As much as exchanges are tirelessly working to improve their services, they still face a major risk from hackers, who are very aggressive in working to develop new tactics. It is about time crypto exchanges come up with a solid strategy for a more holistic security approach in dealing with security concerns.
Exchanges face security risks, and KuCoin is the latest victim in the block, where its hot wallets lost Bitcoin, ERC-20, and other tokens. The total assets lost are approximate of $280 million, making it the third-largest hack experienced in the crypto industry. Even though the exchange lost a lot of money in the hack, the cold wallets were safe and untouched.
As a security measure, OKEx officially stopped all withdrawals from the exchange in mid-October. It did that after discovering one private key is at stake. The exchange noticed the private key was collaborating with the public security bureau investigation. OKEx later clarified that the exchange is not in touch with the individual suspected. Later on, it was rumored that the private key holder is OKEx founder Mingxing Xu, who was in Chinese police custody at the time. Since withdrawals are still suspended, it has forced owners of the assets to sell off what they have through the P2P exchange, which is at a loss. As per the last update from the exchange, withdrawals will finally resume on Nov. 27.
Huobi is also in the light as users noticed unusual transactions in the exchange. There has been an abnormal transfer of funds into the platform. A single transaction amounting to $204 million was deposited into the platform. During the same duration, the platform’s founders were in the same situation as Mingxing Xu, making many to predict the exchange would fall into the same situation as OKEx. Through a Tweet, Huobi assured its users that it uses a multi-signature security system on its wallets, and hence the funds are all safe.
With all the Hullabaloo happening in the crypto exchange scene, what might be the solution? Here are some of the measures that exchanges can take:
Multi-signature wallet systems
Multi-signature wallets require more than one signature for any given transaction. This is a measure that exchanges can take to beef up security. In addition to that, multi-sig wallets also help reduce the chances of a single point of failure.
Although multi-sig wallets have their own sets of weaknesses, the pros outweigh the cons. With a multi-sig wallet, several wallet holders have to sign for a transaction to complete; if one fails to do so, then the wallet is blocked.
Decentralization of exchanges
Centralization of exchanges puts it at stake for attacks since there are many attack vectors for it. A centralized exchange also increases the chances of a single point of failure, which makes it vulnerable.
With decentralization, there are many copies of the ledger, making it hard for the system to be hacked.
The right balance between hot and cold wallets
Many exchanges wrestle with creating a balance between hot and cold wallets. Hot wallets are normally the ones that are vulnerable to attacks from hackers. An exchange cannot do away with hot wallets since they may get withdrawal requests from users. It will not make sense for users to exchange when they cannot access funds when they want to. An exchange should improvise a way to create a balance since cold wallets are the most secure.
Working with external security firms
Perhaps the solution for exchanges is working with external security firms to protect information at every point of interaction. That means there should be a zero-trust approach to the entire exchange architecture. Bybit is an example of an exchange that uses an external firm to monitor every interaction point while searching for the weak points to fix them.