10 Top tips: How to make a cryptocurrency exchange secure

Security of crypto exchanges is the number one concern of traders. If they give attention to some security features as outlined in our top tips, exchanges could go a long way to increase user confidence.

Hacking and crypto exchanges have become almost synonymous in people’s perceptions. Some say that as many as a third of all exchanges have been hacked at some point. This might be unfair, given the relatively few losses there have been. Unfortunately, some breaches have been quite spectacular and they have been well publicized.

So, providing proper security has become a key focus of exchanges — and also of potential users. They want to know exactly what the exchange has done to ensure the security of their investments.

We’ll have a quick look at why some of the hacks happened, and then at some of the most important security features, you should be on the look-out for. We’ll also look at the security features that are being proposed by the start-up Bit.Team decentralized exchange.

How does hacking happen?

An online survey of traders on the Encrybit exchange found that security was traders’ number one concern.

Some good examples of security breaches are given in a Medium article called “Crypto exchanges — the good, the bad and the ugly”:

· Mt Gox: Theft of hot wallet private keys, which at that time were not encrypted. Plus, there was an error in the system that did not recognize that wallets were being emptied, and actually read some of the movement as deposits. There was a very poor accounting system and poor adherence to tax and registration regulations.

· Bitstamp: Hackers undertook Skype phishing of Bitstamp employees. They then stole the employees’ credentials and hacked one of Bitstamp’s storage wallets.

· DAO: This was caused by a bug in the system itself. It highlighted the need to improve encryption in smart contracts.

· Bitfinex: There was a vulnerability in the multi-signature wallets.

· Coincheck: $530 million coins were stolen from hot wallets.

· Bithumb: Hacked twice within a year despite the company spending nearly $10m per month on security measures. Hackers are thought to have used phishing to get user details.

One trading attack on Binance, using a combination of phishing, fake orders and coordinated bots, was fortunately blocked. Phishing is clearly a problem. Harry from MyCrypto has written a number of articles on really clever and difficult-to-detect phishing tools. He has described attempted attacks on Binance and HitBTC exchanges. If you’re technically minded, or are involved with domain security, it might be worth reading the articles in their entirety. He also maintains a working directory of known phishing and scam domains at https://etherscamdb.info

It seems that the most common causes for security breaches have been exchanges holding funds in hot wallets (connected to the internet) instead of cold wallets, individual vulnerability to phishing, and weaknesses in wallets and smart contracts.

Not listed in these examples, but also a cause for concern is that when exchanges list coins they may come with security risks if their developers were not skilled enough.

10 Top security tips for cryptocurrency exchanges

Centralized exchanges are more at risk as they represent a single point of failure. Decentralized exchanges, while not risk-free, are better protected against hackers. Data on the blockchain is immutable and hackers can’t change it. Also, transactions are generally P2P, with no third party involved.

However, there are ten top security tips for all exchanges, covering the following topics:

1. Wallets and cold storage

2. Encrypted passwords

3. Two-factor authentication

4. Multi-sig

5. Specialized web wallets

6. Trade alerts

7. KYC integration

8. Cloud servers

9. File uploads

10. Technical expertise

1. Wallets and cold storage

Nobody can actually store cryptocurrencies. They are just transactions registered against a particular address on the blockchain. A wallet is a device or a website that stores the keys to the address. If you have the keys, you can access the funds.

So cold storage is all about how you protect the keys in the wallet. If the wallet is connected to the internet it is called “hot” and it can potentially be hacked. “Cold” wallets are not connected to the internet. These can be hardware wallets, which are USB devices that store the wallet information, software wallets that store the information on PCs, phones or tablets that are not linked to the internet, or paper wallets (information written on paper and stored in a safe place).

For more information on wallets read Wallets for dummies — how to protect your crypto

Most centralized exchanges hold the keys to clients’ wallets. In fact, the clients’ funds are simply entries on the exchange database. The problem for exchanges is that people want quick access to their funds, especially if they are actively trading. So many exchanges keep access to too many funds in hot wallets. This leaves them open to hacking risk. The recommendation is that at least 95% of all funds held by an exchange should be in cold wallets or in cold storage.

A particular form of cold storage is “air-gapped chilly stockpiling”. This involves isolating a computer or network that is holding the key information. This can be on a PC, tablet or another device that is not connected to the internet, and that also cannot establish a connection either wirelessly or physically. Strict control is required to keep the devices away from the walls and the cables of other devices. No mobile phones should come near to these devices.

2. Encrypted passwords

Exchanges should set minimum standards for passwords to ensure that they are strong enough. Passwords should also be stored as encrypted values, perhaps using a one-way hashing algorithm such as SHA (Secure Hash Algorithm). Even exchange staff should never be able to view the password in plain text.

“Salt” is random data that can be added to the password during the encryption process. Salting makes it even more difficult for hackers to access passwords.

3. Two-factor authentication

One of the most important security features for wallets is two-factor authentication (2FA). This means that when you try to instigate a transaction you will be required to provide a second level of authentication to the request. So, you will need a password or pin plus a second entry. This is generally in the form of a message from an Authenticator app (eg Google Authenticator) to your PC, phone or tablet, asking for you to enter a special code. Some 2FA systems are based on physical attributes like voice, smell, fingerprints, heartbeats, facial recognition, hand geometry or retina scanning.

