Cryptocurrency exchanges and hacks are two terms that appear to be synonymous with one another. The reality is that in 2019 alone, the blockchain community has already been accustomed to six major hacks, subsequently resulting in the cryptocurrency-equivalent of tens of millions of dollars in stolen funds.
It is also possible that others have occurred, much unbeknownst to the public eye.
Nevertheless, the latest of such attacks occurred just this month via Japanese third-party platform BitPoint. The hack is believed to have resulted in the hackers illegally extracting at least $30 million in customer funds.
The unfortunate fact that must be realized is that irrespective of the underlying safeguards employed by cryptocurrency exchanges, the means and methods of would-be criminals are getting smarter and smarter. As such, the focus must not only be on how exchanges are protecting customer funds, but how they react when the worst does happen.
Enhanced Protectionary Measures
As noted above, this two-step analysis on whether or not cryptocurrency exchanges have the necessary controls in place begins with the protection of customer funds. As criminals increase their capabilities, as must those responsible for protecting client accounts.
While leading cryptocurrency exchange Binance are not themselves free from controversy – insofar that the platform was hacked for $40 million in May, it is notable that the organization has installed a Secure Asset Fund for Users (SAFU).
By allocating 10% of all trading fees into the SAFU, Binance is well-equipped to deal with the unfortunate reality of successful hacking attempts. Taking into account the multi-billion dollar daily trading volumes the platform facilitates, the SAFU offers traders significant protectionary assurances.
In a somewhat unconventional approach to security, the likes of Estonia-based CODEX are utilizing EdDSA cryptography to keep customer funds safe. The technology allows CODEX to stand as the only cryptocurrency exchange that does not store API secrets.
Alongside EdDSA, the platform further increases its defense mechanisms by combining both an internal and external security audit, alongside a public bug bounty program to encourage those in the know-how to report potential weaknesses.
In reference to the previously mentioned BitPoint hack, CODEX CEO and founder Serge Vasylchuk noted that “BitPoint’s $30 million hack demonstrates, once again, how big our responsibility is as exchange operators. Obviously, our top priority is to keep consumer funds and data safe and secure, and extreme measures must be taken in order to achieve this goal.”
Rivalry Should not Exist When it Comes to Protecting Customer Funds
Vasylchuk’s comments are cause for further thinking, insofar that cryptocurrency exchanges do have a significant amount of responsibility on their shoulders.
As such, it is reasonable to suggest that third-party platforms need to collaborate on a collective basis to keep crime away from the industry, and ultimately, do what they can to assist in the recovery of stolen funds that are laundered from rival exchanges.
This is something that was recently highlighted in the June hack of well-known wallet provider Gatehub. For those unaware, the hack resulted in the theft of over 23 million XRP tokens, which at the time, amounted to the cryptocurrency-equivalent of just over $10 million.
While GateHub immediately put a temporary freeze on the movement of tokens, they also made a public announcement referencing some of the third-party exchanges that the stolen funds were moved to. Interestingly, as one of the platforms that inadvertently received some of the illicit proceeds, ChangeNOW was able to recover 500,000 XRP tokens.
Moreover, the same platform also played its part in recovering stolen funds that it received as per the June hack of Singaporean exchange Bitrue. While it is unclear what the other receiving exchanges did in response, it was reported that ChangeNOW was successful in returning $320,000 of the stolen XRP tokens back to Bittrue.
In full recognition that the techniques employed by unsavory cryptocurrency hackers will only get stronger, Pauline Shangett, CCO of ChangeNOW, notes that “The more active the market becomes in the future, the more breaches are bound to appear.”
Shangett continued to add that “Minimizing the damage is more important; that includes cooperation with the community and other services in the sphere, as well as post-hack customer care.”
What Does the Future Hold?
In summary, it would be naive to think that cryptocurrency exchange hacks will ever be a thing of the past. As exchanges improve their internal security practices, illicit actors will inevitably find new ways to breach the defense.
While incorporating cutting-edge security safeguards such as those implemented by CODEX is crucial, it is just as important for exchanges to implement a ‘what-if’ plan in the event that the worst does happen.
Whether it’s in the form of a reserve fund to deal with stolen tokens, or collaboration between rival platforms, the key point is that third-party cryptocurrency exchanges have a significant level of responsibility in keeping customer funds safe.
Editor’s Note: This article is a guest submission and was not authored by BeInCrypto or its staff. We have chosen to publish this article because we feel that it may be of value to our readers.