With the recent hack of Japanese crypto exchange Zaif, the time for increased and impenetrable security is greater than ever. This article examines why large parts of the public will continue to remain hesitant in getting involved in crypto unless the current status quo is improved.
In the past week, another hack was carried out on a crypto exchange. This time it was Japanese exchange Zaif. On September 14th Zaif’s deposit and withdrawal feature suspiciously stopped working, resulting in massive inconvenience to users. After further investigation, it was revealed the issue was not caused by previous old wallet maintenance issues, but rather the exchanges hot wallets had been breached by malicious third parties, who have yet to be revealed.
— CryptocoinTALK (@cryptocointalk) September 19, 2018
After an internal investigation, it was discovered that a staggering ~6000 Bitcoin and unspecified amounts of both Monacoin (MONA) and Bitcoin Cash (BCH) were stolen. The losses equated to approximately $60 million, as of this writing.
While the losses are tremendous, sadly this latest hack is in a long list of crypto exchanges having their security compromised by unauthorized individuals, resulting in millions of dollars being stolen.
Current Exchange Issues
The various issues plaguing currently centralized exchanges have been well documented, but the ones which by far cause the greatest number of issues are:
The vast majority of major exchanges such as Huobi, Binance, and Okex all have strict KYC and AML regulations to be followed, as such to allow users to withdraw their funds. Due to the single point of entry, these centralized exchanges are vulnerable to security breaches and data thefts. The matter is further compounded as many of these exchanges will store sensitive personal information such as passports, driving licenses other forms of social security numbers.
It’s a commonly shared sentiment among crypto enthusiasts that if a project fails to list on a high volume and popular exchange, its chance of success will be significantly reduced. This widespread culture and thinking have resulted in the largest centralized exchanges being arguably among the most powerful organizations in all of crypto. For these exchanges to prosper, massive trust is placed in them by users that their funds and personal information will be safe.
But, as we have repeatedly seen, data hacks and thefts are still all too commonplace. This doesn’t bode well when the community is required to place substantial faith in their ability to execute the required services without any security compromise.
Current Security Status of Cryptocurrency Exchanges
In January this year, the security platform Sqreen carried out an analysis of 140 cryptocurrency exchanges for basic security issues that should be implemented by default. The following table summarizes their results:
The company explained their findings as:
‘…less than 40% of them are using headers like the Strict-Transport-Security header or the X-XSS-Protection header. 20% expose server information which isn’t a security vulnerability in itself but that clearly shows the low level of security best practices implemented. And 26% of them use frontend libraries with known vulnerabilities. Only 2% implemented a Content-Security-Policy that, if done well, can offer powerful protection against clickjacking or XSS….’
The report further questions if there is any correlation between volume traded and security. But that was also a resounding no.
‘The 10 biggest crypto exchanges have an average grade of 3.8 out of a maximum of 10 and a median of 4.5.’
As very clearly the report points out, there was still substantial work to be done before exchanges offered the correct amount of security for its users.
Examples of Previous Exchange Hacks
Mt Gox (2011/2014)
Easily the most infamous of all exchange breaches, the ramifications of the hacks are still felt even to this day, as users are yet to be fully reimbursed for their losses. Mt Gox was hacked twice, first in 2011 then again in 2014. The hack in 2014 led to the exchange filing for insolvency. Altogether a sum of 850,000 BTC was stolen. This equates to approximately $700 million in monetary terms at the time, currently, it would’ve been worth closer to $2 billion.
The second largest hack in the history of Bitcoin was suffered by Bitfinex. 120,000 BTC, which then was worth $72 million was stolen. Bitfinex entered into a partnership with BitGo in 2015, to increase security and liquidity options for its users, by spreading the private keys for its multi-signature wallets. However, when hackers attacked the Bitfinex servers, they got Bitfinex to authorize the illegal withdrawals as well as managing to evade BitGo’s security measures too- the price of BTC dropped by almost 20% as a result of the hack.
BitGrail at the time was a relatively insecure and unproven centralized exchange. However, they were among the few exchanges that were willing to list NANO (RaiBlocks the time).
NANO on BitGrail have been stolen.
Unfortunately there is no way to give it back to you at 100% (we only got 4 MLN XRN right now).
The devs, as you have guessed, dont want to collaborate
— Francesco The Bomber (@bomberfrancy) February 9, 2018
Over 17 million NANO tokens were lost, worth roughly $175 million at the time. However, the hack was met with widespread suspicion from many users. BitGrail at the time announced AML and identity verification procedures despite not actually dealing with government currencies or banks. This made many suspect that the exchange was gravitating towards an ‘exit scam.’ The hack resulted in a 20% drop in NANO prices.
Several other examples of hacks include:
$60 million (4,000 BTC)
$534.8 million (523 million NEM)
$40 million (Various Tokens)
$3.3 million (438 BTC)
What Are The Solutions?
This past weekend, at the Vietnam Cryptocurrencies and Digital Assets Dialogue 2018 event, Huobi Head of Marketing Ethan Ng, addressed comprehensively this very issue.
Throughout his speech, Ng emphasized Huobi’s commitment to protecting the client’s funds and installing a variety of mechanisms to ensure maximum exchange security. Several main points of the Huobi security architecture were:
▶Huobi User Protection Fund- Huobi will use 20% of their income to buy back the maximum number of HT as possible, The bought back HT will then be used for the purpose of reimbursing or compensating users who may have been victims of any potential Huobi platform security breach.
▶Huobi Security Reserve- This new reserve will have a total allocation of 20,000 Bitcoin, currently residing on an independent address. These coins as will also be used to compensate for any losses on the Huobi platform.
▶New rigorous wallet protection. Huobi will store 98% of clients funds much more secure cold wallets, rather to the universally recognized much insecure hot wallets.
▶Huobi has introduced its new SMARTChain evaluation model. This will provide much stronger internal procedures to prevent fraudulent coins being listed and allow for separation between good and bad projects.
▶Making 2FA mandatory for all clients to deter unauthorized users.
▶Vigorous cybersecurity protections aimed at preventing criminal intrusions, via third-party penetration testing and a full-time security staff trained in the Bitcoin protocol, double spending, and transaction malleability.
Will This Work?
My personal opinion on the matter is that I truly hope it will be a resounding success. Security is a fundamentally important foundation on all aspects of life. If people don’t have security in their jobs, their homes, their social circles or whatever scenario they find themselves in, that person will lead to feeling hesitant, insecure, stress and many other negative emotions. So suffice to say, security is vital for the make-up of human beings.
That being said when the matter concerns financial services, security has an extra layer of added importance and much more increased significance than it otherwise might have in different industries. This is due to the sensitivity and highly serious nature of the topic.
If cryptocurrency is to achieve the ultimate goal of providing a new technologically innovative solution for the masses, then the security of existing exchanges has to increase-period. There have simply been too many hacks and data thefts for an up and coming industry to be a part of. Situations like Mt Gox and Coincheck will only increase the apprehension of new users and existing ones of placing their faith in exchange services and consequently prove to stagnate and maybe even reduce the progression the industry has so far seen.
The measures introduced by Huobi are being implemented with great intentions and should be the industry standard across the board.
Only once this has been achieved and validated, can the public truly embrace cryptocurrency and the benefits it can provide ?
Disclaimer: Please only take this information as my OWN opinion and should not be regarded as financial advise in any situation. Please remember to DYOR before making any decisions ?
Please check my BlockDelta profile for full contact details.