In recent weeks, the cryptocurrency industry has experienced major security breaches, bringing the security of centralized exchanges back into the spotlight. Here are the causes of two recent typical cases:
-
User accounts hacked due to malicious plugins: Some Binance users had their accounts hacked after downloading the Google Chrome plugin Aggr, which was promoted by KOLs. Hackers bypassed passwords and two-factor authentication (2FA) authentication by obtaining cookies and directly accessed users accounts. Although 2FA prevented immediate withdrawals, hackers indirectly transferred funds through staking transactions.
-
AI Threat: Hackers stole user information from OKX and used AI face-changing technology to deceive customer service and reset account passwords.
Centralized Exchanges (CEX): Secure Management of Cryptocurrencies
Major security threats faced by centralized exchanges include hacker attacks, smart contract vulnerability exploits, weak account protection systems, phishing, and physical security issues. The suspected hacking of Binance on March 7, 2018 also caused a sharp drop in the market value of Bitcoin. In 2019, more than 28 security incidents were recorded, of which more than 70% involved the theft of digital assets, causing huge financial losses.
Governments and regulators are responding to these threats by introducing specific regulations and measures. For example, the South Korean government requires virtual currency exchanges with daily sales exceeding 10 billion won or daily visits exceeding 1 million to obtain Information Security Management System (ISMS) certification. In China, all services related to virtual currency settlement and trader information provision are prohibited.
To combat these threats, the industry has taken a number of steps to enhance security, such as:
-
On-chain data solutions: Using blockchain data to manage market counterparty risk.
-
Multi-Factor Authentication (MFA): Enhance user security through biometrics, one-click passwords, and push notifications.
-
SSL Encryption and Cold Storage: Secure data transmission and store important assets offline to prevent unauthorized access.
-
Regulatory compliance: Comply with requirements in different jurisdictions to ensure you operate within the legal framework.
Effective security measures for cryptocurrency exchanges are multifaceted and require coordinated efforts between exchanges, regulators, and users.
CoinWs advanced security and risk control system
CoinW is committed to providing a safe trading environment through strong security measures and risk control systems. The head of security at CoinW said: The core system of a centralized exchange is similar to that of a bank. In this system, its security includes the security of the front-end and back-end, whether the technical solution has undergone security assessment, and the encryption mechanism of data storage and communication.
Unlike traditional banks, exchanges deal with on-chain assets and prioritize the security of private keys. CoinW uses multi-signature technology (multi-sig) and adopts the traditional sharding method to store keys. In the event of problems with hot wallets, CoinW has a backup system for recovery and stores large amounts of funds in cold wallets.
Internal mechanisms are also critical, including real-time security incident monitoring and response. The system is able to quickly detect and handle suspicious activities, such as abnormal network access or remote logins. CoinW uses multiple verification methods to handle long-term inactivity or remote logins, and provides instant notification of any abnormal transactions, including emails and in-site messages. In terms of business risk control, transactions that trigger risk conditions are subject to secondary manual review to ensure additional review of accounts with abnormal activities.
In addition, CoinW strengthens wallet security through multi-party computing (MPC) technology, distributing keys across four systems. Any transaction requires unanimous approval from the four systems to prevent unauthorized operations.
CoinW also integrated KYA (Know Your Address) into the existing KYT (Know Your Transaction) system to improve security standards. KYA analyzes and classifies on-chain addresses, enhancing the ability to identify risks and protect user assets. This integration further consolidates CoinWs security leadership in the cryptocurrency industry.
CoinW has also made important achievements in compliance, such as obtaining a digital currency trading service license issued by the Australian Transaction Reports and Analysis Centre (AUSTRAC). This enables us to legally conduct spot trading and fiat currency trading, providing customers with a safer and more reliable trading environment.
CoinW’s head of security concluded: “In general, the security level of a centralized exchange is determined by its technical measures, business operations, internal management, and ability to respond to security incidents. These factors work together to ensure the security and reliability of the exchange, providing users with a safe and trustworthy trading environment.”
This article is sourced from the internet: Cryptocurrency security: CoinW reflects on recent industry security incidents
관련: Bitget Research Institute: 유럽 중앙은행이 예상대로 금리를 인하하고 IO.NET이 거래를 위해 개방될 예정입니다.
지난 24시간 동안 시장에 많은 새로운 인기 통화와 주제가 등장했으며, 이것이 돈을 벌 수 있는 다음 기회가 될 가능성이 매우 높습니다. 유럽 중앙은행이 금리를 25베이시스포인트 인하했고, 이는 글로벌 중앙은행의 금리 인하 주기를 시작할 수 있습니다. BTC 현물 ETF는 18일 연속으로 순 유입을 기록했습니다. 알트코인 시장은 침체된 성과를 보였습니다. 솔라나 생태계 밈 거래 활동은 여전히 높습니다. io.net(IO)은 6월 11일에 거래가 시작됩니다. 가장 강력한 부 창출 효과가 있는 분야는 다음과 같습니다. GameStop concept meme 앞으로 주목할 만한 분야는 다음과 같습니다. TON 생태계 사용자가 가장 많이 검색한 토큰과 주제는 다음과 같습니다. Glacier Network, Ultiverse, io.net 잠재적 에어드롭 기회는 다음과 같습니다.…