Friday, March 29, 2024

CryptoCurrency Breaches and Hacking Scandals: How to Address them?

The proponents of cryptocurrency always harp on the point that it is very safe and secure and the blockchain technology that is used is virtually hacking proof. Let’s face it, even with the best technology you will have loopholes and there are people everywhere who wish to make a profit out of it.

Every small vulnerability is used to steal bitcoins or other cryptocurrencies. Making systems tighter is the way forward. Earlier only small crypto exchanges used to be affected, as the security was not up to the mark or the exchanges could not have the necessary security team in place.

Still, nowadays big crypto exchanges are also threatened by hacking and some big crypto exchanges have already fallen prey to it.

Over the years there have been crypto currency breaches and hacking scandals and a few of them are listed below:

Mt. Gox:

The first major cryptocurrency hack was the Mt. Gox hack. Mt. Gox was an exchange company located in Shibuya, in the Tokyo district (Japan).In 2014, after declaring bankruptcy, Mt. Gox announced that hackers stole $473 million in bitcoin. This was the first major security lapse and it also led to the downfall of Mt. Gox.

Bitstamp:

Bitstamp is a trading company, based in Luxembourg, with two Slovenian founders: NejcKodrič (CEO and co-founder) and DamijanMerlak (a member of the management board and co-founder). In January 2015 more than $5 million in Bitcoin was stolen from a storage wallet due to a system administrator getting affected by a phishing scam.

Bitfinex:

Also, a cryptocurrency exchange, Bitfinexis headquartered in Hong Kong but registered in the Virgin Islands. The company was hacked in 2015 and $72 million worth of Bitcoin was stolen. As usual, hackers had spotted a flaw in the exchange and exploited it.

Parity:

Parity offers a blockchain for Ethereum clients to use and guarantees security to its users. However, a while ago, a vulnerability was found in the Parity Wallet and white hat hackers (let’s call them the good guys) tried to save the funds in the Parity Multisig Wallet. However, black hat hackers (the unethical ones) had a field day and made away with upwards of $30 million in Ether.

Coincheck:

Hackers had a merry time stealing $530 million in cryptocurrency from this Japanese crypto exchange, founded by Koichiro Wada and Yusuke Otsuka. The hack happened in January of 2018 and the currency stolen was NEM tokens. Coincheck assured to pay the users who lost funds due to the breach.

Binance – CryptoCurrency:

Headquartered in Malta, Binance is a crypto exchange that provides a platform for over 100 cryptocurrencies.  In May 2019, more than $40 million worth of Bitcoin was stolen from this exchange by hackers. Their CEO, ChangpengZao, affirmed the intruders “used a variety of techniques, including phishing, viruses and other attacks”. Since then Binance has made a lot of improvements in this regard, e.g. significantly enhanced the security of its API, so third party tools like Binance trading bots can run safely, or expanded its Asset Insurance Fund for Users to $1 billion.

Steps to address the problem:

A big way to prevent these sorts of attacks is by having easy communication between crypto exchanges. Exchanges should be able to track funds that seem suspicious and should be able to freeze such transactions when an exchange communicates that a vulnerability has been breached. Many crypto exchanges such as eToro have great systems in place.

A good example is eToro. According to a recent eTororeview, the trading company has KYC policies and when you have KYC details it becomes easy to track funds and recover them. Most of the hacked cryptocurrencies are sent to other crypto exchanges before being moved, so communication will help to lessen the losses or to even recover the lost funds completely. With communication in place, wallets can be suspended immediately.

In fact, in 2018 four crypto exchanges in South Korea got together and created a hotline for communication. This was done to make sure that any suspicious transaction is detected as soon as possible and the word is got out to others to be aware as well as to freeze any transaction. It is believed to have really helped the exchanges.

A hotline to communicate should be created among all the crypto exchanges of the world so that hackers cannot steal and run away with the proceeds. Another point is that a database should be created of wallets and transactions that are suspicious and these should be communicated to all exchanges.

In short, cryptocurrencies have their share of problems and hackers have shown that they can hack it too. Apart from the above-mentioned points, all exchanges should store the same amount of funds which is in their hot wallets as insurance in their cold wallets.

Hot wallets are prone to hacking as they are online but cold wallets are not connected to the internet and hence safe. If an attack occurs on a hot wallet the exchange can continue running while the other systems try to minimize the losses as they will have an insurance fund in their cold wallets.

Source & credits

This article provided to www.gbhackers.com by Thyagarajan Gopalakrishnan. All the Content of this Article Belongs to Original Author. GBHackers on Security won’t take any credits.

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles