Security vulnerabilities of cryptocurrency exchanges


Many experts argue that cryptocurrencies may radically change not only the financial sector but also the way society operates. The reasons provided to support this argument include the convenience to generate, manage, store, handle, transact, and account cryptocurrencies. While the success of Bitcoin and other major cryptocurrencies indicate that the new digital gold certainly has its own place in the digital economy, the frequent cyber-attacks on cryptocurrency exchanges continuously undermine the trust in cryptocurrencies, thus slowing down their development and acceptance.

In the recent months, we have witnessed several attacks on cryptocurrencies. For instance, the South Korean cryptocurrency exchange Coinrail confirmed that it was hacked in June 2018. According to the local news agency Yonhap, the hack resulted in losses amounting to 40 billion won (36,9 million U.S. dollars). Japan’s cryptocurrency exchange Coincheck was hacked in January 2018 which resulted in losses exceeding 500 million U.S. dollars. After being hacked twice, the South Korean exchange Youbit stopped operating and declared bankruptcy in December 2017.

To avoid hacks leading to significant losses, cryptocurrency exchanges need to have comprehensive procedures for identifying and eliminating information security vulnerabilities. Although post-incident measures can be effective, it is unlikely that they will reduce the negative consequences to zero. For example, Coinrail stated in relation to the attack mentioned above that: “Seventy percent of total coin and token reserves have been confirmed to be safely stored and moved to a cold wallet [not connected to the internet]. Two-thirds of stolen cryptocurrencies were withdrawn or frozen in partnership with related exchanges and coin companies. For the rest, we are looking into it with an investigative agency, related exchanges, and coin developers.

The purpose of this article is to examine the common vulnerabilities of cryptocurrency exchanges (Section 2). Afterward, we provide concluding remarks (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Daniel Dimov. Read the original post at: