Security of Cryptocurrency Exchanges
In response to the recent hacking attack on the Japanese exchange Coincheck, resulting in the loss of $534 million in NEM, the issues of crypto-exchanges security are again at the forefront of public attention.
As practice shows, many users of cryptocurrency exchanges do not understand the basics of its functioning, overestimating the degree to which they really own their assets. Recently Bloomberg’s columnist Tim Culpan did an interesting experiment in his Twitter. He asked his audience the following question: «A customer who’s never traded crypto buys 1 BTC on a centralized exchange for $15,000 and leaves it there. What does the customer have?». As a result, 50% of users chose the option «1 BTC less fees», while the correct answer is «Zero». While your funds are on the exchange, you technically do not own them — therefore it is very important to understand how the crypto-exchange can ensure the safety of your assets:
– «Cold» storage of funds – i.e. the exchange uses “cold” offline wallets instead of «hot» ones connected to the Internet and therefore less hacker-resistant.
– Transition to decentralized exchanges, which allow users to trade directly with each other. However, in this case the responsibility for the safety of funds lies fully with the users – most likely, hackers will simply start attacking private wallets.
– Two-factor authentication and multi-signature, which make hacking and transferring funds from a wallet extremely difficult for attackers.
In the case of Coincheck, it is obvious that the exchange was externally vulnerable: all users’ funds were stored on «hot» wallets, the multisig technology was not implemented. Therefore, such an outcome was, in some sense, expectable.
But not all crypto-exchanges have such security issues. According to the Research by Cambridge Center for Alternative Finance 2017, 92% of cryptocurrency exchanges use some type of cold storage system and keep 87% of total funds in cold storage. 77% of exchanges offer their clients 2FA for withdrawal of funds and 86% of large companies support multisig-architecture. Moreover, 80% of large cryptocurrency exchanges use external security providers, usually three or more, to ensure the safety of funds.
ZODIAQ also plans to take this path and draw on external experts to secure its system. The ZodEx cryptocurrency exchange will start operating as a centralized one, but within a year a separate decentralization unit will be launched. When opening an account, the user will be able to choose one of the modules: centralized or decentralized. Also, the exchange will support two-factor authentication and multi-signature wallets. By the way, ZodEx has already been launched on test nodes – follow the link http://exchange.zodiaq.io to access it, register and check the availability of trading instruments.
1) Global Cryptocurrency Benchmarking Study //https://www.jbs.cam.ac.uk/fileadmin/user_upload/research/centres/alternative-finance/downloads/2017-global-cryptocurrency-benchmarking-study.pdf