Scalable Solutions

Security Issues in Digital Asset Exchanges

Introduction

In the digital asset space, many risks are inherently present. We can think of it as a trade-off between security and usability as a common way of understanding the laws of the jungle. Regulatory uncertainty, volatility and liquidity, as well as business and reputational risks are some of them. On this occasion, we would like to discuss custody and cyber-security, two risks we consider to be top priority for any digital asset exchange.

“Hacks” have been around for a long time, though not always regarded under the same name. In many industries, the very existence of value promotes incentives to extract that value (independently of the legality of the ways used). Think back to the first banks; having vaults and cashiers provided an incentive for thieves to try and steal funds. How many stories have we heard about Bonnie & Clyde, Dillinger, and countless others making their way into history through infamous theft? 

Main security risks for digital asset exchanges

Why do we consider security risks as a priority? As digital assets still navigate a sea of unregulated waters, many of these exchanges aren’t required -nor incentivized- to have systems in place to prepare for bad times. There are no specific legal requirements that protect users from losses born out of security breaches (hacks).

Usually, security teams within digital asset exchange platforms tend to fix issues as they arise, and have strong expertise in some security aspects. Because exchanges built in-house oftentimes also have limited resources, they can experience several cognitive-behavioural biases that can endanger the trading activity. Confirmation bias (the interpretation of recall of information in a way that affirms prior beliefs or hypotheses) is a classic example of a case where the team working on a feature is the same one in charge of testing it. Getting an external pair of eyes or third-party security audits are some great mechanisms to avoid missing critical errors in security development or testing processes.

Hackers have always managed to leverage bleeding edge technologies and algorithms to crack security protocols. Because of their daily volumes and total custodial funds, exchanges are the (cash filled) sweet forbidden fruit, making them constant targets for hackers. In fact, according to data gatherer Chainalysis, the number of theft incidents have been increasing more than linearly, though with lower average for total amounts. US$ 1.3B, US$343M and US$ 523M of users’ funds have been stolen through 2018, 2019 and 2020 respectively; a number that is multiplied when accounting for scams, ransomware, and malicious activity [1].

Cases

SCALABLE and security risk mitigation

With SCALABLE you can find a balanced mix between in-house and outsourced teams that can control and respond to cyber threats in advance, preventing any loss to the user data or information that could lead to a major hack. We manage this through strong monitoring and state-of-the-art machine learning analytics, as well as by carrying out thorough (robustly compliant) KYC/AML verifications. Furthermore, we can establish a series of controls for insiders, software security controls (like 2FA) and wallets buckets (cold-warm-hot wallets) in order to mitigate to a minimum the risk of compromising users’ funds. Our battle-tested security engine has not lost a cent of user funds and provides a standard rarely seen in the industry. 

With Scalable, you can avoid any damage to your digital asset exchange brand or users through leading technology, whether it be our white label exchange software, or blockchain security audits

Contact us today to increase the security of your digital asset exchange or broker.

 

 

 

 

 

References

[1] Grauer, Kim, and Henry Updegrave. “The 2021 Crypto Crime Report.” Blog.chainalysis.com, Chainalysis, 16 Feb. 2021, go.chainalysis.com/2021-Crypto-Crime-Report.html.  

[2] “Mt. Gox.” Wikipedia, Wikimedia Foundation, 17 Feb. 2021, en.wikipedia.org/wiki/Mt._Gox

[3] Thompson, Patrick. “Coincheck Exchange Pauses Remittances Following Data Breach.” CoinGeek, 4 June 2020, coingeek.com/coincheck-exchange-pauses-remittances-following-data-breach/

Sources

A Comprehensive List of Cryptocurrency Exchange Hacks. SelfKey, 13 Feb. 2020, selfkey.org/list-of-cryptocurrency-exchange-hacks/

Xia, P., Wang, H., Zhang, B., Ji, R., Gao, B., Wu, L., … & Xu, G. (2020). Characterizing cryptocurrency exchange scams. Computers & Security, 98, 101993.