When hackers penetrated a secure authentication system at the Bitfinex bitcoin exchange earlier this month, they stole about US$70 million (A$93 million) worth of the virtual currency.
The cyber theft -- the second largest by an exchange since hackers took roughly US$350 million in bitcoins at Tokyo's MtGox exchange in early 2014 -- is hardly a rare occurrence in the emerging world of crypto-currencies.
New data disclosed to Reuters shows a third of bitcoin trading platforms have been hacked, and nearly half have closed in the half-dozen years since they burst on the scene.
This rising risk for bitcoin holders is compounded by the fact there is no depositor's insurance to absorb the loss, even though many exchanges act like virtual banks.
Not only does that approach cast the cyber security risk in stark relief, but it also exposes the fact that bitcoin investors have little choice but to do business with under-capitalised exchanges that may not have the capital buffer to absorb these losses the way a traditional and regulated bank or exchange would.
"There is a general sense in the bitcoin community that any centralised repository is at risk," said a US-based professional trader who lost about US$1000 in bitcoins when Bitfinex was hacked. He declined to be named for this article.
"So when investing, you always have that expectation at the back of your head. I lost a small amount compared to the others, but I know of traders who lost millions of dollars worth of bitcoins," the trader said.
The security challenge for the bitcoin world does not appear to be letting up, according to experts in the currency.
"I am skeptical there's going to be any technological silver bullet that's going to solve security breach problems. No technology, crypto-currency, or financial mechanism can be made safe from hacks," said Tyler Moore, assistant professor of cyber security at the University of Tulsa's Tandy School of Computer Science. Moore will soon publish new research on the vulnerability of bitcoin exchanges.
His study, funded by the US Department of Homeland Security, shows that since bitcoin's creation in 2009 to March 2015, 33 percent of all bitcoin exchanges operational during that period were hacked. The figure represents one of the first estimates of the extent of security breaches in the bitcoin world.
In contrast, data from the Privacy Rights Clearinghouse, a non-profit organisation, showed that of the 6000 operational US banks, only 67 banks experienced a publicly-disclosed data breach between 2009 and 2015. That's roughly 1 percent of US banks.
Among the world's stock exchanges, however, security breaches are much higher, with hackers attracted to the large pools of cash moving in and out of these trading venues. The latest survey of 46 securities exchanges released three years ago by the International Organisation of Securities Commissions and World Federation of Exchanges found that more than half had experienced a cyber attack.
Moore collaborated on the research with Nicolas Christin, associate research professor at Carnegie Mellon University and Janos Szurdi, a Ph.D. student also at Carnegie.
In 2013, Moore and Christin wrote a research paper on security risks surrounding bitcoin exchanges when Moore was still a professor at Southern Methodist University.
In the most recent study, the rate of closure for bitcoin exchanges in Moore's research edged up to 48 percent among those operating from 2009 to March 2015. Hacking did not necessarily trigger the closure in each case.
"A 48 percent closure is not acceptable, but not surprising given that bitcoin is a new technology," said Richard Johnson, vice president of market structure and technology at Greenwich Associates.
Profitability is a big problem for bitcoin exchanges, with many of them unable to generate enough volume to keep afloat.
Bitcoin exchanges overall could be launched for as low as US$100,000 up to US$1 million, said Erik Voorhees, founder and chief executive officer of digital currency exchange ShapeShift. That is a fraction of what US forex exchanges are required to put up.
A key factor tied to the risk posed by exchanges is whether customers are reimbursed after closure or after the loss of bitcoins following a hack. Each closure and breach have been handled differently, but Tandy's Moore said the risk of losing funds stored in exchanges are real.
In the case of Bitfinex, which is now up and running after the hack on August 2, customers lost 36 percent of the assets they had on the platform and were compensated for the losses with tokens of credit that would be converted into equity in the parent company.
At Tokyo's MtGox, customers have yet to recover their investments more than two years after closure.
Experts say trading venues acting like banks such as Bitfinex will remain vulnerable. These exchanges act as custodial wallets in which they control users' digital currencies like banks control customer deposits.
"The big exchanges that hold customer deposits are a big target for hackers," said ShapeShift's Voorhees, "and unfortunately most bitcoin exchanges store user funds."
When customers' checking accounts are hacked, there is always a third party at the bank that can step in to deal with the theft.
Not so with bitcoin, said Darin Stanchfield, chief executive officer at KeepKey, a hardware wallet provider. He expects more of these attacks to happen despite efforts to improve security at bitcoin exchanges.
"Unfortunately because of its irreversible nature, bitcoin requires near perfect security."