How does Crypto Exchanges get hacked? Thoughts on the recent Coinsecure fiasco.
Recorded Crypto Hacks & Thefts:
The rising price of cryptocurrency isn’t just attracting investors, but it’s also getting a lot of attention from hackers and online thieves. Many innocent investors have lost their coins to these hackers, with total figure amounting to Millions of dollars worldwide.
Few major Cryptocurrency thefts/hacks/breaches and their probable reasons:
- February 2014–650,000 BTC ($368M on MT.GOX) [Speculated Reason: CEO could control all the funds. No multisignature security]
- August 2016–119,756 BTC ($65M on Bitfinex.com) [Speculated Reason: Too much trust on a Multi-Signature Hot Wallet.]
- January 2018- $500 in Digital Tokens hacked on Coincheck Inc. [Speculated Reason: Single point of failure by an employee’s error. Lack of Multisignature wallet]
The primary reason behind these security breaches:
The concept here is simple, if an exchange stores all your coins in one wallet that is connected to the internet at all times with a penetrable security wall and all access rights to one individual, your cryptocurrencies are at a risk.
Often the breach is caused due to the fact that one individual has access to the wallet without permission from any other party. Which means there is no multisignature security in the wallet could cause the error or breach from one key-holder to compromise the whole system.
The Latest Coinsecure Fiasco:
What could be a better way to keep the Cryptos secure?
Every hack or breach is unique on its own. Some happen due to a security loophole that hackers exploited or some may also be an error from one employee when multisignature authentication is not needed for every change. Here is one possible architecture that exchanges can use to stay least vulnerable.
No Internet, No Hack.
Use of Multisignature cold wallets.
If you keep the maximum number of your cryptocurrencies in a cold wallet, which stays offline most of the time and needs permission from multiple parties for any change in the wallet, you could keep most of your cryptos away from the access of hackers.
Hot Wallet: Checking Account
If you compare Cold Wallet to a Savings Account which you only access in longer durations, Hot Wallet could be called as the Checking Account for the exchange. It has all the cryptos needed in the exchange for easy and quick trading.
Having Hot and Cold wallet allows exchanges to keep only small amount of cryptos exposed to internet, again, ideally with a multisignature authentication.
Blockchain and Cryptocurrency industry is still gaining maturity. Even the smallest leak or loophole in security could be exploited. Hence, it’s extremely important for every exchange to take the security and past occurrences into serious consideration and take relevant measures to avoid such hacks.
With every such breach or hack, scammers get an opportunity to spread FUD and benefit from the market speculation. If you are a crypto-trader, make sure you check the security measures taken by the exchange to keep your funds secure.
Hope this article helped you understand some basics about security on a crypto-exchange.
If you like it, share it with your social community. Let’s all keep this revolution going.
Join CoinDCX Community and let’s keep India at the forefront of the blockchain revolution.
Follow us on: (Website | Telegram Channel| Facebook | Twitter)
#CryptoExchange #MakeinIndia #Security #CoinDCX #TradeCrypto
