Here article was updated to show that Bitrue has now acknowledged the hack of its stage.
Throughout the past six weeks, seven crypto exchanges have reportedly discussed large-scale hacking attacks to the number of tens of millions of dollars, with the latest platform to suffer a security breach being GateHub.
Since the global crypto market continues to see a growing amount of security breaches causing the loss of consumer funds, investors might become reluctant to rely on centralized exchanges to save capital.
On June 26, Singapore-based cryptocurrency market Bitrue has confessed the simple fact that it suffered a significant attack by which the market’s alluring pockets had stolen 9.3 million XRP and 2.5 million ADA deserving around $5 million at the time. The announcement read:
“A hacker exploited a vulnerability in our Risk Control team’s 2nd review process to access the personal funds of about 90 Bitrue users.”
The exchange also clarified from the thread that users that lost their electronic assets would be compensated, while also searching for initially misleading their customers by saying that the platform was down for maintenance. Bitrue also provided a hyperlink to track the movement of the stolen funds and also acknowledged that it reached out to Singaporean authorities to track down the offenders.
GateHub — 18,473 accounts affected
As announced by Cointelegraph on June 6, the United Kingdom and Slovenia-based crypto exchange GateHub reported the loss of almost $10 million value of XRP.
Within an update published on June 7, the GateHub team noted an unidentified hacker used a complicated procedure to gain entry to your database holding users’ access tokens and steal their funds. In the wake, GateHub stated :
“Through a well-orchestrated attack, the perpetrator gained access to a database holding valid access tokens of our customers. We detected an increased volume of API calls (using these valid access tokens) coming from a small number of IP addresses.”
The market told its users that it would collaborate with its internal response team, law enforcement agencies, third-party professional safety and forensics teams, and investigative governments to analyze the breach and also to potentially locate the individual or a group accountable for its violation.
Through the years, despite the efforts of exchanges to ramp up security measures and improve internal control systems, hackers have managed to deploy more complex and advanced technologies to gain unauthorized entry into corporate pockets and user accounts.
Insurance is just as important as security measures
In some instances, as noticed in the example of Binance’s $40 million security breach, it is hard to even for the biggest crypto exchanges on the planet — with in-house security experts — to prevent unexpected breaches.
However, it’s feasible for exchanges to set up systems that allow for the speedy recovery of user funds.
Binance stated in July 2018:
“Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.”
Two types of pockets exist in crypto: sexy purses and cold purses. Hot bags are purses that are connected to the web and which are readily available. Cold wallets are wallets saved offline and are utilized by significant exchanges to store reserves of cryptocurrencies like bitcoin securely.
Cold pockets can’t be hacked because they’re not on the internet — and therefore, exchanges hold the overwhelming bulk of their reservations in cold wallets.
However, despite having sophisticated safety measures in place, hot pockets can be exposed to attacks, so it’s ideal for an exchange to set up an insurance fund that is equivalent to the total held in its hot wallet to prevent a security breach at the future affecting the exchange’s operations.
Such a practice doesn’t prevent an exchange from enduring a hacking attack. Still, it minimizes the magnitude of an episode’s effect on the market and facilitates the recovery process to be more structured and transparent.
The most critical crypto deals in the worldwide marketplace — the likes of Binance, Coinbase, and Gemini obtained insurance from third-party service providers or have personal insurance funds in place to compensate customers, should an unexpected incident appear.
Coinbase, by way of example, notes that it maintains a book that is bigger than its online storage with third party insurance.
Gemini purchased the insurance services of Aon and the Federal Deposit Insurance Corporation in October 2018, and Yusuf Hussain, Gemini’s head of risk, stated at the time:
“Consumers are looking for the same levels of insured protection they’re used to being afforded by traditional financial institutions. Educating our insurers not only allows us to provide such protections to our customers, but it also sets the expectation for consumer protection across the crypto industry.”
Communication between exchanges is crucial
Since hot wallets or internet storage can become vulnerable to security breaches, it’s of extreme importance for exchanges to build a line of communication with different platforms to trace and possibly stop transactions when irregular funds open to moving.
According to the GateHub team, some of the funds withdrawn from the $10 million security violation were transferred to exchanges such as Kucoin, Huobi, and HitBTC, all of which have Know Your Customer (KYC) policies in place. GateHub acknowledged this fact:
If transactions have an efficient system to convey if unexpected events occur, it becomes feasible for them to suspend wallets that received the profits from an expected hacking attack and quickly begin recovering funds.
In January 2018, South Korea’s four biggest crypto exchanges — Bithumb, Upbit, Coinone, and Korbit — made that a hotline for major exchanges to guarantee suspicious transactions could be discovered and frozen immediately after being revealed.
Transactions on people blockchain networks such as Bitcoin and Ethereum are traceable because of the decentralized structure of their blockchain. Significant exchanges are already working with analytics firms like Chainalysis to maintain a database of suspicious transactions and pockets.
The presence of a hotline among significant crypto exchanges in the global marketplace would create a significantly more theoretical ecosystem for hackers to distribute profits from an assault to various transactions.
Why systems must improve
In prior years, many crypto-related hacking attacks were endured by small exchanges that typically couldn’t afford to get an in-house security team and advanced measures in place.
Nonetheless, in the past six months, leading crypto exchanges such as Binance, Bithumb, and Coinmama have fallen prey to security breaches, all who have hundreds of thousands of consumers.
Bithumb that is regarded as one of the two biggest crypto exchanges in South Korea (alongside UPbit) has been hacked in March for the third time in two decades in what the trade supposes to become an insider job.
The Bithumb staff said:
“According to the company’s manual, Bithumb secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service. As a result of the internal inspection, it is judged that the incident is an ‘accident involving insiders’. Based on the facts, we are conducting intensive investigations with KISA, Cyber Police Agency and security companies.”
Last year, cybersecurity company Group-IB reported that seven crypto exchanges were hacked in 2018, with the most significant violation suffered by Coincheck leading to the reduction of a staggering $534 million value in crypto.
More significant than six months into 2019, and already seven crypto exchanges have been hacked — excluding the CoinBene episode, which a suspect may also be a hacking attack.
In March, cryptocurrency researcher Nick Schteringard explained that $6 million worth of coinbene coin and $39 million in maximine had been withdrawn from the CoinBene exchange.
According to the report:
“After leaving CoinBene, the tokens were quickly moved into Etherdelta, where they were sold for ETH. A large amount of funds were also moved into centralized Exchanges, including Binance, Huobi, and Bittrex. The funds continue to move into exchanges as I write this.”
A troubling trend?
The worrying trend in the crypto exchange market is that, within the first six months of 2019, the sector has witnessed the same amount of hacking attacks as in all of the previous year, and large scale exchanges mainly experienced security breaches in 2019.
In the upcoming weeks and years, the methods and technologies employed by hackers will continue to become more sophisticated and advanced.
While it’s challenging to completely stop unauthorized access, especially in the case of sexy pockets, exchanges can have proper protection, an in-house safety group, and back-up reserves equal to the quantity of crypto held in online storage to stop users from being changed in case of a security violation.