial sector. Of course, it can be argued that thefts also occur using traditional payment methods such as credit cards. For example, annual fraud statistics published by The Nilson Report documents that credit card fraud losses reached US $ 27.85 billion worldwide in 2018.
Connected: Crypto Exchange Hacks in Review
I think it’s important to note that credit card market fraud, as opposed to cryptocurrency market fraud, is hard to compare for at least four reasons:
- First, a lot more people use credit cards than cryptocurrency.
- Second, the average amount of money equivalent stolen per fraud is dramatically lower, although the incidence of fraud in the credit card market is significantly higher.
- Third, it is much more likely that credit card holders are insured with the credit card company, while Bitcoin users typically do not have such insurance.
- After all, compared to bitcoin theft in cyberspace, the police are much more likely to have some chance of successfully dealing with credit card losses.
Hacking Effects on the Crypto Market
In order to examine the question of how bitcoin hacking incidents affect the uncertainty across the Bitcoin market, I conducted an empirical study in which I analyzed how volatility – which in financial economics is a measure of the uncertainty of a Asset is – responded to hacking incidents. For this purpose, I used what is known as an Exponential Generalized Autoregressive Conditional Heteroskedasticity model, in which I have included binary dummy variables in the variance equation. The dummy variables measured the effect on volatility up to five days after a hacking incident in the Bitcoin market.
In my study, I found that Bitcoin’s uncertainty in terms of volatility increases significantly. Surprisingly, I found two effects – a simultaneous effect and a delayed effect. The volatility increases on the day of the hacking incident and then drops back to normal levels. There is no effect between the first and the fourth day. Then, on the fifth day after the hacking, the volatility increases again significantly. Since no other events occurred, the effect is most likely caused by the same hacking incident.
A possible explanation for the delayed effect could be that hacking incidents are more likely to occur on small exchanges, which are likely to have lower security standards compared to larger exchanges. As a result, the information dissemination is slower.
Another interesting result of the study is that other cryptocurrencies such as Ether (ETH) are also reacting to hacks on the Bitcoin market. Interestingly, the volatility of ether shows only a delayed effect. There is no simultaneous effect. However, the lagged increase in volatility on day five is practically the same as what we observed for the volatility of Bitcoin.
A possible explanation for this finding could be that exchanges are trading multiple cryptocurrencies at the same time. If an exchange is hacked, thieves can steal both Bitcoin and Ether. This could be a possible explanation for the volatility losses found in my study. Another possible explanation for this phenomenon could be that thieves use one cryptocurrency to cash out their theft from the other, shifting the demand for cryptocurrencies from Bitcoin to ether, for example.
What is the risk of a cyber attack in US dollars?
To study this problem, I worked with colleagues from the Finance Research Group and the Mathematics Research Group at the University of Vaasa. Together with Niranjan Sapkota and Josephine Dufitinema, we collected 53 hacking incidents on the Bitcoin market in the period 2011-2018, which corresponds to 1.7 million Bitcoin stolen. We argue that naive risk management can dramatically underestimate the risk of these hacking incidents and that naive risk management can dramatically underestimate the risk of these hacking incidents.
In the study, we show that the distribution of hacking incidents is extremely bold. This means that Black Swan-like events are more likely to occur. We found that the probability distribution of hacking incidents does not have a theoretical mean, which implies that the mean of the loss distribution is infinite. To compute an estimate of the risk due to cyberattacks in the Bitcoin market, we recently used tools proposed from Extreme Value Theory (EVT).
We have shown that the shadow mean of the expected cyberattack risk is $ 59.70 million, which is definitely larger (almost twice) than the corresponding mean of the sample tail of $ 30.92 million. In particular, the shadow mean value is calculated using ETV and, in our research context, corresponds to the expected risk of cyber attacks above a certain threshold value. In our study, we chose a loss of $ 1 million as the threshold. This means that any cyber-attack loss above $ 1 million will be treated as extreme.
The next step in our calculation was to combine the shadow mean with the loss distribution expectation, where we have accumulated all losses from cyber attacks of less than $ 1 million. When we combine our shadow mean with the sample mean below our chosen threshold, we calculate a total expected loss of $ 24.89 million instead of $ 12.36 million. This is the naive sample mean of the hacking incident data.
Our results have a significant impact. For example, our results show that standard tools that are used in traditional risk management may not be able to serve as a basis for decision-making.
The views, thoughts, and opinions expressed here are the sole rights of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Klaus Grobys is Lecturer in Financial Economics at the University of Jyväskyla and Assistant Professor in Finance at the University of Vaasa. Grobys is also a member of the InnoLab research platform at the University of Vaasa. His most recent studies examine the opportunities and risks of new innovative digital financial markets. His most recent research results have been covered by the US business magazine Forbes, among others.