The Top 5 Hacks of Crypto Exchanges — knowledge base

And why it can’t happen with BankDex

Cryptocurrencies began their upward ride in 2017 when the media finally took note of this revolutionary technology. The price of cryptocurrencies skyrocketed to a record high as the whole market went through a remarkable expansion period. Bitcoin even came very close to breaking the $20000 mark as the entire market peaked at a little below $800 billion marks. The excitement that followed this rise in cryptocurrency market value led to a greater focus on the sector, which in turn lead to further mainstream adoptions. However, not all the attention that the sector received was positive. A variety of factors contributed to making the crypto market fertile for theft and scams by hackers. The ease of coin exchange, the newness of the system, inexperience of cryptocurrency owners and the immutable nature of blockchain made cryptocurrency hacking easier. As with any other technology, hackers and scams are and will probably always be a part of the cryptocurrency space as well. Most of these hackers focus on medium-sized thefts focussed on individuals. However, the crypto world has also seen some high-level hacks where the hackers went for the entire platform.

The biggest hacks of cryptocurrency exchanges

One of the major challenges experienced since the arrival of cryptocurrency exchanges is network security. Transactions in cryptocurrency exchanges are conducted over the blockchain database. Blockchain is a digital, decentralized and distributed ledger that records transactions without the help of an intermediary, such as a bank. The transaction data in a blockchain is protected by the technique of cryptographic encryption and distributed across computers around the globe, as opposed to a central location. This is aimed at preventing any entity, including hackers, from gaining access to the network, making blockchain safer than the traditional banking network. However, this is not always the case. According to reports from CipherTrace, a leading Blockchain security firm, over $731 million worth of cryptocurrencies has been stolen from different crypto exchanges during the first half of 2018 alone. This is in contrast to the $266 million loss accounted from heists and security breaches in 2017. The massive increase in hacking intensity has raised major concerns on the security standards developed by trading platforms.

Coincheck

With a loss of about $500 million, the Coincheck hack in Japan was one of the biggest cryptocurrency exchange hacks to occur in 2018. The exchange held an unusually large amount of cryptocurrencies and crypto-assets in their hot wallets, which were connected to the internet. The storage of money in hot wallets instead of the cold wallets stored offline, helped the hackers to steal millions of dollars in cryptocurrency soon after gaining access to the system. The hack took place by taking advantage of the loopholes in the exchange’s security system. After the attack, the exchange admitted that the hack took place due to a lack of experienced and talented developers to work on the exchange’s security system.

Bitfinex

The Bitfinex cryptocurrency exchange hack figures among the second-largest Bitcoin platform hacks of all times. The event took place in August 2016, when an amount of nearly 120000 Bitcoins were drained from different accounts of the users. Although this loss can be attributed to about $72 million at the time of the theft, the amount can be valued at $1.2 billion today. The Bitfinex hack was interesting in several aspects. The Bitcoin drain that was witnessed during the attack was found to have affected the multi-signature accounts only. The multi-signature technique is usually used to enhance the level of security. The access to a multi-signature account is managed by multiple signees in order to mitigate the different security risks. Fund transfer in a multi-signature account can occur if you have access to these multiple keys that act as passwords facilitating the transaction. Bitfinex held access to two of the keys while its partner BitGo held the third key. BitGo had partnered with Bitfinex in the creation of this multi-signature system. The hackers somehow gained access to these keys and were able to withdraw the users’ bitcoin to different unknown addresses.

DAO

The DAO or Decentralized Autonomous Organization was one of the biggest crowdfunding groups, created to function like venture capital funds for decentralized crypto projects. The organization was found to be compromised when the Ether balance in smart contracts was found to leave the system. The system encountered a loss of about $50 million in the attack. The DAO Smart was built on a complex Smart Contract that was aimed at a fair and decentralized operation. The hackers were able to exploit several mistakes in the Smart Contracts that allowed for repeated transactions that led to the withdrawal of more money than the fund it contained.

Mt. Gox

The Mt Gox hack is one of the most significant security attacks in the history of cryptocurrency exchanges. It is also the largest and most well-known hack in the world. Mt. Gox had grown to be the principal crypto exchange, handling over 70% of the total Bitcoin transactions. However, in 2014, about 850000 Bitcoins were found to be stolen, out of which 750000 were from Mt. Gox customers. The hackers were able to exploit the issue of transaction malleability in the exchange, editing transaction details to make it look as if the transaction never occurred.

BitGrail

BitGrail was a cryptocurrency exchange based in Italy that dealt with the trade of Bitcoin and other cryptocurrencies. The exchange was reported to have undergone a heist losing about $195 million worth of Nano and XRB tokens. The incident took place under questionable circumstances where the hackers were involved directly or just indirectly. Although the BitGrail hack was considerably smaller than several other security attacks, it highlighted the shortcomings of unregulated exchanges. Besides, the BitGrail attack brings to the forefront the need for a robust security system to protect the funds and crypto assets stored in the exchange. Introducing BankDex — the secure exchange platform A decentralized cryptocurrency exchange, BankDex facilitates peer to peer trade through Smart Contracts, without the involvement of a controlling third party. It provides the best of the decentralized world by vesting the complete control of funds with the trader. BankDex accelerates trade with centralized matching service and a wallet facility which eliminates the need for storing funds on the exchange.

Why security hacks can’t happen with BankDex?

BankDex ensures a secure transaction with the use of Smart Contracts. The exchange does not require any kind of sign up before the initiation of a transaction which protects the personal information of the trader from being shared. However, every token will be subjected to a KYC procedure before getting on the exchange. This helps in the elimination of ICO crypto scams. The private keys of BankDex are highly secured with the help of Intel SGX, the Proof of Stake protocol and the distributed nature of the exchange’s domain and kernel nodes. The highly distributed key duplication and secret sharing mechanism guarantee that the keys are safe from loss. Further, the associated keys can be accessed only from the generated domain location, enhancing its degree of protection. The kernels of BankDex technology will constantly balance the different domains to prevent the loss of assets in an almost impossible event of private key loss or leak. BankDex offers an attack-resistant, multicurrency exchange platform, addressing the pressing need for a secure platform to conduct cryptocurrency trade.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Originally published at https://cryptonomad.info on August 31, 2019.

Tips, Tricks, Techniques