. 7 min read

Crypto Exchanges Go Above & Beyond To Address Security Concerns

Disclosure: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. By using this website, you agree to our terms and conditions. We may utilise affiliate links within our content, and receive commission.

Disclaimer: The Industry Talk section features insights by crypto industry players and is not a part of the editorial content of Cryptonews.com.

Cryptocurrencies are decentralized currencies that work entirely without intermediaries. To do this, they’re reliant entirely on the underlying software. Each transaction involves executing a piece of code, and this code is completely open and transparent. 

This is the reason why the crypto industry is bedevilled by hackers and scams. With code, there is always the risk of vulnerabilities creeping in and it’s these that hackers actively seek out. By exploiting bugs in the underlying code, hackers have successfully stolen billions of dollars worth of cryptocurrency over the years, and one of their major targets is the exchange platforms where these tokens are bought and sold. 

Crypto exchanges are a plump target for hackers due to the sheer volume of currency they hold within their wallets. The value of these targets became all too apparent with one of the earliest exchange hacks. Mt. Gox, once the biggest crypto exchange in the world, was successfully hacked back in 2014, with the attackers making off with a staggering 850,000 Bitcoin, which was worth around $450 million at the time. 

That was far from being the only high profile exchange hack. Such attacks have taken place with alarming regularity, with other victims including Hong Kong-based Bitfinix, which lost around $60 million in a 2019 hack, Coincheck, which lost $534 million in a 2018 incident, and Kucoin, where attackers stole $218 million worth of coins in 2020.

Evolving Strong Security Standards

The good news is that most major crypto exchange platforms have learned the lesson of these incidents and taken major steps to enhance their security to protect customer’s deposits. Exchanges have a delicate balancing act, as they need to maintain sufficient liquidity on their platforms to ensure their customers can trade hundreds of different tokens. Yet at the same time, there’s a need to protect the bulk of the funds they control. 

To this end, most exchanges employ a system where the greater part of their client’s funds is moved to cold wallets, which are held offline, making them more difficult to steal. At the same time, they maintain just enough funds within so-called “hot wallets” to provide liquidity to their exchange. 

Going beyond this, most exchanges employ third-party custodians that offer crypto vaults with enhanced security such as multi-authorization wallet management. These offerings merge cryptographic techniques with physical security measures to protect exchanges’ funds. 

Another, almost mandatory security feature is two-factor authentication, wherein clients are required to use two different devices to log in and access their funds. 

Other common security measures seen on exchanges include withdrawal whitelists and anti-phishing codes. With the former, users will establish whitelisted wallets so their funds can only be sent to addresses specified by themselves. It prevents hackers from moving client’s funds to a wallet they control, in the event they do manage to gain access to someone’s account. As for the anti-phishing codes, these help to inform users if their email messages are genuine, sent from a trusted exchange platform and not from a malicious hacker that’s trying to spoof them. 

Taking Exceptional Measures

Some exchanges have gone even further in their efforts to reassure users about the security of their funds. For instance, the Nexo exchange platform recently revealed it has achieved Security, Trust & Assurance Registry (STAR) Level 1 Certification, which ensures that its security procedures comply with the Cloud Security Alliance’s recommendations. In addition, Nexo has also completed a Service Organization Control (SOC) 2 Type 2 audit, and prior to that it achieved ISO 21 001 standardization back in 2019, demonstrating a commitment to security that goes above and beyond what most other platforms are doing. 

Experienced crypto traders will know that it’s not only the security of an exchange that must achieve the highest standards. In addition, users need to have full confidence in the people running the platform. Most crypto exchanges are unregulated, which means there’s a lot of scope for company executives to misuse their client’s funds. 

Huobi is another popular cryptocurrency exchange that is doing everything it can to reassure its users that they’ll never lose their funds. It has created a “user protection fund” and a “Huobi security reserve” that together ensures it has the assets on hand to fully compensate its users in the event of it being hacked. 

With these, Huobi Pro offers strong guarantees that it will always be able to repay its customers if something goes wrong. The security reserve, which is only available to Pro Users, holds 20,000 BTC to pay back those clients in the event their money is stolen. Meanwhile, the user protection fund is slowly being built up over time, with 20% of the company’s net revenue added each month, to ensure it has a separate pool to repay anyone else. These compensation funds, coupled with Huobi’s status of never being hacked, make it one of the most trusted exchanges on which to hold and trade your digital assets. 

Another strong security standout is Kraken, which employs something called “semi-cold wallets” to ensure it never exposes too many funds in its hot wallets for liquidity. Really, they are just cold wallets kept on locked drives – with the difference being they can quickly be accessed by its operational staff if the platform needs to process higher trading volumes, before being taken offline and kept safe when less liquidity is required. 

The other aspect of Kraken is that it encrypts everything – not just account information but also user data, including email communications. It also provides unprecedented user controls, with every account holder on Kraken having access to a kill switch that will automatically lock down their account. Kraken is also hard to beat in terms of the physical security it implements, with its servers hosted in secure buildings protected by biometric scanners and armed guards. 

Exchanges Are Still Vulnerable

While it’s reassuring to know that trusted exchange platforms are doing everything they possibly can to secure their user’s funds and ensure customers have peace of mind regarding their liquidity, hacks are still alarmingly prevalent. 

Earlier in 2023 there was a second attack affecting Kucoin, which is a great example of this trickery. The attackers didn’t go for Kucoin’s wallets, but instead used social engineering techniques to take control of its official Twitter account. Using that platform, they announced a fake crypto giveaway scam, asking Kucoin users to send coins to a specific wallet address to receive free tokens. Most crypto users are aware of these kinds of scams, but the fact it was organized by Kucoin’s official Twitter was enough to trick some users, who sent $22,600 worth of crypto to the hacker’s wallet before Kucoin put a stop to it. 

Trust Wallet is not an exchange per se, but it does offer swap services and it’s one of the most popular crypto wallets around. Its users also fell victim to social engineering attacks earlier this year. The hackers posed as Web3 investors and even set up in-person meetings with some Trust Wallet users, before deceiving them into revealing sensitive information that enabled them to access their wallets and empty their accounts. Reports say the scammers stole more than $4 million worth of crypto in this way. 

Which Exchange Can You Trust?

Crypto users must do their homework and ensure the exchange platform they use can be trusted. One thing to bear in mind is that the harder it is to create an account and get verified at an exchange, the more secure it is likely to be. Some exchanges will allow users to interact without any kind of verification, but this is a sign that it’s taking significant risks because it doesn’t know who its users are. 

Don’t forget, that reputation also matters. Exchanges that are in compliance with international security and compliance standards have taken exceptional measures to be able to do so. Also, take the time to see what other people are saying about an exchange on platforms such as Reddit, YouTube and Discord. If it has a somewhat dubious reputation, a little research will quickly uncover this. 

Once you’ve found a reputable platform, be sure to check that it uses the most advanced security systems. This requires a little more research, but most exchanges will provide a run down of their security features somewhere on their website.