It is no secret that cyber security is a HUGE concern in the world of crypto. When I started CYBR nearly two years ago, there was nearly $750M in reported financial losses that had occurred due to cyber security breaches. CYBR’s initial goal was to protect the token holders and exchanges from the hackers and associated “bad actor” activity. What we would discover along the way is that it’s also the exchanges we have to protect the token holders AND crypto companies from. CYBR would exit the crypto scene as quickly as we could after we discovered how fraudulent, negligent and plain crooked most exchanges are; and most of these crooked roads lead directly to China. We now are a traditional securities company getting ready to list on the stock market and we therefore have zero conflicts of interest nor are we “beholden” to these exchanges. We have quite the story to tell…
My background is cyber security. I have worked with financial institutions such as large Middle Eastern banks, the Treasury Department, Federal Reserve Board and associated banks, the Internal Revenue Service and the Office of the Comptroller of the Currency. I am a subject matter expert in financial cyber security. I also have worked extensively with the Intelligence Community, Department of Homeland Security (DHS) and the Department of Defense (DoD). I have seen just about everything when it comes to cyber security. That is until I entered the world of crypto.
Let’s start with a few basic concepts. When it comes to implementing cyber security, an organization is either ignorant (i.e.. they do not know), negligent (i.e.. they know but do nothing) or they are an accomplice (i.e.. they contribute to the problem). Most organizations do not know what to do with regards to implementing cyber security so they are simply ignorant. They rely on companies like CYBR to assess their security posture, make recommendations and fix the problems. Some, usually those budget challenged, don’t spend the money to fix a problem until a breach has occurred. The third category, the accomplice, is seldom seen. Who would want to contribute to security breaches and lose money, expose privacy information, etc.? The answer are organizations that are sponsored by rogue nation states like…China. The ability to not only turn a blind eye but to benefit from stolen funds and information is something the Chinese (along with North Korea and Russia) excel at.
When CYBR started doing assessments on exchanges like Binance, I personally reached out to people like Catherine Coley, CEO of Binance USA. In fact, I informed Ms. Coley of a pending hack days before it occurred and she never responded before or after the attack. This is especially interesting since I worked with the FBI on the first major reported Binance hack months prior. Binance “lost” $41M. Now while CZ says funds are “SAFU”, here are a few problems with that philosophy. First of all, the funds get into the hackers hands. Then the funds are dumped on the exchanges causing loss in value and usually the average token holder gets “rekt”. So there is a loss in a financial sense. Furthermore, attestation has shown that these large funds seem to make their way straight from exchange wallets into the hands of nation state backed hacking organizations such as APT-41. Summarized, these exchanges and hackers are backed by the same nation state oftentimes; and it’s usually China. I look forward to the next time Justin Sun (CEO, Tron Foundation) or CZ (CEO, Binance) attempts to step foot in the United States. Jail most likely awaits…
Catherine Coley, CEO, Binance USA
Let’s take this to another level. Exchanges know they are ground zero for hackers. These exchanges claim to care about their security posture and often have “bug tracking” contests and such. We actually submitted over 100 vulnerabilities to Binance but they never replied to our reports. More importantly, they never fixed anything. Let’s jump in now shall we? A bank or similar financial institution is regulated and is subject to audit, which means they typically follow Fintech best practices and conduct vulnerability assessments constantly. Their security “Score” is usually in the upper 90s (out of a possible 100). Here are the results of 5 exchanges for which we conducted an updated scan…today.
Not a single one of these exchanges would be permitted to operate as a business in the U.S. because clearly they do not meet cyber security standards. In a regulated environment, they would be held accountable for any financial losses and they wouldn’t dare operate as a going concern with these cyber security issues.
But crypto is NOT regulated. These exchanges are NOT held accountable. The worst exchange in this sample group is Coineal. This is not surprising because Coineal was exposed for holding fraudulent IEOs, extorting money from listing projects and for stealing funds outright from companies. Whatever you do, do NOT work with or trade on Coineal and if you ever run into either of these criminals, run in the other direction as quickly as possible. Notice all three are of Russian or Chinese descent.
Aaron Chen, CEO, Coineal, Corrupt Ringleader
Max Smetannikov, Professional Con Man
Oleg Poskotin, Former Listing Director at Coineal, Professional Thief
Now back to the story. So briefly, CYBR listed on a few crypto exchanges. We are constantly being encouraged to manipulate volume, pay Market Makers to create liquidity and even to participate in coordinated pump and dumps. That’s not our style and after a while, we were cast out by these exchanges who kept us listed but would ban us from Telegram, ignore emails asking why our token was performing so poorly (we later discovered the exchanges (i.e. OceanEx) were dumping on the community daily. Perhaps one of the worst discoveries was when we found out that CCXT database exchanges (which basically means they supposedly report TRUTHFUL volume to places like Coinmarketcap) were subcontracting wash trading out to market makers so they themselves could claim they weren’t participating in ash trading. When I brought this up to Coinmarketcap, an executive level person suggested I “stop rocking the boat” less our token receive a negative review.
People, crypto is mostly bullshit. I believe in the technological possibilities of the ledger and blockchain (until quantum computing crushes it), but this vertical COULD be successful IF so many crooks didn’t run the game. Crypto is a casino, folks…and the house usually wins. Whether its manipulation, whale dumping, CME futures gaps or other chicanery, it’s not real for the most part. It’s just a matter of time before regulation steps in and 95% of these exchanges and fraudulent companies disappear overnight.
CYBR wished to separate itself from the endless junk pile of crypto companies and we converted our tokens to shares. Currently independently valued at over $50M (because we have working solutions, customers, revenue and are profitable), we continue to successfully raise funds via share sales as we look to a late 2020 stock market listing.
This said, there still a few gems in the industry and we believe CoinDaily is one of them. Their mission is to inform in an objective, truthful and ethical fashion, and we are 100% behind companies like this. It is our sincerest hope that this ember of an article will lead to more truthful press and a spotlight will be shown on the bad actors. We must root hem out if crypto is to have any chance of global success and mass adoption. Integrity has to start somewhere. This is as good a place as any. Visit us at cybr-international.com to learn more.
By Shawn R. Key
CEO, CYBR International