A Revisiting the Risks of Bitcoin Currency Exchange Closure

ing with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. c © YYYY ACM. 1533-5399/YYYY/01-ARTA $15.00 DOI: http://dx.doi.org/10.1145/0000000.0000000 ACM Transactions on Internet Technology, Vol. V, No. N, Article A, Publication date: January YYYY. A:2 Tyler Moore, Nicolas Christin, and Janos Szurdi since victims usually only identify fraud after transactions take place [Anderson 2007; Moore et al. 2012]. Irrevocability makes any Bitcoin transaction involving one or more intermediaries subject to added risk, such as if the intermediary becomes insolvent or absconds with customer deposits. In this paper, we focus on one type of intermediary, currency exchanges, and empirically examine the risk Bitcoin holders face from exchange failures. Since bitcoin mining is now carried out by professional actors, users who wish to acquire bitcoins normally interact with currency exchanges to do so. They pay via bank transfer or credit card in a fiat currency and are credited with the corresponding amount of bitcoin. According to a 2017 survey, 73% of exchanges maintain control of the private keys for the bitcoin purchased by customers [Hileman and Rauchs 2017]. In this sense, the exchanges operate like a bank in the traditional financial system, in that the customers do not actually hold onto the cash but instead maintain an account with a balance that they can withdraw from by request. As of November 2017, Bitcoin’s market capitalization is approximately US$118 billion [Cryptocurrency Market Capitalizations 2017]. With success comes scrutiny, and Bitcoin has been repeatedly targeted by fraudsters. For instance, over 43,000 Bitcoins were stolen from the Bitcoinica trading platform in March 2012 [Leyden 2012]; in September 2012, $250,000 worth of Bitcoins were pilfered from the Bitfloor currency exchange [Lee 2012]. The prevalence of such attacks inspired an earlier version of this paper [Moore and Christin 2013], which found that 45% of Bitcoin exchanges established prior to January 2013 subsequently closed. Shortly after this paper was published, interest in Bitcoin exploded, along with its exchange rate. It is worth revisiting the question to determine whether or not the Bitcoin ecosystem has matured since its early days. An anecdotal examination of the news suggests that the problems have not gone away with time. Mt. Gox, which had been the leading Bitcoin currency exchange through mid-2013, collapsed spectacularly in early 2014, leaving many of its customers in the lurch [Adelstein and Stucky 2016]. In August 2016, leading exchange Bitfinex was hacked, suffering a $68 million loss and socializing it amongst all users [Chen and Nakamura 2016]. Indeed, upon closer examination we find that the closure rate amongst Bitcoin exchanges remains very high. Of 80 exchanges operational through March 2015, 38 have subsequently closed. 26 have experienced at least one security breach. Section 2 explains our data collection and measurement methodology. In contrast to [Moore and Christin 2013], which computed survival and regression analysis that incorporated all activity across time, in this paper we construct longitudinal (i.e., panel) data calculated quarterly. This is designed to deal with the explosive transformation Bitcoin has experienced since its founding. Section 3 presents summary statistics for the data collected. Section 4 presents a series of logistic regressions to identify factors that contribute to whether an exchange will close. Section 5 reviews related work and Section 6 discusses follow-up research. 