Many analysts believe that cryptocurrencies have the potential to fundamentally alter not only the financial market, but also the way society functions. The ease with which one can create, manage, store, treat, transact, and account for cryptocurrencies is one of the arguments offered to support this position. Although the rise of Bitcoin and other big cryptocurrencies suggests that the latest digital gold has a position in the digital economy, constant cyber-attacks on cryptocurrency exchanges continue to erode confidence in cryptocurrencies, slowing their growth and adoption.
Several attacks on cryptocurrencies have occurred in recent years. For example, in June 2018, the South Korean cryptocurrency exchange Coinrail announced that it had been hacked. According to Yonhap, a Korean news agency, the hack resulted in losses of 40 billion won (36,9 million U.S. dollars). Coincheck, a Japanese cryptocurrency exchange, was hacked in January 2018, resulting in losses of more than $500 million USD. Youbit, a South Korean exchange, ceased operations and announced bankruptcy in December 2017 after being hacked twice.
Cryptocurrency exchanges must provide robust protocols for detecting and removing information security vulnerabilities to prevent attacks that result in major losses. While post-incident interventions can be successful, they are unlikely to completely eliminate negative consequences.
Phishing vulnerability of cryptocurrency exchanges
Also the most advanced technical safeguards are ineffective against phishing attacks on cryptocurrency exchanges. To give you an example, in 2015, criminals stole around $5 million from the bitcoin exchange Bitstamp as a result of a weeks-long phishing attack. A legitimate organization sent the fraudsters, who interacted with Bitstamp employees via email and Skype and persuaded one of them to download a file that he thought was legitimate. When opened, the attachment contained a malicious VBA script that installed a malicious file on the infected computer.
Protections for hot wallets aren't present.
An online cryptocurrency wallet that is linked to the Internet is referred to as a "hot wallet." To secure hot wallets, many cryptocurrency exchanges use single private keys. Criminals who gain access to a single private key may hack the hot wallet to which the private key is linked. Bitfinex (2016) and Parity (2016) are two recent examples of private key attacks (2017). The attacks resulted in damages of 65 million dollars (Bitfinex) and 30 million dollars (Bitfinex) as a result of the attacks (Parity). Using multisignature private keys, cryptocurrency exchanges can easily prevent similar attacks.
Employee login credentials are not well protected.
Cryptocurrency exchange employees often use weak passwords or store their login credentials in an insecure manner. As a result, criminals can easily obtain the login credentials. Employee login data were compromised in at least three attacks: BitThumb hack (2017), NiceHash hack (2017), and YouBit hack (2017). (2017). It's worth noting that employees' private computers are occasionally targeted by hackers. As a result, businesses must ensure that workers safeguard login credentials for software applications installed not only on work computers but also on personal computers.
Vulnerabilities in software
Various regulations require banks and other financial institutions to enforce data protection measures in order to protect their clients' deposits and prevent unauthorized transactions. However, since the blockchain industry is still in its early stages, a few of these laws extend to cryptocurrency exchanges. As a result, it's no surprise that many cryptocurrency exchanges have security flaws that enable hackers to steal large sums of money.
Adaptability in transactions
Blockchain proponents often claim that transactions on the blockchain are highly protected because they are registered on an allegedly immutable ledger. They also overlook the fact that each transaction requires a signature, which can be altered prior to the transaction's completion. The “Mt. Gox” hack, one of the biggest in cryptocurrency history, was carried out by hackers who sent code changes to a public ledger before the initial transactions were posted. The hacked exchange was bankrupted as a result of the attack, which resulted in a loss of 473 million dollars.
The large number of cyber-attacks mentioned in this post, as well as multiple reports about cryptocurrency exchange security vulnerabilities, demonstrate a pressing social need for blockchain regulation. Governments could, in particular, mandate cryptocurrency exchanges to implement stringent information protection measures to prevent the theft of billions of dollars.