It is no secret that cryptocurrency exchanges remain one of the main goals of cybercriminals. However, according
to information security company Veracode, which specializes in application security, the problem is also in the presence of serious security gaps in such sites, the administration of which does not bear serious responsibility to users.
How do cryptobirds attack
The technical director of Veracode, Chris Wysopal, presented the results of the crypto-security security research at the Collision conference, which took place in early May.
The expert spoke about a number of hacks that led to serious losses for investors in cryptocurrency, and said that in many cases they could have been prevented. Here are just some of them:
- In 2016, an error in the code of the smart contract hackers to carry out transactions in the network of the project DAO (Distributed Autonomous Organization) - as a result, Ethereum funds equivalent of $ 50 million were stolen .
- In August 2016 Bitfinex crypto-exchange was attacked, as a result, attackers stole $ 73 million worth of cryptocurrency. This was possible because the access keys to the wallet were stored online, not offline (cold storage).
- In January, cybercriminals attacked the Coincheck exchange, stealing $ 534 million. Again, this was possible due to the fact that the Japanese market kept money in a “hot” wallet.
- In February, the Ukrainian Coinhoarder Cyber Group stole $ 50 million from Blockchain.info wallet users - for this they launched an advertising campaign of the fake project site on Google. Since then, Google, Facebook and Twitter have completely banned the promotion of cryptocurrency related topics.
How to protect
According to Weisopal, the lack of regulation of the cryptocurrency sphere negatively affects the security of investors. The administrations of the exchanges do not bear serious responsibility; therefore, they can afford to be frivolous about security - something that cannot be found in organizations of the traditional financial sphere.
Therefore, the expert advises users of cryptocurrency to take care of the security of their funds independently. Among the precautions are the mandatory use of two-factor authentication, the creation of separate mailboxes for the registration of cryptobirge accounts and the use of offline wallets for storing cryptocurrency.
What about security on traditional exchanges
Cybercriminals are turning their attention to traditional exchanges - we repeatedly wrote in a blog about
attempts of such attacks . At the same time, security systems on modern, including Russian, stock exchanges, are built quite well. For example, in 2015, our country established its own information security center, actively exchanging information with banks and stock exchanges. In 2016, the Moscow Exchange completely switched to the new information architecture and updated the equipment in order to minimize losses from technical failures.
If we talk about the security of a brokerage account of a particular person in comparison with a bank account, then the likelihood of hacking exists always - theoretically, an attacker can access it by stealing encryption keys and a password (for example, using a spyware program).
At the same time, it will be much more difficult to withdraw and withdraw funds - the fraudster will have to start manipulating the securities, selling or buying them from the victim’s brokerage account at unprofitable prices. However, this requires serious skills in financial markets that most hackers do not possess. The exchanges today limit the maximum range of price fluctuations during one trading session, so that an attacker is unlikely to be able to “withdraw” any serious amount from his account.
In addition, to minimize potential damage, brokerage companies are developing various customer protection systems. You can find out how the risk management system is implemented in the ITI Capital SmartX trading terminal
at the link .
Other materials on finance and stock market from ITI Capital :