2. DATA COLLECTION METHODOLOGY We collected various indicators from multiple sources: trade data from bitcoincharts.com [Bitcoin Charts 2015]; breach data from bitcointalk.org [Bitcoin Talk 2015] and from the Bitcoin wiki [Bitcoin Wiki 2015]; security measures from from the Bitcoin wiki, bitcointalk.org, and exchange websites; and compliance data from the World Bank’s Anti-Money Laundering Index [Yepes 2011]. In this section, we describe our data collection methodology for all of these indicators. In [Moore and Christin 2013], data were collected as attributes that affect an exchange for its entire duration, e.g., the overall trading volume, whether a breach had ever occurred, etc. While appropriate for the time period studied (2010–early 2013), Bitcoin shot to prominence shortly thereafter. By contrast, this paper covers transactions between 2010 and March 2015, and it could be argued that the environment in which Bitcoin currency exchanges operate is dramatically different now compared to its early days. Hence, in this paper, we set out to collect attributes that are timedependent so that we can perform a longitudinal analysis. Some characteristics do not change over time (e.g., compliance data), but others do. Consequently, we compute indicators that are aggregated quarterly, which is long enough to capture stable measurements but short enough to reflect the dyACM Transactions on Internet Technology, Vol. V, No. N, Article A, Publication date: January YYYY. Revisiting the Risks of Bitcoin Currency Exchange Closure A:3 namic nature of the Bitcoin ecosystem. When we describe the indicators below, we will distinguish whether the measure is computed quarterly or does not vary with time. Trade data. Bitcoincharts.com provides historical trade data for a large number of Bitcoin exchanges (including all major exchanges), reporting the timestamp, exchange rate, and bitcoin amount for all trades that take place on participating exchanges.1. We considered historical trade data for all participating exchanges through March 3, 2015. We note that not all currency exchanges provide data to bitcoincharts.com. We exclude from the analysis any currency exchange that does not. To characterize exchange trade data, we focus on three measures. First is whether the exchange remains operational and for how long. The exchange lifetime is the number of days an exchange was/has been operational, that is, the number days to have elapsed between the dates of the first and last observed trades. We also calculate a Boolean value whether the exchange has closed in the present quarter. Second is the exchange average daily trade volume, calculated quarterly. We compute the average by dividing the total number of bitcoins transacted by the number of days between the first and last observation during the quarter. For active and high-volume exchanges, this should be approximately 90. However, some low-volume exchanges did not always report trading activity each day, so activity on those days would be counted as zero. By contrast, when an exchange opens or closes, we exclude from the average any adjacent days when not operational. The third measure centers on the competition level of the currency offered by the exchange. While 41 exchanges have traded USD and 29 have traded EUR, many currencies have only ever been offered at one or two providers. 14 currencies were only ever supported by one exchange, while six more were only supported by two. It is possible that these less competitive currencies may offer greater stability to exchanges. We measure the fraction of an exchange’s quarterly trading volume in which trades were conducted in currencies where only one or two exchanges traded that currency in the quarter. Figure 1 graphically summarizes our trade data. Each row corresponds to one specific exchange. The x-axis represents time. Blue lines indicate times at which each exchange is open; red stars correspond to documented breaches. Two anomalies appear quite clearly in the figure. First, we found trade data for a few exchanges long after those exchanges had appeared to close (see orange and green circles). Such outliers can potentially lead to overestimating the exchange lifetime, and thus overreporting the periods in which the exchange is operational and misreporting when the exchange closes. Consequently, we need to determine whether they are valid. We detect outliers as points above the “median of all absolute deviations from the median” (MAD, [Rousseeuw and Hubert 