Are Crypto Exchange Failings Showing a Gap in User Security?
Disclaimer: The Industry Talk section features insights by crypto industry players and is not a part of the Cryptonews.com editorial content.
One thing that is becoming increasingly clear is the inability of trading platforms to secure their operations against increasingly sophisticated attacks by malicious parties.
Recent events have proved this. Bad actors were able to access 3Commas users’ API and withdraw approximately $20 million in funds. Just before that, a Binance user had his API key compromised leading to the hacker buying 1 million AXS tokens from his account.
The more you dive into this, the more incidences of weakened security you will find. Move back a year and you find that Crypto.com users started seeing their assets being withdrawn without their approval. This time, the party involved was able to circumvent Two Factor Authentication (2FA) – a key security tool used in the crypto industry.
This shows that clearly, crypto trading firms need to improve in using the right tools for securing their platform. The irony is that It’s not that hard to improve the current security.
Encryption is a friend, for both platforms and users. Using APIs that are encrypted and without withdrawal are the toughest out there. This ensures that service platforms do not have access to the funds or even personal data. Even in an event where the private keys are compromised, the hacker will not be able to withdraw the funds anyway if withdrawals are restricted by default.
But encrypted API keys are not enough on their own. Bad actors are getting smart and crypto trading platforms have to be smarter. Things like allowing only one API per user account can help limit hackers.
Using advanced monitoring tools for counter-trading (where compromised APIs are used to make large-scale buy or sell orders to manipulate a token’s price for their benefit) is simple, yet can make all the difference – fingerprinting, where the digital footprint is monitored to ensure only trusted devices are used can go a very long way.
Open-Standard Authorization (or OAuth) is another effective security method that is very easy to implement. This gives secure access to one party from another, without the need of revealing sensitive data. Sounds complex, but isn’t. OAuth is already pretty common in non-crypto services.
RSA-2048 is another security standard that crypto trading firms can benefit from. Simply put, the encryption has a security key that is 2048 characters long. Now that is a long key to break – not easy to do so.
Two Factor Authentication (2FA) is also a common security protocol but offers extreme safety. This requires a user to enter two different passwords from different sources (like SMS, Email, and manual password input). 2FA is made more secure by having a rolling password with a small time limit (ranging between 30 seconds and 10 minutes). So even if a bad actor gains access, it is impossible to reuse that password once the time limit has expired.
There is good news for traders though. Several trading companies exist in the market that are deploying serious level security measures to protect their users. One firm that implements all of these is Bitsgap.
Bitsgap is a crypto trading service that implements all of the above in true spirit. The platform takes user security very seriously and offers one of the toughest safety systems in the industry. It implements all of the above protocols.
The result is a crypto trading service that is stronger than even modern digital banks. This offers its users peace of mind in knowing that the trading APIs are secure, and even Bitsgap does not have access, making trading a worry-free experience.
