Last updated on July 6th, 2023 at 12:20 pm
Crypto exchanges and wallets have become hot targets for hackers. Regularly, the blockchain space is graced with news of crypto exchanges and platforms being hacked. Wallet owners also lose their funds to attackers when the private keys are compromised. It is common to see bots trying to convince people to give up their seed phrase on Twitter, especially when the term ‘Trust Wallet’ is typed. If a crypto enthusiast asks a question relating to the field and mentions the word, ‘wallet’ on Twitter and Facebook, a set of bot accounts will reply immediately, requesting the private keys of the person’s wallet, claiming that they are the support team. Once they gain access to the seed phrase, they immediately transfer the crypto holdings to a new wallet.
Another scam trick that these unscrupulous elements employ to access people’s wallets is a phishing attack, where they send an email or social media message, claiming to be the support team of the wallet or exchange. They usually attach the wrong URL to the messages. Once the user clicks on the link and inputs their private details to the phishing site, they lose control of their genuine accounts.
Sometimes, scammers create fake wallets, promote them on social media, and launch them on popular app stores. An unsuspecting victim may transfer their holdings to the wallet, not knowing that it is a trap to fleece them of their funds.
Crypto wallets are not the only structures that are being hacked. Hackers have taken to exploiting the loopholes in both centralized and decentralized exchanges and stealing cryptocurrencies in the process. At the moment, a month hardly goes by without at least one incident making the news.
Crypto exchange security
With the increasing attacks on crypto exchanges, the number of cybersecurity strategies to curb this trend seems to be on the rise. Some blockchain security and analytics firms offer Exchanges access to a simulation exercise, where they map out potential threats and strategies to salvage them. These security organizations collect data from previous attacks and use forensics tools to analyze them, with the intention of creating remedies.
As a way of strengthening the security of crypto exchanges, many of them undergo thorough audit sessions by a third-party security organization, where their source code is reviewed with a report created to offer recommendations to the issues.
Blockchain firms tend to organize training for both their tech and non-tech employees to heighten their cybersecurity skills, thereby reducing the chances of an attacker gaining access to the system via the misdeeds of an employee.
The biggest thefts from crypto exchanges in history
Hackers have taken a liking to the blockchain space to the extent that North Korean-linked hack group, the Lazarus Group has graduated from hacking multinational companies like Sony to attacking crypto exchanges. This article will discuss some of the biggest thefts from crypto exchanges in history.
• Bitfinex
Bitfinex was attacked in August 2016, resulting in the loss of 120,000 Bitcoin. The incident caught the attention of the cryptocurrency community, particularly because it occurred in a single transaction.
The exchange compensated its users by issuing IOUs in the form of a token, which they later purchased back.
In February 2022, the attackers began to move the loot that had been sitting idle in the wallet. The remaining stolen Bitcoin was sent in small amounts to multiple wallets.
• Mt. Gox
Owing to the fact that it occurred during the early days of bitcoin, this is one of the largest crypto exchange hacks in history.
Mt. Gox was founded by Jed McCaleb as a trading platform for in-game tokens. It was later modified to accept Bitcoin transactions. The exchange’s programming was not sophisticated, even though it had been modified to allow Bitcoin trading. Due to security vulnerabilities, users could withdraw more than they had in their wallets, making it an ideal target for hackers. Its first hack occurred in 2011 with $8.75 million in Bitcoin stolen. Three years later, in a bigger hack, 850,000 Bitcoins were stolen.
• Binance
The popular crypto exchange has been a victim of hackers exploiting the system and making away with cryptocurrencies. In 2019, Binance lost 7000 bitcoins from its hot wallet to hackers. The intruders bypassed the exchange’s security architecture and gained access to the hot wallet.
As a way of supporting the trading platform, other crypto exchanges like Coinbase blacklisted the address of the hacker, reducing the hacker’s chances of converting the stolen Bitcoin into cash.
• Poly Network
In a series of events that shocked the crypto space, Poly Network lost over 600 million USD worth of digital assets in August 2021.
The attacker went by the pseudonym, ‘Mr. White Hat’ and was open to discussing with their victim concerning the stolen funds. Poly Network appealed to the hacker to return the digital tokens and get a job as the DeFi protocol’s security team lead and $500,000. Mr. White Hat claimed that they noticed the flaws in Poly Network’s security architecture and exploited it as a way of drawing attention to it.
Poly Network gained access to their stolen funds days after the incident. It attracted mixed reactions, as some people felt it was a publicity stunt. Others believed that the hacker would not have easily laundered or cashed out the digital assets and decided to return them.
• Upbit
In 2019, hackers hit another exchange and made away with $45 million. Upbit was one of the exchanges with high trading volume during that period, making it a target for unscrupulous elements. With a single transaction in November 2019, the hackers gained access to the funds and moved them to different wallets. By moving the stolen funds around, they were trying to reduce the chances of tracking them.
Common ways to hack a crypto exchange
There are several ways crypto exchanges can be compromised, from hot wallets to social engineering hacks.
• Social engineering
Social engineering is a technique used by some hackers to gain access to a company’s internal network. They usually look for an exchange employee and observe their online habits before sending them a malware-infected email. The message usually contains an enticing offer they may click. Once the employee clicks on it, the malware becomes part of the exchange’s network.
• Hot wallet hack
Crypto exchanges use two types of wallets, cold and hot wallets. Hot wallets are used for daily activities, allowing users to move their crypto holdings on the exchange somewhere else. These hot wallets make it possible for users to initiate transactions seamlessly. Crypto exchanges store most of their crypto holdings in a cold wallet that is not connected to the internet. They can’t be accessed remotely, making them difficult to attack. On the other hand, the same can’t be said for hot wallets.
Some of the past attacks on exchanges have been linked to hackers gaining access to the hot wallet and transferring digital assets elsewhere. Attackers tend to look for loopholes in the hot wallet since it is connected to the internet, unlike the cold alternative.
Ways to protect crypto exchanges
• Insurance policy
Crypto exchanges take out an insurance policy with external organizations, as a way of hedging the risks and issues that may occur after a successful attack. Sometimes, they may have an internal policy designed to mitigate the effects of a hack.
• Notification system
As a way of reducing the chances of a user losing their funds when their account is compromised, an exchange may send a notification to their email address and phone number alerting them about the potential transaction. Sometimes, codes are sent to the user’s email as a 2FA feature before a transaction is permitted.
• Cold wallet storage
Cold wallet storage has proven to be a safe means of storing cryptocurrencies because they are not connected to the internet and their private keys are stored offline. Many exchanges store the bulk of their crypto holdings in cold storage systems.
• Security audits
Blockchain platforms organize bug bounties as a way to encourage white hat hackers to test the integrity of their security architecture. Participants are rewarded based on the criteria of the event. In other cases, exchanges may use security analytics firms to do a full review of their code in a bid to spot bugs and potential issues. Internal and external control systems created by the exchange are tested in the process.
• Withdrawal restrictions
When a user changes their password or other important details of their account, the exchange may place the account on temporary restriction for a few days. In this case, the owner of the account is notified of the change and the temporary limitation that has been placed on it. If the alteration was not made by the user, they can stop the hack attempt.
In Conclusion,
- Crypto exchanges are targets for hackers.
- Some crypto exchanges, such as Mt. Gox have gone out of business because of an attack.
- Hackers tend to use loopholes in hot wallets to gain access to crypto holdings.
- Crypto exchanges can use security mechanisms to mitigate the chances of a hack happening.
If you would like to read more news articles like this, visit our Website. You can also follow DeFi Planet on Twitter, Facebook, Instagram, and LinkedIn.