2011]). The MAD method identifies possible outliers, graphically illustrated in Figure 1, for five exchanges: World Bitcoin Exchange, bitme, bitcoin-24.com, Global Bitcoin Exchange, and Ruxum. We investigate whether these outliers should be ignored by searching for their probable causes. In the case of World Bitcoin Exchange, bitme and bitcoin-24.com, the outliers indicate an attempt to reopen the exchange. The attempts to reopen World Bitcoin Exchange and bitme failed almost immediately, thus we excluded those outliers from our analysis. On the other hand bitcoin-24.com managed to re-establish trade for a significant period of time. Thus, we included it twice in our data. To account for the gap between intermediate closure and reopening, we consider them as two separate exchanges. For Global Bitcoin Exchange, we removed the outlier as the exchange was reportedly closed, and we could not find any information about an attempt to reopen the exchange. Conversely, we kept the outliers pertaining to Ruxum, since we did not find any corroborating information about a possible exchange closure at the time of the outliers.2 1Compressed files are available for download from http://api.bitcoincharts.com/v1/csv/ 2We reran the regressions presented in Section 4 including the outliers and the results did not change in any significant way. ACM Transactions on Internet Technology, Vol. V, No. N, Article A, Publication date: January YYYY. A:4 Tyler Moore, Nicolas Christin, and Janos Szurdi 1coin ANX aqoin bid extreme bit121 Bit2C Bitalo BitBay BitBox Bitcash.cz Bitchange.pl Bitcoin−24.com Bitcoin Central;Bitcoin−Central Bitcoin Euro Exchange Bitcoin HK Exchange Bitcoin Market bitcoin.co.id bitcoin.de Bitcoin2Cash Bitcoin7 bitcointoyou.com Bitcurex Bitfinex bitfloor bitKonan BitMarket.eu BitMarket.pl bitme bitNZ bitomat.pl BitStamp BitStock.cz BitX Brasil Bitcoin Market Britcoin btc−e BTC China btcex.com btcmarkets BtcTree.com BTCXchange Camp BX Canadian Virtual Exchange Coinfloor CoinTrader Crypto−Trade Crypto X Change ExchangeBitcoins.com FBTC Exchange FreshBTC FYB−SE;FYB−SG Global Bitcoin Exchange hitbtc IBWT ICBIT Stock Exchange IMCEX.COM Intersango itBit Justcoin Kapiton Korbit Kraken LakeBTC.com LibertyBit LocalBitcoins Mercado Bitcoin Mt. Gox OKCoin Ripple RMBTB Ruxum Snowcoin The Rock Trading Company TradeHill Vircurex VirWox WeExchange World Bitcoin Exchange zyado 2011 2012 2013 2014 2015 Date Ex ch an ge s Fig. 1. Exchange trade activity. Blue dashed lines show when a given exchange was active. Red stars show when an exchange was breached. Green circles indicate outliers and orange circles indicate extreme outliers. ACM Transactions on Internet Technology, Vol. V, No. N, Article A, Publication date: January YYYY. Revisiting the Risks of Bitcoin Currency Exchange Closure A:5 Second, as also evidenced in Figure 1, there are frequent gaps in trade data over the lifetime of an exchange. These gaps can be explained either by collection issues on bitcoincharts.com, or by real lack of activity on the exchange itself. We consider particularly long gaps (12 weeks or more), which we observe for Vircurex, Bitcurex, and Bitcoin Central. Looking for information on bitcointalk.org, we discovered that both Vircurex and Bitcurex upgraded their software at the beginning of the gap—which could have accounted for bitcoincharts.org not obtaining any data for a while—and we even saw informal evidence of Vircurex being active at the time of the gap in forum discussions. Conversely, Bitcoin Central was reportedly closed after a breach, during the corresponding gap. Nonetheless, in all three cases, the missing days are not included in the quarterly averages. We deemed an exchange to be closed if there was no trading on the exchange for at least two weeks after the last observed trade day. To make sure that the exchange had truly closed, as opposed to being momentarily offline, we additionally confirmed that at least one of these criteria held: 1) the exchange website was consistently down, or 2) there was no trade data after