Server Room

Crypto Exchange Vulnerability

The distributed and verified aspects of Blockchain means that data is relatively secure while on the chain.    There is a risk of the chain ceasing to exist but deliberately changing the content of a Blockchain would require control of the majority of the computer nodes on that chain.  As the nodes tend to be widely scattered that becomes increasingly unlikely as chain networks increase in size.  A well-established cryptocurrency will have an equally large and spread out node network protecting the content of the data within.  The most tempting avenue of attack for the criminal hacker is the point at which funds move in or out of the Blockchain.

At present there are very few ways outside of El Salvador to directly spend cryptocurrency on tangible goods.  Digital items such as NFTs can be bought and sold with both tokens traded and funds exchanged all on the Blockchain.  Like any investment these goods have a current value but to liquidate that value they need to be converted into traditional cash.  Creation of a digital asset such as a NFT will require payment of gas fees in a linked cryptocurrency.  The existence of such a cryptocurrency is controlled by the issue of new units to miners but any inherent value of that coin is solely dependent upon what anyone is prepared to pay for it.

A crypto exchange will facilitate trading between crypto currencies and allow funds to be added and withdrawn.  This makes them a prime target for fraud and theft.  There is no industry set scale of fees but in general investors will be paying the crypto exchange for each transaction as well as any gas fees involved.  Potential customers should consider larger, more established exchanges as these should not only be more secure but due to their relative high worth be more likely to compensate for any loss of funds.  Forbes publishes a comparison of exchanges but it is ultimately up to the investor to choose.  An investor should hold enough crypto currency funds on the exchange for any trading in the immediate future but no more.  Additional funds, possibly seen as longer term investments, would be in cold storage off-line.

There is no absolute guarantee that any crypto exchange is 100% safe.  Any user would have to take some responsibility for the security of their individual account access credentials.  Ultimate access to data on the Blockchain is through private keys.  A user may have a copy of their key or may work through a simpler account, password and set phrase scheme.  Exchanges such as will often hold details of their customers’ keys.  This enables the exchange to protect accounts and re-set them in the cases of genuine lost or compromised access.  It also creates a major security issue in that ultimate access to funds is not in the hands of the fund holder.  Even in cases where private keys are not directly compromised hacked personal information could be used as a basis for phishing attacks to withdraw currency directly from clients.

There is very little international control over who can set up a crypto exchange and where it is situated.  The physical business is one or more server farms and could be located anywhere with fast enough Internet connections.  There is an incentive to choose somewhere with relatively cheap power, favourable tax and local legislations.  This might encourage a server farm to be set up and run in an environment that is difficult to regulate and with staff whose security training may be neglected.  This sort of set up would be the ideal target for a hacker.

Evidence shows that even some of the better known exchanges have been hacked. NBC reported that there were 20 crypto exchange hacks in 2021 where over $10 million (in each case) was stolen compared to USA bank holdups yielding less than $5,000 per heist.  HedgeWithCrypto report that 46 different crypto currency exchanges have been hacked, some multiple times.  In January 2022 were breached with a loss of 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies. 

Leave a Comment

Your email address will not be published. Required fields are marked *