While blockchain has an impressive 99.64 percent reliability, the same doesn’t seem to hold true for crypto exchanges. Senior Director of Security Consulting, Spirent Communications, Sameer Dixit identifies some characteristic flaws of crypto exchanges. These flaws need to be tackled to protect the over $350 billion cryptocurrency industry from security breaches.
Security Loopholes In Crypto Exchanges
Listed below are some of the security loopholes found in crypto exchanges that make it easy for hackers to hack.
One of the most primary reasons behind most of the crypto exchange hacks is compromised credentials. The prime targets of hackers are often crypto exchange administrators, as they have authorized access to the private keys of all users. In 2017, hackers managed to gain access to a Bithumb exchange employee’s PC and the rest was history.
Bug In the Code
In 2016, a decentralized autonomous organization (DAO) was hacked due to a loophole found in the code. The DAO delegated powers to contributors as to how the funds were applied. The idea behind this was to manage transactions via the code to solve the problem of human deceit. DAO thought that shared powers would prevent stealing. However, criminals managed to identify a bug in the code and carried out the hack.
Another avenue that hackers use to access a crypto exchange network is via test accounts. These accounts are neither well monitored nor effectively managed. Test accounts should be used only in a staging environment and never in a production environment.
Lack of Roles Separation In Crypto Exchanges
Dixit points out the need to clearly demarcate who has access to what information in the crypto exchanges. He stresses on the need to set clear rules when access is provided. This can be done by ensuring the separation of roles and duties.
Inadequacies in Hot Wallets
Exchanges find it a mammoth task to store cryptos in cold storage because clients send in withdrawal requests on a 24/7 basis. Hence hot wallets must be secured with multi-signature private keys. The Coincheck exchange hack is a classic example.
As mentioned in the BTC Manager report, crypto exchanges and users need to practice advanced security measures to alleviate hacking risks until solutions are found.[The views and opinions expressed in this article are those of the authors and do not necessarily reflect the views and/or the official policy of the website. ]