Around US$18 million [AU$27 million] worth of cryptocurrencies are exposed to hackers in unprotected exchanges, a team of cybersecurity analysts from CyberNews says.
The findings found that the exposure involves the following:
- private keys
- multisignature wallet keys
- API keys
- other personal information provided by consumers in such exchanges
Lykke’s unsecured network exposes 80,000 private keys to hackers
CyberNews added that there are thousands of personal information and private keys that are exposed to hackers in Swiss-based crypto exchange Lykke.
Private keys are significantly important because it grants a user or an exchange the access to a person’s crypto wallet.
Lykke currently holds a total of $16.5 million worth of cryptocurrencies in its hot wallet. Given that hot wallets are connected to the internet, they are more prone to hacking than any other wallet type available.
What CyberNews first found exposed were API keys that allow users access to the exchange. Such access enables a user to do trades, deposits, and withdrawals.
Lykke’s database was also found to be not adequately secured in restricting access to multisignature wallets.
This is especially important because it is necessary in confirming transactions before they are finalized on the blockchain.
It is thus quite easy for hackers to illegally take funds from the exchange and run away with it.
While the Lykke community is much more watchful now with large-volume transactions, the vulnerability of its security infrastructure still poses a risk for the safety of the funds held in the exchange’s hot wallets.
Finally, CyberNews found that user transactions and balances were not guarded with the right access restrictions.
According to the report, even if Lykke claims that the public’s access to this kind of data is limited for viewing only, hackers could easily take advantage of such information to manipulate the respective accounts.
Hubdex exchange also found to be vulnerable to hackers
Hubdex is a Chinese-based exchange that CyberNews found lacking in terms of security and privacy.
Apart from the exposure of around a million private keys and API keys, personal information such as know-your-client (KYC) data of its users were also inadvertently exposed.
To date, there is not much information about the company. CyberNews estimates, however, that Hubdex holds around $1 million to $2 million worth of crypto in total.
All these findings reflected that a total of approximately $18 million worth of cryptocurrencies are vulnerable to hackers. If there are no corresponding security adjustments made on such concerns, users from these exchanges will remain a target for malicious agents.