March 27, 2015 (the end of our collection interval). Breach data. We define an exchange breach as an event, during the life of an exchange, which result in the loss of users’ funds due to negligence or misconduct by the operators of the exchange. This definition excludes, for instance, phishing attacks against the users of an exchange. Four different scenarios can lead to an exchange breach. In a security breach, a malicious entity exploits vulnerabilities in the exchange’s software, hardware or system configuration to steal funds. As an example, the Bitfloor exchange suffered a security breach when thieves managed to gain access to backups of the private keys controlling cash flow accounts on the exchange, and used this access to steal an estimated 24 086 bitcoins [Bitcoin Talk 2014]. Data loss, e.g. due to hardware problems, can lead to unrecoverable loss of funds. For instance, Bitomat.pl reportedly lost all of their users funds, an estimated 17 000 bitcoins, in a data loss caused by an improper server restart [Bitcoin Talk 2014]. In an insider scam, unscrupulous exchange operators steal user funds themselves. Legal action can also lead to confiscation, and thus loss, of funds. Because it is often unclear which of the scenarios is the root cause of a breach—e.g., is a data loss truly due to incompetence, or malice?—our analysis does not distinguish between the various types of breaches. The Bitcoin Talk forum[Bitcoin Talk 2015] and the Bitcoin Wiki [Bitcoin Wiki 2015] have dedicated pages to breaches [Bitcoin Talk 2014; Bitcoin Wiki 2014], which, unfortunately, are incomplete. From time to time, breaches are discussed in other areas of the site. To obtain better coverage, we ran customized Google queries on Bitcoin Talk. We generated the queries by combining keywords (theft, hack, scam, breach, loss, incident, stolen, victim) that had the highest frequency of occurence (measured by term frequency–inverse document frequency, or TF-IDF) in the dedicated breach pages with variations of the exchange name. This resulted in several queries to test each exchange, such as “site:bitcointalk.org theft or hack or scam or breach or loss or incident or stolen or victim Mt. Gox,” or “site:bitcointalk.org theft or hack or scam or breach or loss or incident or stolen or victim mtgox.com.” Overall, we ran 370 such queries during the time interval September 14–19, 2014. For each query we received between zero and ten results from the Google API, which we manually investigated to find breach events. We then complemented this data on March 3, 2015 with a manual investigation of news articles for reports of additional exchange breaches in the period 9/19/14–3/3/15. Because we use a slightly different breach definition compared to our prior work [Moore and Christin 2013], we obtained a couple inconsistencies in what constitutes a breach. Previously, we considered Bitcoin Market to have been breached and, conversely, Bitcoin-24.com or BitMarket.eu to not have suffered breaches. When applying our revised breach definition more consistently, we reach the opposite conclusion. Bitcoin Market lost funds due to PayPal reportedly freezing their accounts, which we do not consider a breach. On the other hand, Bitcoin-24.com was breached on October 25, 2012, but this was not revealed until March 4, 2013, after [Moore and Christin 2013] was written. Meanwhile, Bitmarket.eu suffered collateral damage from hosting part of their ACM Transactions on Internet Technology, Vol. V, No. N, Article A, Publication date: January YYYY. A:6 Tyler Moore, Nicolas Christin, and Janos Szurdi infrastructure or Bitcoinica, which was breached. Since the losses resulted from poor judgement by the operators, we now categorize the event as a breach. Security-related exchange properties. Because of the value of the resources they host, Bitcoin exchanges are expected to adopt good security hygiene. We conjecture that those who do not practice good security face a greater likelihood of eventual failure. To help us verify this conjecture, we collected the