[Disclosure: I used to have a small amount of Ethereum (Ether), but now I have absolutely zero Ether]
Your eyes are not deceiving you, the disclosure above is usually printed at the end of any article by any Forbes writer when the subject matter is about cryptocurrencies.
In this case, I am confirming that I now have no Ether, but I did have some until my crypto wallet was hacked around six weeks ago.
In the interim period, I know now more than most about the lack of crypto security and how it's virtually impossible to retrieve funds after they've been stolen. It's an interesting story, it's just highly annoying that it happened to me.
First things first. Like many others, I was in the latter stages of the crypto wave and only started becoming interested in them a couple of years ago.
Blockchain seemed revolutionary, Ether looked as if it could more than emulate Bitcoin because of Smart Contracts, so why not quietly invest in a future nest egg? I had time on my hands, so this was always a long play... and not a big one.
I learnt quickly, heard that crypto exchanges were hacked regularly, so it would be advisable to store my Ether in a wallet via a public key and a private one. I could upload funds using my public key (open to the world), but only I would know the private key.
So far, so encrypted. Both keys were 40 characters long and I decided to use Myetherwallet to store my Ether; friends in the industry had assured me this was the best one.
As directed, I printed off my private key, kept it securely in my desk (whoops, just gave it away again) and then came up with what I thought was a masterstroke.
Some years ago when I lived in Goa, I met some very interesting people, one of whom was a notorious (and somewhat garrulous) drug dealer.
He told me over a few beers that whenever he wanted to pass on a secret message, he would give his Gmail log-in and password to an associate and that individual could access the appropriate message in Gmail drafts.
Nothing would be sent over the internet, so nobody would know, so it was as safe as proverbial houses. Good enough for a paranoid drug dealer, good enough for me; that's where I stored my private key.
Moreover, I split the key into ten different sets of four characters and encrypted it my own way. Whenever I accessed the wallet, I would scrunch the characters together, cut-and-paste, access my wallet, then clear my browser history, then rearrange them differently. Clever old me.
Clever, not. This, apparently, was how the hackers found my private key. So if you're thinking of storing your private key (or talking to fellow drug dealers), then Gmail drafts is a very bad idea. Clearly, I found this out too late; you have no excuses.
Crypto wallets and exchanges are mutually exclusive and do not provide security.
Quoteinspector (via Creative Commons FlickrWhat happened next was insane and intense. When I next logged in, I quickly discovered that I'd been cleaned out a week earlier. The crypto cupboard was bare.
Like any other burglary, this was an intensely stressful experience, so I activated my network of great people. Black hats, white hats, blockchain aces, crypto genii, high-networks individuals with access to the top, everybody I could think of.
Information came quickly. The Ether had been moved to a new public key address, but had not moved for seven days. This meant it could have been malware that had scraped the private key (but didn't know how to move it to an exchange) or the thieves were biding their time.
Unfortunately, they bided their time for another six days, but I was told 'not to worry'. This was blockchain and if the funds were moved to an exchange then I would be alerted, the thieves would be easy to track down.
Then they moved and six days later I was alerted that they were transfering my funds (along with others) to the Binance exchange. That transaction had to be stopped because no blockchain transaction can be reversed. Simple surely, the exchange could just block that transaction.
The next six hours were crazy, it was if the whole world was trying to help me out. Over the course of that evening, the odds of me blocking the transaction veered between 5 per cent to 40, down to 20, up to 70, down to 30 and finally a big, fat zero.
Myetherwallet were sympathetic, but said there was nothing they could do, they did not have the ability to stop movements, even if they were suspicious. I spoke to Myetherwallet CEO Kosala Hemachandra in a panic as the heist continued its less than merry way.
Remember we are an open source wallet that doesn't hold any user funds, so any compromise of funds like this may be a result of using a lookalike phishing site. We have the highest security measures available in the market so that our users are protected against malicious actors.
Well, that was nice to know, but it didn't help me much, so I turned to Binance, but was presented with a website request for a 'ticket number' and they would get back to me in 72 hours.
Seventy-two hours? I wanted something done within 72 seconds. I was told to expect a reply, which came 24 hours later, and a request for a law enforcement number to whom I had needed to report the crime.
I live in the UK, not North America. Law enforcement means the Police and while I appreciate the work the Police do, I don't think any Police force in this country would even understand what had happened to me.
This to them would just be another burglary and if they did know enough about crypto, being informed that I had left my private key in my Gmail drafts was as good as leaving a window open in my house. I probably deserved it.
I later caught up with Wei Zhou, Binance CFO at this month's Blockchain Summit in Malta and he said there had an increase in thefts such as mine over the last couple of months describing it as a 'last grab'; hackers knew the crypto community was beefing up security.
We work very hard to ensure the safety and security of funds on Binance and Trust Wallet. Our hope is that all users are informed on best practices to ensure the safety of their own storage and accounts. We work closely with law enforcement agencies around the world to help users recover funds, so in case of stolen funds, we encourage users to file reports right away with law enforcement.
It will be interesting to find out just how many times Binance has co-operated to get theirs users' funds back, but Zhou assured me that Binance wanted this relationship with law enforcement to be more efficient and they're working on it.
I have seen the price of Ether plummet in the six weeks since I was hacked, so the pain has lessened over this period of time, but while I've been an idiot, I'm not exactly clueless in how this all works.
For the average and traditional investor however, the volatility of cryptocurrencies and its current (and brutal) bear market are enough to put most of them off investing in crypto.
Add stories such as mine and the eventual creep of regulation, the crypto world right now seems to be a very dangerous place to play.
On the other hand, I'm still a believer and while I've been burnt once, I may yet return. In the interim, the thieves have got away with it and whether this is a 'last grab', whether I'm a total loser or whether better security is coming, the warning is clear.
Never, at any time, store your private key anywhere on your computer or your cellphone; you are not safe. Moreover, forget using Gmail drafts for anything else other than drug-dealing... it's a mug's game.
[Disclosure: I do not currently hold any Ether... or any other cryptocurrency]
