Cryptocurrency hack

CryptoCurrency Breaches and Hacking Scandals: How to Address them?

The proponents of cryptocurrency always harp on the point that it is very safe and secure and the blockchain technology that is used is virtually hacking proof. Let’s face it, even with the best technology you will have loopholes and there are people everywhere who wish to make a profit out of it.

Every small vulnerability is used to steal bitcoins or other cryptocurrencies. Making systems tighter is the way forward. Earlier only small crypto exchanges used to be affected, as the security was not up to the mark or the exchanges could not have the necessary security team in place.

Still, nowadays big crypto exchanges are also threatened by hacking and some big crypto exchanges have already fallen prey to it.

Over the years there have been crypto currency breaches and hacking scandals and a few of them are listed below:

Mt. Gox:

The first major cryptocurrency hack was the Mt. Gox hack. Mt. Gox was an exchange company located in Shibuya, in the Tokyo district (Japan).In 2014, after declaring bankruptcy, Mt. Gox announced that hackers stole $473 million in bitcoin. This was the first major security lapse and it also led to the downfall of Mt. Gox.

Bitstamp:

Bitstamp is a trading company, based in Luxembourg, with two Slovenian founders: NejcKodrič (CEO and co-founder) and DamijanMerlak (a member of the management board and co-founder). In January 2015 more than $5 million in Bitcoin was stolen from a storage wallet due to a system administrator getting affected by a phishing scam.

Bitfinex:

Also, a cryptocurrency exchange, Bitfinexis headquartered in Hong Kong but registered in the Virgin Islands. The company was hacked in 2015 and $72 million worth of Bitcoin was stolen. As usual, hackers had spotted a flaw in the exchange and exploited it.

Parity:

Parity offers a blockchain for Ethereum clients to use and guarantees security to its users. However, a while ago, a vulnerability was found in the Parity Wallet and white hat hackers (let’s call them the good guys) tried to save the funds in the Parity Multisig Wallet. However, black hat hackers (the unethical ones) had a field day and made away with upwards of $30 million in Ether.

Coincheck:

Hackers had a merry time stealing $530 million in cryptocurrency from this Japanese crypto exchange, founded by Koichiro Wada and Yusuke Otsuka. The hack happened in January of 2018 and the currency stolen was NEM tokens. Coincheck assured to pay the users who lost funds due to the breach.

Binance – CryptoCurrency:

Headquartered in Malta, Binance is a crypto exchange that provides a platform for over 100 cryptocurrencies.  In May 2019, more than $40 million worth of Bitcoin was stolen from this exchange by hackers. Their CEO, ChangpengZao, affirmed the intruders “used a variety of techniques, including phishing, viruses and other attacks”. Since then Binance has made a lot of improvements in this regard, e.g. significantly enhanced the security of its API, so third party tools like Binance trading bots can run safely, or expanded its Asset Insurance Fund for Users to $1 billion.

Steps to address the problem:

A big way to prevent these sorts of attacks is by having easy communication between crypto exchanges. Exchanges should be able to track funds that seem suspicious and should be able to freeze such transactions when an exchange communicates that a vulnerability has been breached. Many crypto exchanges such as eToro have great systems in place.

A good example is eToro. According to a recent eTororeview, the trading company has KYC policies and when you have KYC details it becomes easy to track funds and recover them. Most of the hacked cryptocurrencies are sent to other crypto exchanges before being moved, so communication will help to lessen the losses or to even recover the lost funds completely. With communication in place, wallets can be suspended immediately.

In fact, in 2018 four crypto exchanges in South Korea got together and created a hotline for communication. This was done to make sure that any suspicious transaction is detected as soon as possible and the word is got out to others to be aware as well as to freeze any transaction. It is believed to have really helped the exchanges.

A hotline to communicate should be created among all the crypto exchanges of the world so that hackers cannot steal and run away with the proceeds. Another point is that a database should be created of wallets and transactions that are suspicious and these should be communicated to all exchanges.

In short, cryptocurrencies have their share of problems and hackers have shown that they can hack it too. Apart from the above-mentioned points, all exchanges should store the same amount of funds which is in their hot wallets as insurance in their cold wallets.

Hot wallets are prone to hacking as they are online but cold wallets are not connected to the internet and hence safe. If an attack occurs on a hot wallet the exchange can continue running while the other systems try to minimize the losses as they will have an insurance fund in their cold wallets.

Source & credits

This article provided to www.gbhackers.com by Thyagarajan Gopalakrishnan. All the Content of this Article Belongs to Original Author. GBHackers on Security won’t take any credits.

GBHackers on Security

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

9 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

10 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

12 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

16 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

17 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

17 hours ago