following indicators from each exchange, through manual analysis of their websites: 1) availability of two-factor authentication; 2) use of cold storage, that is, whether the exchange stores most of its bitcoins offline, and minimizes the amount of bitcoins kept online as cash flow for transaction operations; 3) presence of bug bounty programs; and 4) proclamations that the service undergoes routine security audits. We looked for information about these security indicators on the websites of the exchanges, on the Bitcoin Talk forum and the Bitcoin Wiki. If an exchange was closed, we looked up its webpage on the Internet Archive Wayback Machine [The Internet Archive 2015]. The idea is that exchange operators have a strong incentive to advertise the security features they implement, and thus, evidence should be relatively easy to find. For cold storage, bug bounty, and security audits, we identified simply whether or not the exchange ever reported these features. We decided to dig a bit deeper for the presence of two-factor authentication (2FA) in order to identify when the feature was added. To do this, we checked Internet Archive’s pages for the first mention of supporting 2FA. Of the 58 exchanges found to have supported 2FA, 30 supported it all the way back to the first observation in the Internet Archive. For these exchanges, we label them as having supported 2FA in all quarters that the exchange was open. For the remaining 28 exchanges, we know that 2FA was added at some point between the first observation and the prior cache. The median gap between such observations is 112 days. We approximate when 2FA support is added by taking it to be the quarter in which it is first observed on Internet Archive. Given the high rate of breaches, a natural question arises: do the exchanges adopt security precautions before or after a breach occurs? If it is the former, then it suggests that the security measures did not help stop a breach. If it is the latter, then the it suggests that the exchanges beefed up their security following a breach. We investigate this for the adoption of 2FA. Of 20 cases where 2FA is adopted and we have Internet Archive data, we can confirm that the breach occurred after 2FA adoption in 15 cases. In four of the remaining five cases the breach occurred before the Internet Archive’s first cache, which showed 2FA support. Only in one case (Bitfloor) could we confirm that the exchange did not support 2FA before the breach but did afterwards. Hence, we conclude that for 2FA at least, the security measures were not adopted in response to experiencing a breach. Compliance properties. Finally, to assess regulatory impact, we attempted to identify the country where each exchange is based. We then used an index (ranging between 0 and 49) computed by World Bank economists [Yepes 2011] to identify that country’s compliance with “Anti-MoneyLaundering and Combating the Financing of Terrorism” (AML-CFT) regulations [Yepes 2011]. 3. ANALYSIS OVERVIEW We start our analysis by presenting descriptive statistics and graphs that summarize the collected data. Table I lists all 80 known Bitcoin currency exchanges,3 along with relevant characteristics such as whether the exchange experienced a security breach, subsequently closed, and observed security features. In total, 25 exchanges experienced security breaches, caused either by hackers or other criminal activity. 15 of these exchanges subsequently closed, but 11 have survived so far. Another 23 closed without experiencing a publicly-announced breach. One key factor affecting the risk posed by exchanges is whether or not its customers are reimbursed following closure. We must usually rely on claims by the operator and investors if they are 3As explained in Section 2, the bitcoin-24.com exchange restarted about a year after it first closed. We treat these as two distinct exchanges in the subsequent analysis, which is why the total number of exchanges is 80 rather than 79. ACM Transactions on Internet Technology, Vol. V, No. N, Article A, Publication date: