Why can’t I just trust the exchanges?
Although it might be tempting to go for the crypto exchange which makes the best claims or looks the most credible – it’s important to do your own homework.
31 crypto exchanges have been hacked over the past eight years – with an estimated $1.3 billion stolen.
You may think that some of the largest exchanges by trading volume – with Binance dominating CoinMarketCap’s rankings – would be among the industry’s most robust given their popularity among crypto enthusiasts. However, as Cointelegraph reported when ICORating’s report was released at the start of October 2018, Binance scored a surprisingly low 63/100 when ranked on requirements including coding robustness and end user protection.
The report revealed a shocking 41 percent of the 100 exchanges it scrutinized allow “simple” passwords which are fewer than eight characters long – meaning these platforms are enabling less-informed customers to potentially sleepwalk into a calamitous breach where their funds could disappear.
Overall, its conclusions make for grim reading, with the report’s authors writing: “Nobody is fully protected from the loss of their crypto assets, therefore, invest in reliable assets, diversify your portfolio and choose good crypto exchanges.”
How do I choose a good exchange? What do the experts say?
The type of storage the exchange uses, and only keeping your coins in an internet-enabled wallet when you need to use them, matters.
Firstly, it’s worth learning from the hard lessons that crypto enthusiasts have endured through some of the major hacks of yesteryear.
Mt. Gox was hacked twice – once in 2011 and again in 2014 – with a total of 850,000 Bitcoin lost in the latter attack. At the time, it represented roughly 7 percent of the total amount of Bitcoin in circulation, with a value back then of about $480 million. Today that would be worth more than $5.4 billion. In 2013, it was handling an estimated 80 percent of Bitcoin transactions – showing how even the largest exchanges can be vulnerable. In Mt. Gox’s case, a faulty computer system was to blame, opening it up to hack attacks.
Speaking to Cointelegraph back in August, experts said the best way for investors to inoculate themselves against poor security was to choose an exchange which enlists the help of reliable auditors who spend their time looking for flaws in a system. Looking for an exchange which uses cold storage – where assets are stored in a place without an internet connection – can help. Minimizing the amount of coins held in hot wallets can also reduce the impact if an attack does take place.
What steps can I take?
Make your password complex and make sure there are multiple steps before a transaction is fully completed.
Several exchanges use a time delay when they are processing transactions, enabling them to be manually reviewed for fraudulent activity. Although it can be slightly inconvenient to wait for funds to clear, experts say most users should be willing to withstand the inconvenience of waiting for a payment instead of losing their assets because they were processed instantly and unwittingly handed to a greedy hacker.
It’s important to embrace the layers of security that an exchange offers, as well as the warning triggers that come into place when a transaction looks suspect. This means making the most out of two-factor authentication, multi-signature transactions, and ensuring that a password is as complex as humanly possible.
What are crypto exchanges doing to ramp up security?
Platforms most conscious about security are trying to ensure that any and all transactions purported to be by you match up.
This can mean verifying that the IP address which is being used to complete transactions match up with the details that you normally use. Verifying payments with an email confirmation is also commonplace, as well as using a crypto debit card. This particular tool is advantageous because you’ll normally have it on your person, making it harder for funds to be stolen in isolation from halfway around the world.
Some crypto exchanges, like International Digital Currency Markets (IDCM) are turning to artificial intelligence to help with their security efforts – and use technology which continuously monitors its network for suspicious activities. The company’s white paper says it uses “bank grade security standards” to protect against malicious hackers.
Are security fears stopping crypto from becoming mainstream?
It could be argued this is the case – but experts believe there are several other hurdles that the industry needs to face.
Andrew Wong, a managing partner at IDCM, says the crypto world is still in its infancy – so much so that it will take at least three years before cryptocurrencies begin to gain dominance, and even longer for the public to start embracing it properly.
In part, he believes this is because of the scalability issues affecting crypto – and the fact that blockchain technology can be difficult for novices to comprehend and use.
Mr Wong, a former trader at JP Morgan, believes “more stringent know your customer (KYC) checks for centralized exchanges” will be introduced in the future – but believes this doesn’t have to be at the detriment of the industry’s progress. He said: “Cryptocurrency regulation is absolutely necessary so, as long as it is not suffocating innovation, it is a positive thing. Certainty is the main benefit of regulation.”
How can I be sure an exchange is telling the truth?
Actions matter more than words – so take a look at what they have been doing to protect themselves from hacks and keep their platforms secure.
Investment in fraud analytics matters. When exchanges spend money on trying to ensure their systems are robust, it helps to protect you: the user.
Many platforms regularly submit themselves to security audits by independent parties, who then publish their findings and disclose the vulnerabilities they have found. Reputable exchanges will publish the outcome of these audits in full – enabling you to see for yourself their strengths and weaknesses, and the steps they have taken to resolve things.
You should also see whether or not the exchange you’re interested in participates in bug bounty programs. Put simply, this is where a platform offers a reward to “white hat” hackers who expose security flaws in their systems – playing cyber criminals at their own game and trying to exploit a glitch before they do. It’s a practice that has gained traction in recent years, with major corporations and even governments subscribing to these schemes.
Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.