Designing a Powerful Security Mechanism in a Crypto Exchange
Marie Tatibouet is the Chief Marketing Officer at cryptocurrency exchange Gate.io.
From being a buzzword to solving realistic business problems, blockchain technology has come a long way since 2009. Cryptocurrency, in particular has evolved to be a powerful investment asset that can be saved, retrieved and exchanged, and is resistant to censorship or control by central bodies, such as banks. With Facebook announcing its own cryptocurrency and Amazon allowing users to pay with Bitcoin, 2019 so far has been great for crypto adoption.
However, there are some roadblocks. Since the Internet boom, cybercrime has been prevalent in various industries, especially in banking and finance. It involves hacking networks and computers to steal confidential customer data, money, and other critical information. Given the huge amount of funds being traded across borders using crypto currencies daily (over USD 30 billion funds in worth are traded on a daily basis), it would seem natural that cyber criminals would be attracted to crypto currencies.
Be vigilant, be hack-proof
In November 2018, hackers targeted StatCounter, a web analytics platform we used to track data. Hackers injected a malicious script in the StatCounter website code to target our users and steal their bitcoins. Our cybersecurity team was quick to scan the website with 56 antivirus products, once they were notified by ESET, an IT security body which concluded that nothing suspicious was found. We stopped using StatCounter after this incident.
Even though this approach was foiled, there is a lot to learn from this incident, and from many other recent cryptocurrency hacks in the industry. In 2018, the industry lost USD 1.7 billion in cryptocurrency thefts and scams.
Having closely watched some of the recent security hacks in the industry, the patterns have always indicated that hackers are more likely to target centralized systems of cryptocurrency exchanges as they have a single point of failure, allowing them to embed malicious scripts in the website code. Other backdoor hacking approaches include cross-site scripting (XSS), and social engineering attacks such as phishing.
Road to security is the road to success
Focusing on transparency and security of the users should be vital for every crypto exchange. Their platforms must have an integrated wallet to assure users’ fund safety. It is also important to understand that user security, platform security, and domain security are interconnected and require comprehensive protection. To achieve a holistic security system, exchanges should explore various security dimensions to emerge safe, reliable, and transparent for their users.
Ensuring user account security
The more global a platform gets, the more likely it is that hackers carry out illicit activities, which makes user security even more essential. Strengthening technical teams to ensure flawless exchange codes, mandating a strong password, incorporating two-factor authentication (2FA) are some steps that should be followed for an additional layer of security.
Abiding by the industry security norms
Complying with all the industry norms around Know-Your-Customer (KYC), domain security, and web security is also important to maintain full reliability for the users.
In-house cyber experts to prevent cyber threats
Extending technical teams with a special focus on cyber security or getting in-house cyber experts who, at all times, can keep a check on any suspicious behavior is a great way to prevent potential threats. It will allow them to control and quickly respond to any unfortunate incident in advance. At Gate, we are building a new development team that consists of top-notch talent from some of the biggest internet-tech companies, such as Alibaba and Tencent.
Third party cybersecurity checks
Running periodic security audits to avoid missing any loopholes in security mechanisms can reward every crypto exchange, eliminating in-house biases that could eventually compromise the security of the platform. For example, our team invest thousands of dollars in carrying out independent third-party security audits every quarter.
User experience often comes in the way of security for users, especially for beginners. For example, securing funds in wallets is always safer than leaving it on the exchange but most users won’t have the patience to wait if the transaction is taking too long. Ensuring that technology addresses these issues is crucial; Gate’s platform operates at 10,000 transactions per second. The team also follows an unbiased approach in the selection processes, whether it is listing coins on the Gate.io platform or selecting projects for Gate Startup, our IEO (initial exchange offering) launch platform.
Here at Gate.io, we are building GateChain, a public blockchain dedicated to blockchain asset safety and decentralized exchange. Here is what’s on the GateChain menu – an innovative public blockchain that has not been used in the industry before. With several unique features such as onchain safety account and customizable time delay recovery that guarantee the blockchain asset safety, even after the destruction of the private keys, we are looking to lead by example.
With a wide variety of user profiles, ranging from beginners to advanced traders, crypto exchanges must ensure to keep up with the most advanced security norms and technology, while providing a smooth and seamless user experience. Therefore, the technical teams should focus on creating security mechanisms that are an amalgamation of technological security (on which the platform is built), cluster security (the communication protocol), and logical security (using software safeguards), to build a shatterproof wall for intruders.