Top 4 Security Risks: How Crypto Exchanges Can Mitigate Them
The second half of last year saw the emergence of Web3, a concept which lent new life to what many perceived to be a stagnant Internet industry.
As economic tokens of this future Internet age, digital assets such as Bitcoin, Ethereum, MATIC and FLOW have, likewise, gained public attention. However, new entrants to the cryptocurrency space are often unaware of how digital asset transactions function and how secure such processes are.
The function of a digital assets exchange is similar to that of a traditional bank. A digital assets exchange not only fulfils transactions and payments but also provides asset management, asset settlement and matchmaking trading services.
Due to growing popularity of digital assets, recent years have seen many exchanges fall victim to cybersecurity attacks that resulted in the thefts of user assets. The aftermath of such attacks were often severe — some exchanges fell bankrupt overnight and user assets were permanently lost. It is no surprise that such negative incidents would lead to much trepidation should users be considering trading or investing on cryptocurrency exchanges.
What is the nature of security attacks that cryptocurrency exchanges usually face, and what can exchanges do to counter these attacks and protect their users? The following lists four major security breaches that exchanges are susceptible to, and how digital asset exchanges can counter such threats.
🔹 1. APT (Advance Persistent Threat)
Advanced Persistent Threat (APT) refers to a insidious and persistent process of computer intrusion, usually orchestrated by certain individuals on a specific target. Where cryptocurrency exchanges are concerned, APT generally refers to a hacking process where attackers collect data on business processes and target systems before an actual attack. During this collection process, the APT actively exploits vulnerabilities in the identity management systems and applications of the attacked object, lurks by installing malware through emails and other phishing methods, and then attacks using the vulnerabilities and exploits discovered.
🔹2. Excessive Use Of Hot Wallet Storage
Vulnerabilities associated with hot wallet storage can be viewed as the low-hanging fruit for hackers. This risk mainly arises from the vulnerabilities of an IT system, less than secure private key storage methods, and low security awareness. For example, exchanges usually store private keys in their databases. Should a hacker infiltrate the database and obtain its data, the private key can be easily compromised, giving cyberthieves easy access to hot wallet funds.
🔹3. 51% attack
51% attack, also known as Majority Attack, happens when a malicious user in a network acquires control of a given blockchain’s mining capabilities. With this level of control, attackers will have more than 50% mining power and can mine faster than everyone else.
Attackers can use the control they have acquired to stop the confirmation and order of new transactions. These malicious agents can then rewrite parts of the blockchain and reverse transactions. For example, a transaction block could be generated before the transaction is successful. In such a case, the digital assets in the transaction would effectively be used twice.
🔹4. Distributed Denial-of-Service (DDoS)
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS attacks can cause many computers to be attacked at the same time, making the target of the attack unable to be used normally. DDoS attacks have appeared many times in history, resulting in many large websites paralyzed. Digital currency exchanges are often targets of DDoS attacks.
🔥How Huobi Global mitigates risk
As a world-leading crypto asset exchange that has been operating with zero major security incidents for nine years, Huobi Global has an independent and professional security team comprising individuals who possess rich experience in blockchain and wallet security, APT intrusion countermeasures, and user asset protection. Having been intimately involved in the digital asset industry for many years, the Huobi Global team possesses a solid understanding of security incidents in this industry and has formulated a series of detection and response measures to ensure exchange and user safety.
Huobi Global adopts hot and cold wallet separation, multi-signature, and threshold signature technologies to ensure the security of the private key signature process. Huobi Global has allocated US$1.05 billion worth of assets to be stored in hot wallets, while the majority of users’ assets are stored in multi-signature cold wallets, thereby heightening security for a large portion of funds
Huobi Global uses self-developed security hardware to ensure the robustness of its storage capabilities. At the same time, the safety of each operation process is ensured through several mechanisms such as strict specification requirements, process standards, minimum authority, multi-person back-to-back isolation operation. At present, Huobi has a total of 15 private key controllers and adopts a multi-signature mechanism, thereby ensuring platform funds will not be compromised due to the actions of one or several individuals. To date, Huobi Global has not suffered from any security incidents caused by cyber attacks on its network.
Ensuring the security of its exchange and user assets is a core value that Huobi Global’s senior management team abides by. Resilient security processes will help build trust and spur development in the digital assets space, says Huobi co-founder Du Jun.
Comprehensive security measures adopted by exchanges in the areas of network security, blockchain security, wallet management, user asset protection and application security will contribute greatly not just toward the digital assets trading space, but the progress of the blockchain industry as a whole.