In recent weeks, the cryptocurrency industry has been rocked by major security breaches, bringing the security of centralized exchanges back into the spotlight. Here are the causes of two recent typical cases:
User accounts compromised due to malicious plugins: Some Binance users were attacked after downloading the Google Chrome plugin Aggr, promoted by a KOL. Hackers bypassed passwords and two-factor authentication (2FA) by obtaining cookies, gaining direct access to users’ accounts. Although 2FA prevented immediate withdrawals, hackers managed to transfer funds indirectly through wash trading.
AI threats: Hackers stole user information from OKX and used AI deepfake technology to deceive customer service and reset account passwords.
Security management of centralized exchanges (CEX) for cryptocurrencies
Major security threats faced by centralized exchanges include hacker attacks, exploitation of smart contract vulnerabilities, weak account protection systems, phishing, and physical security issues. The suspected hacking incident of Binance on March 7, 2018, led to a significant drop in the market value of Bitcoin. In 2019, over 28 security incidents were recorded, with more than 70% involving the theft of digital assets, resulting in significant financial losses.
Governments and regulatory bodies worldwide are responding to these threats by introducing specific regulations and measures. For example, the South Korean government requires virtual currency exchanges with daily sales exceeding 100 billion Korean won or daily visits exceeding 1 million to obtain Information Security Management System (ISMS) certification. In China, all services related to virtual currency settlement and trader information provision are prohibited.
To address these threats, the industry has implemented various measures to enhance security, such as:
On-chain data solutions: Using blockchain data to manage counterparty risk.
Multi-factor authentication (MFA): Enhancing user security with biometrics, one-click passwords, and push notifications.
SSL encryption and cold storage: Protecting data transmission and storing critical assets offline to prevent unauthorized access.
Compliance with regulations: Complying with requirements in different jurisdictions to ensure operational within legal frameworks.
Effective security measures for cryptocurrency exchanges are multifaceted, requiring coordination efforts among exchanges, regulators, and users.
CoinW’s advanced security and risk control system
CoinW is committed to providing a secure trading environment through robust security measures and risk control systems. CoinW’s security officer stated, “The core system of a centralized exchange is similar to a bank. Its security includes both front-end and back-end security, as well as the evaluation of technical solutions for security, data storage, and encrypted communication.”
Unlike traditional banks, exchanges deal with on-chain assets, prioritizing the security of private keys. CoinW uses multi-signature technology (multi-sig) and traditional sharding methods to store keys. In case of issues with hot wallets, CoinW has backup systems for recovery and stores large funds in cold wallets.
Internal mechanisms are also crucial, including real-time security event monitoring and response. The system can quickly detect and handle suspicious activities such as abnormal network access or logins from different locations. CoinW handles long periods of inactivity or logins from different locations through multi-verification methods and provides immediate notifications for any unusual transactions, including emails and in-site messages. In terms of business risk control, transactions triggering risk conditions require secondary manual review to ensure additional scrutiny of accounts with abnormal activities.
Additionally, CoinW strengthens wallet security through Multi-Party Computation (MPC) technology, distributing keys among four systems, requiring consistent approval from all four systems for any transaction to prevent unauthorized operations.
CoinW has also integrated KYA (Know Your Address) into its existing KYT (Know Your Transaction) system to enhance security standards. KYA analyzes and categorizes on-chain addresses, enhancing the ability to identify risks and protect user assets. This integration further solidifies CoinW’s leading position in security within the cryptocurrency industry.
CoinW has achieved significant compliance milestones, such as obtaining a Digital Currency Exchange License from the Australian Transaction Reports and Analysis Centre (AUSTRAC). This allows us to legally conduct spot trading and fiat trading, providing customers with a more secure and reliable trading environment.
In conclusion, CoinW’s security officer summarized, “Overall, the security level of a centralized exchange is determined by its technical measures, business operations, internal management, and response capabilities to security events. These factors together ensure the security and reliability of the exchange, providing users with a safe and trustworthy trading environment.”
