In recent weeks, the crypto industry has experienced significant security breaches, underscoring the need for enhanced protection measures across all exchanges. Two notable incidents are:
1. User Accounts Compromised by Malicious Plugin: Some Binance user accounts were compromised after downloading a Google Chrome plugin, Aggr, promoted by one crypto influencer. Hackers hijacked cookies to bypass password and 2FA authentication, gaining direct access to the users’ Binance accounts. Though 2FA prevented immediate withdrawals, the hackers employed wash trading to transfer the funds. This plugin was their key to circumventing standard login verifications.
2. AI Threats: Attackers stole user information from OKX and used AI-generated deepfakes to deceive their customer service and reset account passwords. This sophisticated attack highlights the increasing complexity of threats facing crypto exchanges.
Centralized Exchanges (CEX): Crypto Portfolio Manager of Security
Centralized exchanges face major security threats, including hacking, exploitation of vulnerabilities, and money laundering. Historical incidents, such as the suspected Binance hack on March 7, 2018, which caused a significant drop in Bitcoin’s market value, underline the risks. In 2019 alone, over 28 security incidents were recorded, with more than 70% involving the theft of digital assets, leading to substantial financial losses.
Governments and regulatory bodies worldwide are responding by introducing specific regulations and measures. For example, South Korea’s government has mandated that virtual currency exchanges with daily sales exceeding 10 billion KRW or daily visits surpassing 1 million must obtain an Information Security Management System (ISMS) certification. In China, all services related to virtual currency settlements and trader information provision are banned.
To address these threats, exchanges have implemented various measures to enhance security, such as:
On-Chain Data Solutions: Managing market counterpart risks using blockchain data.
Multi-Factor Authentication (MFA): Enhancing user security through biometric verification, one-time passwords, and push notifications.
SSL Encryption and Cold Storage: Protecting data in transit and storing significant assets offline to prevent unauthorized access.
Regulatory Compliance: Adhering to the requirements of different jurisdictions to ensure operations within legal frameworks.
Effective security in crypto exchanges is multifaceted, involving coordinated efforts between exchanges, regulators, and users.
CoinW’s Advanced Security and Risk Control System
CoinW is committed to providing a secure trading environment through robust security measures and risk control systems. According to CoinW’s Head of Security:
‘A centralized exchange operates akin to a bank’s core system. Its security encompasses frontend and backend safety, technical solutions, security assessments, data storage, and communication encryption. Our comprehensive security framework integrates these elements to maintain high safety standards.’
Unlike traditional banks, CoinW deals with on-chain assets, prioritizing private key security. They use multi-signature (multi-sig) technology for key usage and traditional sharding methods for key storage. In case of hot wallet issues, they have backup systems for recovery, and substantial funds are stored in cold wallets.
The internal mechanisms are crucial, including real-time security incident monitoring and response. The system swiftly detects and addresses suspicious activities, such as unusual network access or abnormal login attempts, by implementing enhanced verification methods for long inactivity or remote logins. CoinW provides instant notifications for any anomalous transactions.
For business risk control, transactions triggering risk conditions undergo secondary manual review, ensuring an additional layer of scrutiny for accounts with unusual activity.
Meanwhile, CoinW’s wallet security is fortified through Multi-Party Computation (MPC), distributing keys across four systems, requiring unanimous approval for any transaction, thereby preventing unauthorized operations.
Additionally, CoinW has integrated Know Your Address (KYA) alongside the Know Your Transaction (KYT) system to elevate security standards. KYA analyzes and categorizes blockchain addresses, enhancing the capability to identify risks and protect user assets. This integration solidifies CoinW’s position as a leader in security within the cryptocurrency industry.
CoinW has also achieved compliance milestones, such as obtaining the digital currency trading service license from the Australian Transaction Reports and Analysis Centre (AUSTRAC). This license allows them to conduct spot trading and fiat currency trading in digital currencies, ensuring a safer and more reliable trading environment for our customers.
‘In summary, the security level of a centralized exchange is determined by its technical measures, business operations, internal management, and its response to security incidents. These factors collectively ensure the robustness and reliability of the exchange, providing users with a safe and trustworthy trading environment.’ CoinW’s Head of Security commented.