Cryptocurrencies have been around for more than decade, and with their popularity comes an inevitable rise in scams and hacks. While some of these attacks are more sophisticated than others, they all share one common goal: to steal your money.
Some hackers break into your wallets and steal your funds, while others promise to love but later cheat you out of your coins. Others target your exchanges, and some are so sneaky you barely even notice that your device has been compromised.
The crypto world isn’t new to security incidents like this. Still, the size of these hacks appears to be increasing as cryptocurrency prices have risen over the past year, attracting more attention from mainstream media.
So why do exchanges get hacked so often? This article will explore some possible reasons, but let’s first understand the crypto exchanges.
Understanding Crypto Exchanges
Cryptocurrency exchanges are platforms where traders can buy and sell cryptos, derivatives, and other crypto-related assets. Some exchanges only offer crypto-to-crypto trading, while others provide fiat-to-crypto or crypto-to-fiat pairs.
Like stock markets, cryptocurrency exchanges continuously update the value of cryptos with popular fiat currencies, mainly the U.S dollar. By using your bank account, you can purchase crypto and have it deposited in a ‘wallet,’ which is essentially a cryptocurrency bank account.
There are three main types of exchanges:
Centralized Exchanges: A centralized market is a platform for cryptocurrency trading that functions like traditional stock exchanges. A centralized trading platform gets controlled by entities that maintain complete control over all transactions and user account portfolios. Trading is fast and easy on these exchanges because of their high liquidity, but they are also vulnerable to government regulation and hacks. Binance, Coinbase, and Kraken are some of the most popular centralized exchanges.
Decentralized Exchanges: A decentralized exchange is a peer-to-peer network that allows users to trade instantly with each other without the necessity for an intermediary. These exchanges are automated and operate differently from CEXs. They are often built on top of decentralized protocols like the Ethereum blockchain. The most popular DEX is IDEX. DEXs are still very nascent, and there is a possibility that new attacks could emerge at any time.
Hybrid Exchanges: A hybrid exchange is a platform that offers both centralized and decentralized trading features. These exchanges provide the best of both worlds: the security of a DEX with the liquidity of a CEX. In most cases, hybrid exchanges use an escrow system to hold users’ funds until the trade is completed. The most popular hybrid exchange is Binance DEX.
Why Are Crypto Exchanges Under Cyber Attacks?
Crypto exchanges are the most attractive to hacks because of their hierarchical security. When dealing with cryptocurrencies, your security is primarily based on the protocol’s security. Crypto exchanges have three layers of security; coins or tokens, exchanges, and wallets.
- Coins or Tokens
Each coin consists of either an independent protocol or a copy (aka fork) of one of the protocols. In most cases, all the tokens are based on a smart-contract feature of some of the coins, which means their security and trust are tied to the parent cryptocurrency first and only later to the smart contract code. For instance, all tokens (ICO coins) utilize Ethereum as their base, while only a few tokens based on smart contracts issued in other cryptocurrencies (like MOBI) utilize Stellar.
The security of each protocol is dependent on the developers and the community. In an effort to not scare you, it’s important to point out that Ethereum was hacked a few years back as a result of the DAO protocol hack and then hard forked, rolling back its state.
The security of exchanges is based on the technology they use and how they implement it. To understand how exchanges work, you must realize that they use custom code with infrastructure security, which has nothing to do with blockchain.
The most important part of an exchange’s security is the code that handles the order book and money transfers. If this code is not secure, hackers can quickly attack the exchange and steal funds.
It’s also important to note that most exchanges are not decentralized, making them more vulnerable to hacks.
The most important part of a wallet’s security is the private key, a string of numbers that allows you to spend your coins.
If you lose this key, a thief can quickly empty your wallet. That’s why it’s important to never store your private key on an exchange or online wallet. The most secure way to hold your private key is by using a hardware wallet like the Ledger Nano S, a cold wallet.
Consequently, if you have an issue at the coin protocol layer, you will be compromised, regardless of how secure the second and third layers are. Meanwhile, the complexity of the protocol layer means that it’s harder to find a vulnerability at the protocol level than at lower layers, like exchanges and wallets.
Hackers are attracted to exchanges because it’s the most effective way to steal money since they are the weakest link in the cryptocurrency ecosystem. Cryptographic protocols are hard to crack, and digital wallets are too widely dispersed.
Why Are Crypto Exchanges Hackable?
The very nature of crypto exchanges is centralized, making them inherently vulnerable. As a centralized web application with functions for executing transactions and one or a few crypto wallets inside, exchanges are subject to the same security risks that other websites are susceptible to.
But that’s not all. In addition to being susceptible to the same risks as other web applications, crypto exchanges are also attractive targets for hackers because they handle large amounts of money and have high-profile names.
Crypto exchange security problems can be classified into the following buckets: client-side and server-side.
- Client-side: XSS, or cross-site scripting, is the most common client-side vulnerability that allows attackers to hijack your browser. Vulnerable servers can inject malicious HTML and JS code into web pages.
- Server-side: Injection flaws, such as SQL injection, are the most common server-side vulnerabilities. SQL injection is a form of attack where malicious code gets inserted into strings passed to a case of SQL Server for parsing and execution. To prevent these kinds of attacks, it’s essential to keep your software up to date and use secure coding practices. The authentification issue is also a big problem for exchanges. Reusing passwords across multiple accounts is also a significant security issue. If one account gets jeopardized, all of the others are as well. That’s why it’s essential to use a different password for every account.
How to Prevent Crypto Exchanges Hacks?
As old age says, “better safe than sorry,” so make sure your crypto assets are safe and secure by following these tips.
- Use Reputable Exchanges– You must first find a reliable exchange to buy from and set up a secure private wallet to store your coins if you are new to crypto. The best exchanges will have strict verification rules (like CEX.io) and support various currencies.
- Use a Hardware Wallet– A hardware wallet is the most secure way to store your private keys offline. If your wallet is reliable, you will find that it uses the HD method to generate a new address whenever you access it. The best wallets on the market are the Ledger Nano S and the Trezor. The paper wallet is also reliable in security, but it is limited to one-time use.
- Don’t Reuse Passwords– When creating a password, use a combination of letters, numbers, and symbols. Avoid using easily guessed words like your name or birthday. In addition, don’t use the same password for all of your accounts. If one account gets hacked, all of your other accounts are also vulnerable.
- Enable Two-Factor Authentication– Two-factor authentication is an extra layer of security used to protect your accounts. Two-factor authentication works by needing two pieces of information to log in: something you know, like a strong password, and something you have, like your phone.
- Keep Your Software Up to Date– One of the best ways to prevent attacks is to keep your software up to date. By installing the latest security updates, you can patch known vulnerabilities in your system and make it challenging for attackers to take advantage of them.
- Back-Up Your Wallet– If your wallet is lost or stolen, you will need a backup to recover your funds. Keep multiple backups in different locations, such as on a USB drive, an external hard drive, or the cloud.
- Be Careful What You Download– Be careful what you download, as malicious software can get disguised as legitimate programs. Only download software from trusted sources, and verify that a digital signature signs the file you’re downloading.
- Be Wary of Phishing Emails– One of the most common ways hackers try to steal your information is by sending phishing emails. These emails look like they’re from a legitimate company but are malicious. Please do not click on links or attachments that look suspicious. Instead, contact the company directly to verify that the email is legitimate.