Exchanges, absence of solutions after hacked

One announcement was posted on cryptocurrency exchange Youbit, on Dec.17th, 2017. It was about the company is filing for bankruptcy because of the critical loss from hacking attacks to coin wallet.

“The total loss of the coin is 17% of the total assets and there are no other further losses.” From Youbit,

“ It is less proportion loss compared to last April, however, executives from Yapizon corp, which is conducting cryptocurrency exchange Youbit, decided to suspend trading, deposit and withdraw and go through a bankruptcy process from Dec.19th,2017”. It was a dreadful disaster for people who is trading their cryptocurrency through Youbit.

Incessant doubt about crytocurrency exchanges doesn’t seem to be ended soon. It is easy to find complaints about exchanges in cryptocurrency community such as ‘Moneynet’ or ‘CoinPan’. Investors are worried about the trustless security of exchange, not even hacking, rarely but occasionally happened ‘server down’ could be an another factor of their suspicious concerns.

Kwon Seok-Chul, the ceo of the Cuvepia and the first generation of the cyber security in domestic strongly asserted that in fact, there are no any solutions to prevent hacking attacks previously, which is now issued in exchanges. He pointed out that “the level of security is not satisfied at all and even government is having hard time to make any counterplan for that”.

We,Sisa Journal, had a meeting with Kwon to talk about the security of domestic cryptocurrency ecosystem at the Cuvepia office located in PanGyo, Gyeonggi, on Jan.11th,

Distrust towards the security of exchanges still remains same.

“Its security has not yet to be set up as the level of security which traditional finance have been built up for long times, not only the internal surveillance, but also external observation to hackers. Recently, exchanges tend to put more attention on the security, but still vulnerable to the response after hacked. Hackers don’t just knock the front door to come in. They sneak in with different methods, hiding in files and the like.

What hackers could get after hacking exchanges

“You can find all information in the exchange server. Every personal information and even can deal with the ‘Hot Wallet’ (checking account) which exchange owes. Hackers attack this point and transfer information to their safety zone. In case of cryptocurrency, the private doesn’t have their own coins. Exchange keeps every assets from customers and what we only have is the numbers which have shown on our monitor.”

“Take coin away from Wallet with PC Malware”

How do they attack?

The easiest way is to send malware to your PC. However, this is not sent to the security officials of the exchange, but to the unrelated departments such as the human resources team or the general affairs team. For example, sending an application to the Human Resources Team and including malware in it. Those malware is unknown code that hackers newly created, couldn’t be detected with an existing vaccine. That is the most common method currently used by hackers, called APT (Advance Persistent Threat). After planting malicious code on a specific computer of the exchange, they check the pattern, observe and pick up the loose time to sneak into.

In the meantime, who has mainly been hacking the exchange.

“It’s hard to say. There are individuals and also groups. For example, there has been a strong suspicion of North Korean behavior since last year. It was a hack that occurred in ‘Bithumb’ last June. Unlike the code that North Korea wrote in the past, quite similar code appeared. When we trace this backwards, we are able to see the IP addresses used by North Korea. But the IP address is washable and you do not know exactly what it has taken over. Moreover, if it is an individual, it is more difficult to trace.

Last December, Youbit was hacked and driven into a bankruptcy crisis. However, investors have had considerable doubts about this process. Some have argued that it is “planning bankruptcy” or “internal bribery.”

“It’s very difficult to say exactly how. In terms of hacking, it is best to move inside. But there is no evidence at all. There might be a suspicion, but it cannot be concluded. If insiders drop their ethics, it’s not actually impossible.”

Is it true that Hackers are connected to forces?

“One of the backgrounds why cryptocurrency prices has skyrocketed is hacking. When Ransomware hacked all around the world, hackers received cryptocurrency such as bitcoin as a reward. The Ransomware malware tool called “Warner Cry”, which came out in last May, was suspected of being a North Korean act. All hackers using this tool have received a bitcoin as a reward. At first, the price was low enough to pay easily with it. However, as demand picked up steeply, the price had begun to rise and later it went up to the ceiling. Eventually, the cryptocurrency was bubbled.

When a domestic web hosting company called “Nayana” was hacked, hackers demand 1.3 billion won of bitcoin. This represents that if North Korea operates their own cryptocurrency exchange abroad since cryptocurrency is traded globally, they can raise a lot of money through this. A terrorist group, IS, is also available to participate in, operates exchange in the United States or Japan inside the dark where no one can notice.”

Give the hacker a sense of fear by introducing a bold system

Recent exchanges are often interrupted. Investors are furious with the expression “it exploded” because of this.

“It may have been manipulated. If we say stocks, we can capture and monitor momentum when the market is soaring or plummeting, but the cryptocurrency exchange does not have such a system. If there is a record of whether the server is turned off or turned off intentionally, it would come out immediately, but there is no regulation at present, so we cannot confirm it. “

How could the regulation of the security be imposed?

“I think the government is in quite awkward situation in terms of cryptocurrency security. If they want to check the security, they should admit it in the system, however, they yet to accept cryptocurrency as a part of system, so there comes a contradiction. There is also a side in which the cryptocurrency exchange industry uses this skillfully. If it is approved by the government, it is good to be incorporated into the system, and if the government didn’t accept them, they just slip out of the country and go abroad. To introduce regulation, it must be analyzed and introduced boldly. Hackers move with confidence that they will not be seen. The government should introduce the safeguards for people to give hackers a fear that they could be caught by the program as well.

Original source : http://www.sisapress.com/journal/article/173319