Coincheck, one of the largest cryptocurrency exchanges in Japan, experienced an attack that resulted in the loss of $534 million worth of XEM, the cryptocurrency of NEM. The incident, which took place on January 26 2018, is one of the many hacks that have occurred on cryptocurrency exchange platforms. Here is a list of some of the major digital thefts that have occurred within the last four years:
- Coincheck (2018) – estimated loss of $500M
- Nicehash (2017) – estimated loss of $63M
- Tether (2017) – estimated loss of $31M
- Parity Wallet (2017) – estimated loss of $155M
- DAO (2016) – estimated loss of $50M
- Bitfinex (2016) – estimated loss of $65M
- Gox (2014) – estimated loss of $480M
That’s an estimated total of $1.3 billion and counting! Cryptocurrency exchange users are losing billions of dollars’ worth of their digital currency because of the security flaws that are present on these platforms. Most cryptocurrency exchanges are based on centralised platforms, making them highly vulnerable to sophisticated hackers. One would think that these exchanges would reinforce their security systems as much as possible to ensure the safety of their money – and their users’ money too.
I reached out to several cryptocurrency and blockchain security experts to gain their insights on what cryptocurrency exchanges can do to improve the level of security on their platforms.
Miko Matsumura is the co-founder of Evercoin, a non-custodial cryptocurrency exchange. Jeff McDonald is the Vice President of the NEM Foundation, a blockchain platform known for having features like multi-signature account contracts, customisable assets, and encrypted messaging. Paul Makowski is the CTO and Co-founder of Polyswarm. The core Polyswarm technical team is a spinoff of Narf Industries. This core team was contracted by the US Department of Homeland Security to conduct fundamental research into building confidentiality controls in a blockchain environment.
From my conversations with these three experts, I was able to combine their recommendations into the following points. Cryptocurrency exchanges should ensure that they have the following:
1. Cold Wallet
This is also known as a hardware wallet. A cold wallet is a form of offline storage that is far secure than an online wallet – also known as a hot wallet. Hardware wallets are immune to computer viruses and online infiltration, making them a safer option for currency storage. Cryptocurrency exchanges should ensure that they limit the funds in their hot wallets and store the rest in an offline wallet, with extensive security, to ensure that the majority of their funds are safe from malicious attacks. Exchanges should also try to avoid asking users for their private keys or storing users’ funds on their platforms.
2. Annual Penetration Tests
Cryptocurrency exchange platforms need to ensure that they have regular audits on their platforms to ensure that security is at its peak at all times. Many exchange platforms are failing to ensure this and this is why they are succumbing to attacks. As mentioned earlier, these exchanges house valuable currency, they cannot afford to be slack with security and penetration tests on their platforms. These audits must be taken by reputable, professional companies that will be able to offer information and guidance that will benefit the security of cryptocurrency exchange platforms.
3. Bug Bounty Program
Makowski mentioned that Polyswarm makes use of bug bounty programs to continuously update security on blockchain platforms. Bug bounty programs incorporate the skills of white-hat hackers (“morally good” hackers) to discover flaws on security platforms. These users are rewarded for their work. Bug bounty platforms, however, are not a substitute for the rigorous third party audits exchange platforms are meant to undertake. These programs simply serve as a complementary addition to ensuring that security is a reality within the cryptocurrency world.
In summary, cryptocurrency exchanges need to step up when it comes to the security on their platforms. Whether they are centralised or decentralised, these exchanges need to ensure that user funds are safe. This is not just for their own benefit but for the benefit of the cryptocurrency and blockchain world as a whole. Blockchain technology’s major advantage is security. But the public will fail to see this if cryptocurrency exchange platforms continue to be infiltrated as a result of negligence. I believe that improved security on these platforms can become a reality if these exchange platforms rise up to the task.
Editor’s note: e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.
Featured Image Copyright: 123RF