January YYYY. Revisiting the Risks of Bitcoin Currency Exchange Closure A:7 Table I. Bitcoin exchange indicators. Exchange Origin Start End Closed Breach Repaid 2FA Bounty Audit Cold S. AML bitomat.pl PL 4/11 8/11 yes yes yes no no no no 21.7 Bitcoin Market US 4/10 8/11 yes no – – – – – 34.3 FreshBTC PL 8/11 9/11 yes no – – – – – 21.7 Britcoin GB 3/11 9/11 yes no – no no no yes 35.3 Bitcoin7 US/BG 6/11 10/11 yes yes par. – no no – 33.3 ExchangeBitcoins.com US 6/11 10/11 yes no yes no no no no 34.3 Bitchange.pl PL 8/11 10/11 yes no – yes yes no no 21.7 Brasil Bitcoin Market BR 9/11 11/11 yes no – – – – – 24.3 aqoin ES 9/11 11/11 yes no – – no no – 30.7 Global Bitcoin Exchange GB 9/11 1/12 yes no par. no no – – 35.3 Bitcoin2Cash US 4/11 1/12 yes no – yes no no no 34.3 TradeHill US 6/11 2/12 yes yes no no no no no 34.3 BtcTree.com US/CN 5/12 7/12 yes no yes – – – – 29.2 btcex.com RU 9/10 7/12 yes no – no no no no 27.7 Ruxum US 6/11 9/12 yes no – – – – – 34.3 IMCEX.COM SC 7/11 10/12 yes no – yes no no no 11.9 Crypto X Change AU 11/11 11/12 yes no no yes no no no 25.7 BitMarket.eu PL 4/11 2/13 yes yes – – – – – 21.7 bitfloor US 5/12 4/13 yes yes par. – no no yes 34.3 Snowcoin IN 4/13 5/13 yes no – yes no yes yes 26.7 LibertyBit CA 1/13 6/13 yes yes yes – – – – 25.0 Bitcoin HK Exchange HK 6/13 7/13 yes no – no no no no 28.3 BitBox US 5/13 9/13 yes no – no no no no 34.3 FBTC Exchange NL 6/13 10/13 yes yes no yes no yes yes 27.3 Bitcash.cz CZ 7/13 11/13 yes yes – – no no no 24.8 bid extreme PL 8/13 11/13 yes yes – – – – – 21.7 WeExchange US/AU 10/11 11/13 yes yes no – – – – 30.0 bitme US 7/12 11/13 yes no – – – – – 34.3 RMBTB CN 5/13 12/13 yes no – yes – – yes 24.0 Mt. Gox JP 7/10 2/14 yes yes no yes no – – 22.7 World Bitcoin Exchange AU 8/11 2/14 yes yes par. yes no no no 25.7 Intersango GB 7/11 3/14 yes no no no no no yes 35.3 bit121 GB 10/13 3/14 yes no yes – – – – 35.3 ICBIT Stock Exchange SE 3/12 5/14 yes no – yes no no no 27.0 Crypto-Trade HK 5/13 7/14 yes yes – no no no no 28.3 Kapiton SE 4/12 8/14 yes yes – no no no no 27.0 Bitcoin-24.com DE 5/12 9/14 yes yes par. – no no no 26.0 Bitcoin Euro Exchange CZ 1/14 9/14 yes no – – – – – 24.8 Justcoin NO/HK 4/13 10/14 no no – yes yes no yes 29.7 Ripple US 2/13 11/14 no no – no yes no no 34.3 Bitalo FI 11/13 12/14 no no – yes no no no 24.3 OKCoin SG 6/13 1/15 no no – yes yes no yes 33.7 Camp BX US 7/11 1/15 no no – yes no yes no 34.3 LakeBTC.com CN 3/14 1/15 no no – yes no no yes 24.0 Mercado Bitcoin BR 7/11 2/15 no yes no yes no no yes 24.3 bitcointoyou.com BR 10/13 2/15 no no – yes no no yes 24.3 VirWox AT 4/11 2/15 no no – yes no no no 26.5 Canadian Virtual Exchange CA 6/11 2/15 no yes yes yes no yes yes 25.0 IBWT GB 5/14 2/15 no no – yes no no yes 35.3 BitX SG 9/13 2/15 no no – yes no yes yes 33.7 BTCXchange RO 12/13 2/15 no yes yes yes yes no no 26.3 BitMarket.pl PL 3/14 2/15 no yes – yes no no yes 21.7 1coin CN 3/14 3/15 no no – yes no no no 24.0 ANX HK 8/13 3/15 no no – yes yes no yes 28.3 Bit2C IL 3/13 3/15 no no – yes no no yes 29.3 BitBay PL 3/14 3/15 no no – yes no no yes 21.7 Bitcoin Central FR 1/11 3/15 no yes yes yes no no yes 31.7 bitcoin.co.id ID 2/14 3/15 no no – yes no no yes 17.7 bitcoin.de DE 8/11 3/15 no no – yes yes yes no 26.0 Bitcurex PL 7/12 3/15 no yes yes yes yes no no 21.7 Bitfinex HK 3/13 3/15 no no – yes no yes yes 28.3 bitKonan HR 7/13 3/15 no no – yes no no no 19.0 bitNZ NZ 9/11 3/15 no yes yes no no no no 21.3 BitStamp GB 9/11 3/15 no yes yes yes no yes yes 35.3 BitStock.cz CZ 12/13 3/15 no no – no no yes no 24.8 BTC China CN 6/11 3/15 no no – yes no yes yes 24.0 btc-e BG/CY 8/11 3/15 no yes yes yes no no no 33.7 btcmarkets AU 8/13 3/15 no no – yes no no yes 25.7 Coinfloor GB 3/14 3/15 no no – yes no yes yes 35.3 CoinTrader CA 12/13 3/15 no no – yes yes no yes 25.0 FYB-SE;FYB-SG SG/SE 1/13 3/15 no no – yes no no yes 30.3 hitbtc DK 12/13 3/15 no no – yes yes no yes 24.3 itBit SG/US 8/13 3/15 no no – yes no yes yes 34.0 Korbit KR 9/13 3/15 no no – – – – – 20.0 Kraken US 12/13 3/15 no no – yes yes yes yes 34.3 LocalBitcoins FI 3/13 3/15 no yes yes yes yes no no 24.3 The Rock Trading Company MT 6/11 3/15 no no – yes no no no 33.7 Vircurex CN 12/11 3/15 no yes par. yes no no yes 24.0 zyado PT/DE 4/14 3/15 no no – yes no no no 29.3 ACM Transactions on Internet Technology, Vol. V, No. N, Article A, Publication date: January YYYY. A:8 Tyler Moore, Nicolas Christin, and Janos Szurdi Table II. Summary statistics for categorical variables (overall and by exchangequarter). Breached? Closed? 