Cryptocurrencies have made a huge impact on the financial industry and have managed to establish digital coins as one of the most talked about financial assets of the past few years. Everyone wants in on the game – individual investors, traders, cryptocurrencies, even governments are eager to tap into the immense potential of cryptocurrencies and their underlying tech. And of course, hackers want in, too. As cybercrime attacks are on the rise globally, how can you protect yourself from cybercriminals looking to target cryptocurrency users – and how can you be sure that the cryptocurrency exchange you are using is taking every measure necessary to protect your account from getting hacked?
Why do hackers target cryptocurrency exchanges?
Crypto exchanges are in fact the keepers of an immense volume of wealth, traded every day across their members. In December 2018, popular cryptocurrency exchange Coinbase announced that it had upgraded its infrastructure from its Generation 3 system to the newer version, Generation 4. In order to complete the upgrade, Coinbase had to move a whopping $5 billion in altcoins, which according to the exchange itself, might have been the largest migration of digital coins since Bitcoin took its first steps. The figure includes 5% of all Bitcoins that are in circulation, 8% of all Ether and a stunning 25% when it comes to Litecoin. The numbers are impressive – but when we consider that they represent just a fraction of all value in cryptocurrencies currently in circulation, we can understand why the stakes are so high and why hackers are so keen to get past exchange security. This becomes even clearer when we take into account the fact that crypto exchanges also host a massive amount of personal data linked to people using trading accounts. Cybercriminals have their eyes set on this, especially when it includes financial information like banking or credit card data.
How to protect data on a crypto exchange
In order to protect this valuable data, crypto exchanges can use a variety of techniques, like data pseudonymization. Pseudonymisation is the process of replacing sensitive data with realistic but fictional data. This allows businesses of all kinds, including crypto exchanges, to successfully protect the data against hackers while maintaining referential integrity, which is essential in order for organisations to continue functioning without disrupting their daily operations. Employing such techniques, including data masking, also enables them to comply with regulatory requirements and privacy legislation, such as the latest EU General Data Protection Regulation rules. Businesses can also employ data anonymisation, but while this offers a high level of security, it’s also not ideal when this data is to be used regularly, as anonymised data is completely de-linked from a person. In order to further protect users, crypto exchanges need to implement further technical measures, like installing specialised firewalls and anti-malware software on their systems. This can help protect against several hacker attack vectors and lay the groundwork for more sophisticated cybersecurity options. In order to protect user accounts, crypto exchanges should also implement tailored solutions like two-factor authentication. This way, the user needs an extra step in requiring physical access to a device in order to be able to log into their account and be able to manage the funds there.
DDoS and phishing attacks and how to prevent them
DDoS attacks seem to be very common among cryptocurrency exchanges, as several leading names have reported falling victim to such attacks, including Mt Gox in 2013 and Bitfinex in 2017. In this type of hacker attack, a server is overwhelmed with traffic so that its service is disrupted as it cannot manage the sheer volume of requests. In light of this, crypto exchanges need to invest in customised solutions for stopping DDoS attacks. These include buying more bandwidth in order to be able to manage sudden peaks in traffic, as well as deploying tailored software. Phishing attacks are also common, such as the one suffered by South Korean crypto exchange Bithumb in 2018, with roughly $31 million stolen by hackers. Awareness is key in order to protect against phishing scams, so exchanges need to train their staff in recognising and mitigating such incidents. It is also important to educate users by alerting them to the dangers – as well as to be on the lookout for cybercriminals sending out malicious messages that attempt to make it seem like they were sent from the exchange itself to trick users into clicking on malicious links and inadvertently downloading malware. Security breaches in crypto exchanges can be very costly affairs. As research indicates, the largest cryptocurrency theft to date has been the 2018 Coincheck incident, which saw $547 million stolen, followed by Mt Gox in 2014 that saw $480 million in losses and Parity Wallet’s breach in 2017, ending with $155 million in the hands of hackers.
Just by the number of attacks reported, it is evident crypto exchanges do not have an excellent track record of successfully protecting user data or the cryptocurrencies they hold. Even so, some crypto exchanges fare better than other: Kraken has a dedicated bug bounty system in place, while BitMex employs multi-signature addresses and stores everything offline. As the industry becomes more mainstream and hacker attacks continue to rise, more exchanges are bound to invest in cybersecurity and follow these best practices. Employing simple yet powerful solutions that can help keep hackers at bay will work wonders for brand reputation as well as for building client trust, which is crucial as the market is set to expand even more.