What is an Exchange
A Crypto Exchange is an internet marketplace where you can convert fiat currencies into cryptocurrencies, and vice versa, but not only that. In fact, an Exchange also allows for cryptocurrency trading.
Those who want to invest in cryptocurrencies can then sign up to one of these platforms, leave their details, transfer some funds in fiat currencies and then will find the corresponding amount in the desired cryptocurrency in their crypto account. Exchanges are basically companies that manage their own platform and apply commissions to the transactions executed. The most well-known Exchanges are Binance and Coinbase, the latter recently listed on Nasdaq. Depending on the Exchange, the currencies that can be used and the availability of services can change, as well as the ease of use of the platform. But also reliability and security can change.
Exchanges and security
Exchanges in most cases handle client data through a centralized computer system, thus not benefiting from the security forms of Distributed Ledger Technology. Exchanges are therefore of great interest to hackers and at the same time a point of failure in the cryptocurrency world. In the Exchange systems, in fact, there are customers’ personal data, as well as funds managed through the platform.
In fact, the history of cryptocurrencies has shown that the most sensational cryptocurrency thefts have occurred through attacks on crypto exchanges. Below are some examples:
Between 2013 and 2014, about 650,000 bitcoins disappeared from the Mt.Gox site, about $25 billion at today’s value. Mt.Gox subsequently had to declare bankruptcy. At the time Mt.Gox, a Japanese platform, was the largest exchange in the world, managing 70% of transactions in the crypto world.
Following the events related to the bankruptcy, which lasted many years, it has been discovered an asset of 200,000 bitcoins that had escaped the cybercriminals and that can be redistributed among the customers of Mt.Gox. In fact, on October 20, 2021, a meeting of creditors will be held for the final approval of the refund plan, if any. The dates of the refund are instead still to be defined.
According to the cybersecurity agency that handled the case, the disappearance of funds was a result of thefts over the years since 2011, not a single incident.
In August 2016, Bitfinex suffered the theft of 120,000 bitcoins, corresponding to $5 billion. Bitfinex is a Hong Kong exchange among the largest in the world.
The theft was possible due to a security problem of the platform, which by the way was considered one of the most secure.
Subsequently, the site announced that it would pay back the losses to its clients by issuing a new token. The losses amounted to around 36% of the assets.
Subsequent investigations, however, revealed that Bitfinex‘s shortfall was also caused by improper financial management.
Canadian crypto exchange QuadrigaCX, in 2019 was the cause of the loss of funds of all its customers, not because of a cyberattack, but because of the death of its CEO and the subsequent inability to access his notebook. The computer was encrypted and accessible with a password known only to him. The damage was approximately $250 million.
However, Ernst & Young appointed Quadriga CX bankruptcy trustee by the judges, discovered that the exchange’s wallets were empty and the funds had been moved to other exchanges and wallets. It was assumed that either the CEO was not really dead, or someone else knew the access keys to the wallets and took advantage of the situation to seize the entire capital.
The criticality of security
Companies that own crypto exchanges know that a customer considers the security and reliability of the exchange as a key criterion in deciding whether to transfer funds to it. It goes without saying that the largest exchanges that have been in business for years are committed to providing customers with an operating environment that offers maximum assurance.
Among the key elements in increasing the level of security are the types of wallets used: hot wallets, although more convenient to use, have higher levels of vulnerability and therefore require the rest of the platform to be absolutely secure.
Other critical factors are adherence to good security practices, including identifying areas of vulnerability and applying multiple layers of security, risk management, and having systems in place to continuously test for vulnerabilities by external specialists dedicated to security testing and auditing.
There are also software vendors that sell specific solutions to make Exchange sites more secure. Monetum’s platform is externally audited by Kaspersky to ensure the security of its customers and of its exchange
The Crypto Exchange Security Report
At the end of 2018, the independent company ICOrating released its Crypto Exchange Security Report which included the rating of 135 platforms having a daily transaction volume of more than $100,000.
Out of the 135 platforms, none had an A+ rating, while 16% had A or A- ratings, still very high ratings.
The report evaluated four areas: user security, domain name security, web security and protection from Denial of Service attacks. Each category was evaluated for various parameters including a detailed evaluation of protection from the most common types of cyberattacks.
There are many situations that expose Exchange customers to the risk of losing their capital: from the risk of cyber-attacks to the risk of bankruptcy of the company that owns the platform.
On the Exchange side, it’s critical to be able to guarantee security for their customers, or else the business will be downsized or even bankrupt. For this reason, at least the larger exchanges have taken steps to maximize defensive barriers and provide guarantees to customers in case of problems.
The eternal struggle between guards and thieves, which has moved from the physical to the virtual world, is becoming more and more sophisticated on both sides and will probably never have a winner, so it is not wise to just rely on technical defences but the Exchange must also resort to forms of guarantee and insurance that protect the customer.