2FA? ≥ 90% Duopoly? Overall Yes 25 38 58 18 No 55 42 16 62 Unknown 0 0 6 0 ExchangeYes 27 38 380 107 quarter No 520 509 151 440 Unknown 0 0 16 0 Table III. Contingency and correlation tables for observed security characteristics. Significant Spearman correlations are indicated by p values 0 < .001 : ∗∗∗, 0.001 < 0.01 : ∗∗, 0.01 < 0.05 : ∗, 0.05 ≤ 0.10 : ·. Yes No ? 2-Factor Auth. Bug Bounty Security Audit Cold Storage 2-Factor Auth. 58 16 6 1.00 0.02 0.15 0.40 ** Bug Bounty 12 54 14 0.02 1.00 -0.04 0.02 Security Audit 13 51 16 0.15 -0.04 1.00 0.29 * Cold Storage 31 32 17 0.40 ** 0.02 0.29 * 1.00 made public. Of the 38 exchanges that closed, we have found evidence on whether customers were reimbursed in 16 cases. Six exchanges have not reimbursed affected customers, while five have fully refunded customers and five more have partially done so. Thus, the risk of losing funds stored at exchanges after closing is real but uncertain. We expect that the observed security characteristics may be correlated with one another – for example, exchanges that support two-factor authentication might be more likely to run a bug-bounty program. The correlation table in Table III shows correlations for the security variables. It also shows the rate of occurrence for each characteristic. Two-factor authentication was most widely supported, while bug bounty programs and security audits were comparatively rare. Note that it was easier to determine whether or not two-factor authentication was offered: we could identify whether it was offered in all but 6 cases. Missing values were more common for the other security characteristics. Consequently, our subsequent analysis focuses on the presence of two-factor authentication. Table II reports the incidence of several binary variables, notably the frequency of breaches and closure, along with the occurrence of two-factor authentication and low-competition exchanges. The first rows count by the number of exchanges, while the second grouping counts “exchangequarter” occurrences, which is used in the time-based regressions. An exchange-quarter combines an exchange with the quarter during which it operates. For example, consider an exchange operating for two years that is breached twice, closing after the second occurrence. There are eight exchangequarters, during two of which a breach is recorded, and during one of which it is closed. While 25 exchanges are breached, 27 breach incidents are included for different time periods. Three exchanges are breached twice (Mt. Gox, Vircurex and Local Bitcoins), while one exchange (Crypto-Trade) was breached long after it stopped reporting trades to Bitcoin charts and had been reported closed. By comparison, 520 quarters went by without an exchange being breached. Figure 2 shows the number of currency exchanges in operation each quarter, along with the number that close. By this measure, relatively few exchanges close compared to the number that remain open (roughly 1–5 each quarter close compared to 20–40 that remain open). But this is misleading, since 90 days is a short time window for an exchange to close within (and we have seen from Table II that around half of exchanges eventually close). Consequently, Figure 3 plots an annualized probability that an exchange will close (top) or be breached (bottom). Overall, the annualized probability of closing peaked in 2012 at around 40%, but dropped to around 15% by the end of our ACM Transactions on Internet Technology, Vol. V, No. N, Article A, Publication date: January YYYY. Revisiting the Risks of Bitcoin Currency Exchange Closure A:9