In recent weeks, the cryptocurrency industry has experienced major security breaches, bringing the security of centralized exchanges back into the spotlight. Here are the causes of two recent typical cases:
User accounts hacked due to malicious plugins: Some Binance users had their accounts hacked after downloading the Google Chrome plugin Aggr, which was promoted by KOLs. Hackers bypassed passwords and two-factor authentication (2FA) authentication by obtaining cookies and directly accessed users' accounts. Although 2FA prevented immediate withdrawals, hackers indirectly transferred funds through cross-trading.
AI Threat: Hackers stole user information from OKX and used AI face-changing technology to deceive customer service and reset account passwords.
Centralized Exchanges (CEX): Secure Management of Cryptocurrencies
Major security threats faced by centralized exchanges include hacker attacks, smart contract vulnerability exploits, weak account protection systems, phishing, and physical security issues. The suspected hacking of Binance on March 7, 2018 also caused a sharp drop in the market value of Bitcoin. In 2019, more than 28 security incidents were recorded, of which more than 70% involved the theft of digital assets, causing huge financial losses.
Governments and regulators are responding to these threats by introducing specific regulations and measures. For example, the South Korean government requires virtual currency exchanges with daily sales exceeding 10 billion won or daily visits exceeding 1 million to obtain Information Security Management System (ISMS) certification. In China, all services related to virtual currency settlement and trader information provision are prohibited.
To combat these threats, the industry has taken a number of steps to enhance security, such as:
On-chain data solutions: Using blockchain data to manage market counterparty risk.
Multi-Factor Authentication (MFA): Enhance user security through biometrics, one-click passwords, and push notifications.
SSL Encryption and Cold Storage: Secure data transmission and store important assets offline to prevent unauthorized access.
Regulatory compliance: Comply with requirements in different jurisdictions to ensure you operate within the legal framework.
Effective security measures for cryptocurrency exchanges are multifaceted and require coordinated efforts between exchanges, regulators, and users.
CoinW’s advanced security and risk control system
CoinW is committed to providing a safe trading environment through strong security measures and risk control systems. The head of security at CoinW said: "The core system of a centralized exchange is similar to that of a bank. In this system, its security includes the security of the front-end and back-end, whether the technical solution has undergone security assessment, and the encryption mechanism of data storage and communication."
Unlike traditional banks, exchanges deal with on-chain assets and prioritize the security of private keys. CoinW uses multi-signature technology (multi-sig) and adopts the traditional sharding method to store keys. In the event of problems with hot wallets, CoinW has a backup system for recovery and stores large amounts of funds in cold wallets.
Internal mechanisms are also critical, including real-time security incident monitoring and response. The system is able to quickly detect and handle suspicious activities, such as abnormal network access or remote logins. CoinW uses multiple verification methods to handle long-term inactivity or remote logins, and provides instant notifications for any abnormal transactions, including emails and in-site messages. In terms of business risk control, transactions that trigger risk conditions are subject to secondary manual review to ensure additional review of accounts with abnormal activities.
In addition, CoinW strengthens wallet security through multi-party computing (MPC) technology, distributing keys across four systems. Any transaction requires unanimous approval from the four systems to prevent unauthorized operations.
CoinW also integrated KYA (Know Your Address) into the existing KYT (Know Your Transaction) system to improve security standards. KYA analyzes and classifies on-chain addresses, enhancing the ability to identify risks and protect user assets. This integration further consolidates CoinW's security leadership in the cryptocurrency industry.
CoinW has also made important achievements in compliance, such as obtaining a digital currency trading service license issued by the Australian Transaction Reports and Analysis Centre (AUSTRAC). This enables us to legally conduct spot trading and fiat currency trading, providing customers with a safer and more reliable trading environment.
CoinW’s head of security concluded: “Generally speaking, the security level of a centralized exchange is determined by its technical measures, business operations, internal management, and ability to respond to security incidents. These factors work together to ensure the security and reliability of the exchange, providing users with a safe and trustworthy trading environment.”