Susceptibility of crypto exchanges to security breaches and users’ lack of protection

Susceptibility of crypto exchanges to security breaches and users’ lack of protection

Since 2014, various sorts of malicious attacks on crypto exchanges took place. The most notable hacks resulted in $400 million worth of tokens being stolen from Coincheck in 2018. Bitfinex’s exchange wallets were exploited back in 2017, and more than $72 million were stolen. Mt. Gox lost more than $350 million worth of Bitcoin from 2011 to 2014 as their security could not withhold severe hacking assaults. As of September 2018, it is estimated that about $16, 5 billion have been hijacked from cryptocurrency exchanges.

Security division and terms elucidation

In order to fully comprehend how security threats and minimal protection of user’s accounts impact overall security of crypto exchanges, let’s first dive into division and terms introduction.

Cyber security as means of defense against external raids

Cyber Security Threats are defined as feasible hazards that may take advantage of security’s susceptibility to various breaches, consequently causing massive disruptions within the network. Cyber security threats are divided into:

– Cyber fraud — incorporating phishing, spear phishing, and whaling;

It is believed that criminals stole around $5 million from Bitstamp, by exploiting phishing techniques to their employees by ensuring them that the files that they sent are legitimate. Fraudsters sent encrypted file containing malicious VBA script, which, when opened, employed a hazardous file on their computers.

– Malware attacks — including viruses, worms, Trojans, spyware, rootkits, etc;

– Ransomware attacks — hijackers threaten to release victim’s data unless a ransom is paid;

– Hacking — including DDoS, key logging, etc;

– Out-of-date software;

One of the most renowned security experts, Oleksii Mattiasevych described the necessity of software updates. He noticed that 6 major exchanges were liable to fraudsters manipulating their Ethereum balance. That is, they created new accounts and through exploiting the outdated software they increased their balance, and proceeded with withdrawing the Ethereum into their wallets.

– Transaction pliability — manipulation of blockchain’s transactions.

Blockchain advocates often state that blockchain transactions are recorded on an “unyielding” record. However, each transaction consists of a signature which can be exploited before finalizing the transaction. Precisely Mt. Gox hack came as a consequence of fraudsters submitting code alterations to a public ledger before initial transactions were posted.

Internal protection of users’ data and security

Protecting users’ data and security is of the utmost importance when it comes to crypto exchanges. This is not an easy task to do, as hackers became more proficient into disguising as bona fide users.

– Extended validation (EV) SSL certificate — verification of identity, legality and domain authenticity;

– Multifactor authentication — commonly known as 2FA (two factor authentication);

– Single Sign-on (SSO) — authentication service;

Single sign-on is a service which permits users to use a single login credentials (username and password) to gain access of multiple accounts. Let’s consider Google for a second as an ideal example. Once you provide your adequate login credential, you will be automatically logged in not only for one service, but for email, YouTube, Google Docs, Google maps, Google Drive, Google Calendar, etc.

– Fraud detection (firewall) — program dedicated toward detecting potentially harmful files/intentions;

– KYC (Know your customer) — verification of clients identity and assessing potential illegal outcomes;

– Weak employee login credentials — this opens up an easy opportunity for cyber criminals to enter the network and cause damage.

Analyzing crypto exchanges using external and internal factors

Guided by this example, we have conducted a thorough security breakdown of some of the most innovative and revolutionary crypto exchanges currently on the market.

– Bitvo

– Independent Reserve

– CoinFalcon

– CoinDirect

– CoinFloor

As clearly depicted in this article, generally speaking, only 46% of all crypto exchanges use requisite security parameters to make the exchange safe. What is even more alarming is that only 10% of exchanges utilize DNSSEC (Domain Name System Security Extensions), whereas 2% use registry locks. This clearly opens up a way for hackers to exploit the system and get the most out of it.


A good hint for all crypto exchanges would be to know their security and inform properly their users how to use their platform securely and easily. Many exchanges ignore the facts presented to them, and as a consequence they inevitably become a target for these malicious attacks. On the other hand, users should also thread carefully as hackers loom around the corner.

About CoinPoint:

CoinPoint is a premium marketing agency, founded in 2013, working with all scale businesses — from startups, presenting their businesses on a global level, to multinational companies looking for digital transformation & blockchain adoption. The agency stays on top by providing the best services and solutions to its clients around the world.

For interviews or other media inquiries: