You might have seen the many screaming headlines about the digital currency bitcoin “plunging” or “plummeting” after a major exchange was hacked. Indeed, the price of bitcoin fell as much as 16% on Tuesday, hitting a low of $512, but it has since rebounded back up to $590. The bitcoin exchange that was hacked, Bitfinex, may not be as lucky.

Hackers stole nearly 120,000 bitcoins from Bitfinex, which is based in Hong Kong and is the largest bitcoin exchange in the world by USD volume. (The next largest bitcoin exchanges are itBit, Coinbase, and btc-e.) The coins amounted to about $65 million at the time of theft. Bitfinex had seen just over $400 million worth of trading volume in the past 30 days, putting it first among the many bitcoin exchanges out there now.

Bitfinex halted all trading and said in a statement that it is “continuing to investigate the hack and cooperating with authorities and the top blockchain analytic companies in the space to track the stolen bitcoins.” But it’s unlikely it can ever get the stolen coins back; the problem with a bitcoin transaction is that it’s irreversible. One user on Reddit posted after the hack, “My entire life savings for last 12 years are/were in btc balance on bitfinex… Looks like I could be financially ruined.”

Price of bitcoin in August More

Ironically, the hack potentially could have been avoided if Bitfinex had been securing customer coins using “cold storage.” It is ironic because the currency’s entire raison d’etre is to be digital money, and yet it is most securely protected using the physical, offline world.

To explain: Bitcoin transactions have to be made using multiple private “keys.” A key is simply a string of numbers and letters that are specific to one user. When you want to buy or sell bitcoins, you typically need to type in more than one of your keys to authenticate the transaction. “Cold storage” does not actually refer to literally storing your bitcoins offline (you can’t store them anywhere, since they are not tangible) but to keeping one or more of your “keys” offline, written somewhere not connected to the Web in any way.

Not so long ago, if someone wanted to go rob a bank, they had to go into the bank in person. But as Darin Stanchfield, CEO of bitcoin hardware wallet maker KeepKey, says, “These systems are all online now. So it’s not just bitcoin, every system has these vulnerabilities.”

In the case of bitcoin, you can choose how many different keys you have, and if an attacker can hack into a connected computer, then it doesn’t matter if you have two keys or six. Put simply, the hacked machine is already communicating with the other machines that have keys, so a hacker can easily see where else to attack to get the other keys. Unless you have a key saved or written somewhere off the grid, in “cold storage,” which simply means stored somewhere in the physical world, somewhere the Internet can’t see it.

KeepKey sells a simple $99 fob that communicates with the Internet, receiving a private key when you’d like to make a transaction. It’s the same concept as companies that issue fobs to access work e-mail remotely. Without the physical fob, the transaction won’t go through.

KeepKey says that in the last 24 hours after the Bitfinex hack, it sold more than double its daily sales average in cold-storage fobs.

Alternate forms of cold storage for a bitcoin key could be: on a notepad in your apartment; on a piece of paper in your wallet (a “paper bitcoin wallet”); written on some other physical item; on a USB drive (though those have their own security issues and can be dirty with viruses); or online, but in some other encrypted format where the encryption key is saved offline.

Bitfinex did originally use the cold storage method. But after the U.S. Commodity Futures Trading Commission (CFTC) charged it with facilitating illegal off-exchange commodities trading, Bitfinex settled in June and paid a $75,000 fine. As part of the settlement, Bitfinex switched its security system to “segregated multi-sig” (multi-signature, where keys are divided up among multiple owners to mitigate risk) wallets protected by an outside security provider, BitGo. Lo and behold, two months later, it got hacked.