4. Multi-sig wallets

A multi-signature wallet requires two or more “signatures” before a transaction will be approved. This means that more than one private key will be required. If a hacker or a phishing attack manages to get one private key, the wallet will still be secure.

5. Specialized web wallets

You have a choice to have a “client-side” wallet, which means that you have the wallet stored on your own PC, USB, paper, etc and you are completely responsible for security. Or you can have a web wallet, that is hosted by a third party, and that you can access from anywhere. This third party would have to be trusted as they might have access to your keys. They provide convenience, and can, if reputable, provide better security for your keys than you can for yourself. The danger is if the service is hacked or if the service goes down, either temporarily or permanently.

Some companies provide specialized high-security web wallets. BitGo is a good example. It has high-security features that can easily be integrated into exchanges — ie an exchange will offer a client a BitGo wallet rather than an internally developed one. It might be seen as an extension to multi-sig wallets and requires 2-of-3 keys.

In this wallet, there are three keys, one held by the web service and one, plus a back-up, held by the user. The back-up is stored completely offline (on a USB or paper) and is never seen by the service. It is used only if the server goes down. The other two keys are encrypted and protected by strong passwords. The user’s key is encrypted with a password that the server has never seen. Both are needed for any transaction, and require 2FA too, as an additional layer of security.

Security is provided in several ways:

· A hacker would have to break into both the web service and the user’s private computer to get both.

· The service can’t initiate a transaction by itself

· Stealing the user’s online password or key is not sufficient to steal funds.

· Malware on the user’s computer can’t steal funds

· A user can give details of keys to trusted family members or a lawyer, but only one key to each person, so they would have to collude with each other to initiate any withdrawal.

Some the BitGo features (which should be applied by any exchange wanting to offer its own wallet) include:

· Multiple admins or multiple signatures to authorize any transaction

· Limits — per hour, per day, or per transaction — to restrict the amount that can be transferred without special authorization

· Freezing of wallets in emergencies

· The addition of a “warm wallet”. This is a wallet that is programmed to send only to the cold wallet or hot wallet of the owner. This means that if the wallet is hacked it cannot be requested to send to someone else.

· Programming so that all deposits go into the warm wallet, which is restricted from sending to anywhere but to the owner.

· All send transactions can then be via the hot wallet.

6. Trade alerts

A useful security feature is to provide alerts to users via SMS, email or Telegram every time there is a transaction on their wallet. Users will then know if there is any unauthorized activity.

7. KYC integration

While KYC may be seen as an intrusion into privacy, imposed by regulators, it can also be seen as a security feature. Some companies, like ComplyAdvantage, provide KYC as a service to exchanges. The service is AI- (Artificial Intelligence) backed and will monitor transactions and pick up on any suspicious behavior.

8. Cloud servers

Some exchanges use services such as Amazon Web Services (AWS) to store data and make it available for data analytics. It’s possible to add additional encryption features as an extra security layer.

9. File uploads

Any file that is uploaded to a site can be a website security risk, as it could contain a script that opens up your website when it is executed. It’s particularly important to check file extensions and mime types as these can easily be faked. Limiting file uploads, establishing checking protocols and firewalls, locking down directory and file permissions are some of the solutions.

For exchanges, the risks that apply to all websites are even more amplified. It is particularly important to undertake extensive checking of the coding of any new coins or tokens being listed on the exchange to ensure that vulnerabilities are not introduced.

10. Technical expertise

No number of technical features will remove the requirement for exchanges to maintain strict 24/7 monitoring of all transactions and patterns of behavior. The attempt to manipulate the Viacoin price on the Binance exchange, for example, was stopped because of the vigilance of the technical staff who recognized a strange trading behavior.

The credentials of the teams that own and manage exchanges either can become a security risk, or they are the defense for the exchange.

Until an exchange has developed some credibility in the market, users are well-advised to properly research the teams before they decide to entrust them with their funds. Websites and whitepapers generally give some information, and there are comments on forums and in reviews.

Security features on the Bit.Team decentralized exchange

The Bit.Team exchange has implemented a number of security features, as well as having security level settings that users can select for their own needs.

The main security features include the following:

· Optional two-factor authentication (by means of Google 2-step verification or notifications with a secret code in Telegram)

· Obligatory confirmation of all withdrawal actions by means of an e-mail

· Special system of analysis of the behavioral factors of the account (comparing the IP addresses of the login and analysis of the actions on the account)

· Management of the actions on the account by a special security department

· Limits on the size of transactions unless KYC and AML verification procedures have been complied with

A unique security feature of the Bit.Team approach is their “blocked deposit” system. Cryptocurrency is blocked on the seller’s account until the buyer makes the payment, after which it is immediately transferred to the buyer’s account. The platform thus guarantees both the cryptocurrency and the payment.

Each trader will receive a rating on the website, based on the number of successful transactions undertaken. Traders can also leave reviews about others. A badge on the site will identify traders that can be trusted.

It seems that Bit.Team has tried to balance convenience for users with security. This is reflected in the choices given to users. They may perhaps need to relook at this in light of widely accepted recommendations for security.

What security measures should exchanges implement?

Exchanges may hope to attract customers through promises of special trading features and cost structures. However, user confidence is key. If exchanges do not ensure strict security measures as outlined in our top tips, their chances of long-term survival may be slim.