Exchange hack query

[AssociatesBumble579]

I have seen many exchanges got hacked in several times. But most cases, Exchanges say ‘Customer Money Is Safe’. Even the latest incident with Upbit gives similar statement. If they customer money is safe, then who was the owner of the hacked money? Exchange own it? If yes, is this true that Binance, Upbit or other exchange keep such money to their wallet and take risks and responsibilities as well?  To be honest, I think these are like fud or something else. Never mind.

[omone1]

Some exchanges have some back-up fund in case of an unfortunate hack, like binance was able to recover after the last hack, not all exchanges can survive such hack. For example, Cryptopia was hacked and never recovered till date. Sometimes, an exchange can be hacked without fund been stolen but only data leaked. If an exchange says customers fund are safe, then let's wait until they are fully back to see if there will be restriction on maximum withdrawal by customers overtime.

[RapTarX]

It's not only the exchange, most of the business organization do hold a part of their income in order to back up the unexpected risk. Therefore, it's common practice & possible that customers fund is safe and hacked exchanges are likely to bear the loss for the sake of their reputation. However, it's possible in case of partial small hacked amount. For a mass hack, I guess the fund held by exchanges for back up isn't enough.
Sometimes the hack can be an insider job as well, I have some news on Indian local 3/4 days ago & people are suspecting an insider person have stolen the BTC. It's very possible.

[joniboini]

A more difficult question to answer (and probably more important for the customers) is how do we know that an exchange is really hacked and not run away. Some parts of that emergency fund might comes from an insurance company, so they must need to know that too. This is the reason why after Upbit announces that they got hacked, an article that says something like 'how exchange announces hacking to launder money' come out.

[Patatas]

I have seen many exchanges got hacked in several times. But most cases, Exchanges say ‘Customer Money Is Safe’. Even the latest incident with Upbit gives similar statement. If they customer money is safe, then who was the owner of the hacked money? Exchange own it? If yes, is this true that Binance, Upbit or other exchange keep such money to their wallet and take risks and responsibilities as well?  To be honest, I think these are like fud or something else. Never mind.

They generally have hot and cold wallets. Cold wallet is where they store their customer funds and use hot wallet for trading, daily transactions etc. A cold wallet is very secure, offline and has limited access. The hacker usually hacks the "online" hot wallet. Most of the hacks are either exit scams or inside jobs anyway. As a rule of thumb, don't keep money on exchanges.

[abel1337]

I have seen many exchanges got hacked in several times. But most cases, Exchanges say ‘Customer Money Is Safe’. Even the latest incident with Upbit gives similar statement. If they customer money is safe, then who was the owner of the hacked money? Exchange own it? If yes, is this true that Binance, Upbit or other exchange keep such money to their wallet and take risks and responsibilities as well?  To be honest, I think these are like fud or something else. Never mind.

They generally have hot and cold wallets. Cold wallet is where they store their customer funds and use hot wallet for trading, daily transactions etc. A cold wallet is very secure, offline and has limited access. The hacker usually hacks the "online" hot wallet. Most of the hacks are either exit scams or inside jobs anyway. As a rule of thumb, don't keep money on exchanges.

+1 to this, Somehow if the exchange states that they are holding you're money tight after a hacked happen, They have a higher chance to regain their lost by continuing their services. If they state it they would possibly want to reduce the panic and avoiding to lose the trust of their users.

[NeuroticFish]

If they customer money is safe, then who was the owner of the hacked money? Exchange own it?

Let's start with the beginning. When one transfers money into "his wallet" at an exchange, he actually has here a custodian wallet. That means that the exchange has the private keys, the exchange owns the money and displays how much would they give you if everything is OK and you do withdraw.
Most of the funds sent by customers end up in cold wallet. This happens because there are usually not many big withdrawals. The trades / operations the users make are only changing numbers in a database, not in the wallets.

For withdrawals the exchanges have their hot wallets. Those are a bit risky, those are usually hacked, that's why the exchanges try to keep a small percent of the funds there, just to have reasonable withdrawal times. That money is usually "insured" (for example Binance claims to have a separate fund for that; this fund is built from their earnings from the fees).



TL;DR; When you deposit you get an IOU (I-owe-you) amount in your account, not real money/BTC. The withdrawal is based on that IOU. Where the exchange gets that money for you is its own business. If they want to keep their customers, they have to stick to that value.

[TheUltraElite]

I have seen many exchanges got hacked in several times. But most cases, Exchanges say ‘Customer Money Is Safe’.

The site may get hacked b different methods. Does not mean that the wallets of the site have been hacked. Most exchanges do have hard-to-crack and track wallets for securing them. I am not sure but probably they have other methods to keep hackers at bay too. What often does get hacked in the frontend - the page that you see on opening the link.

Even the latest incident with Upbit gives similar statement. If they customer money is safe, then who was the owner of the hacked money?
Exchange own it? If yes, is this true that Binance, Upbit or other exchange keep such money to their wallet and take risks and responsibilities as well?  To be honest, I think these are like fud or something else. Never mind.

If you hear words from non-officials then there is possibility of FUD and hatred-induced wrong statements. However the precautionary measure that one must take is not to store coins on exchanges once trading is complete, I know there are withdrawal fees but it is never safe to store coins for long time on any exchange/online wallet.

The sad part is that if customer's money does get stolen there is still a grey area about who to charge to the authorities. The legal systems with cryptocurrencies need a lot of improvement now that so many exchanges are operating and getting hacked.

[hugeblack]

Since these platforms operate as if they were banks, they must have reserves in a safe place if any real capital risks occur.
Unfortunately, most platforms do not adhere to this, as there are no restrictions (Regulatory laws) imposed on the work of those platforms.
Therefore, prevention is better than cure. Avoid depositing large sums in the platforms and keep only the amount that enables you to conduct trading.

You can still file a legal complaint against the registered central platforms, but it takes a lot of time.