Vulnerability of Crypto Exchanges and the Need to Do Better
2022 has been a very busy year for the cryptocurrency markets. Besides the various multibillion-dollar failed projects leading to market contagion, many projects have also lost significant amounts to hacks and exploits. The high rate of hacks peaked in October, with crypto projects losing the highest amount on record monthly to hacks and exploits. Cryptocurrency exchanges have not been spared, as many have been victims of these hacks.
Recent Deribit and FTX hacks highlight the need for better security
In the first week of November, derivatives exchange Deribit became the latest victim of such hacks after hackers drained $28 million from its hot wallet. The exchange had to temporarily suspend withdrawals after this happened, even though it was not seriously affected. The exchange claimed that only 1% of their assets are in hot wallets.
The incident isn’t the first crypto exchange or the last. More than 40 crypto exchanges have been hacked since 2012. 2019 alone saw 19 cryptocurrency exchanges being compromised. While the number of exchanges being hacked has reduced, a few cases still make it necessary to address the problem.
The recent Deribit and FTX hack highlight the need for exchanges to prioritize user protection and better security systems. This is especially important at the present time when the customer’s trust in crypto exchanges is at all time low due to the collapse of FTX.
A recent report by Glassnode Insights shows that more users are withdrawing their Bitcoin and Ethereum off exchanges and opting for self-custody. Holders are finally taking the saying, “not your keys, not your coins,» seriously. However, not everyone will be able to or wants to be self-custody. So, the exchange still has to do better in protecting those who trust them enough to leave their funds on the platform.
When it comes to hacking crypto exchanges, the most popular method is for hackers to get keys to exchanges’ hot wallets and use them to exploit them. But several other concerns need to be addressed to prevent hacks on exchange.
What needs to change?
First, there is a need for adequate risk management by crypto exchanges. This should combine strategies to control possible risks and increase risk monitoring. Most of the exploits and hacks on exchanges happen due to vulnerabilities that could have been prevented if noticed on time. But crypto trading platforms fail to detect these anomalies and vulnerabilities because they don’t have a standard risk monitoring system. So, exchanges need to prioritize 24/7 vigilance by monitoring any abnormalities or risk factors.
However, there is also a need to implement active strategies to deal with these risk factors. Creating and updating a blacklist of suspicious addresses is an excellent way to start. But it is also essential to have systems to detect and control anomalies. For example, flagging frequent withdrawals or withdrawals of massive amounts and verifying them before processing could go a long way to prevent any exploit or hack that could result in losing users’ funds.
Furthermore, better custody is essential for the protection of users’ assets. Exchanges now use institutional-grade custodian services that protect private keys and monitor the withdrawal process. These storage solutions improvements have significantly helped reduce the rate of exchange hacks. But there is still a need to do more.
Bit.com’s three-pronged approach to more robust security
Fortunately, some exchanges have already instituted high security and protection standards for users’ funds. Bit.com is one such exchange with its three-pronged approach to security, which focuses on risk management, custody, and user protection. To take the security of crypto assets to another level, Bit.com has partnered with the enterprise-grade digital asset custodian service provider Cactus Custody. In addition, Bit.com keeps track of a constantly updated whitelist that stores a backlog of large transactions, which prevents malicious actors from withdrawing large amounts of crypto without anyone noticing.
But several exchanges still need to improve their safety to prevent hacks that could put the industry’s stability at risk.
Additionally, crypto exchanges need to improve their transparency. While many exchanges claim they use cold wallets, it is difficult to verify whether these cold wallets are 100% offline. Users have little to no idea about the internal security processes of exchanges and how well they comply with the risk management protocols. The lack of transparency usually leaves users at risk. Thus, exchanges need not just to talk the talk and walk it as they talk it; they need to show the users that they are doing so.
Nevertheless, self-custody remains the safest way to store assets for users. Several hot and cold personal wallets are easily accessible for this. Check our crypto wallets review section for more information.