What started from a single Bitcoin currency has proliferated exponentially into a global ecosystem of altcoins that includes Ethereum, Neo and Ripple. The tremendous buzz about cryptocurrency reflects its growth. Nonetheless, owning exchanges or investing in cryptocurrency comes with real risk. The technological architecture and virtuality of these exchanges are perilous. The risks have nothing to do with blockchain. Rather, their critical weaknesses are hidden under the waterline, in the exchange infrastructure itself.
The future of application layer security will determine if cryptocurrency will buckle under the weight of continued exchange hacks, corruption and worldwide concern. Here is the hard truth about the state of security underlying these borderless crypto markets.
1. Even in a cold wallet, your money can be a hot target for attacks.
The myth is that a smart investor keeps their bitcoins safe in cold storage. This is wrong. Within an exchange, all storage looks like a hot wallet.
Over the last five years, hackers have proved they can steal millions without hacking your cold wallet provided they can hack your exchange. Any online activity or application layer is a target for hackers. Yet all BTC events (deposits, withdraws, etc.) have to happen online. Once online, coinage is vulnerable to hackers. In essence, a cold wallet warms up with use.
The exchange itself needs to have proper application security measures in place to be protected. Look for bug bounty programs or security audit reports to make sure they are.
2. Your exchange may not actually be located where you think.
Location is everything. The particular physical and jurisdictional exchange location bears critically on cryptosecurity. There is no global set of exchange regulations presently, and there are even fewer protections for investors (U.S. lawsuits still rage over the $3.3 billion breach of Tokyo-based MTGOX that happened in 2014). The trick is: The servers’ actual geolocation may not be what it appears due to caching servers and redirects, making estimating your risk much harder.
Total risk-level calculation has complex math. Location also determines non-cybercrime risks like taxes, consumer rights, banking regulations, and local financial and legal contexts. Everything from the time it takes to cash in coins to governance varies depending on the exchange location.
Finally, location is a technology concern — not just infrastructure. If you are using something renowned like Amazon Web Services, Google Cloud or Azure, that’s solid tech. However, lesser established clouds stacks are at risk of downtime or tech oversights, whereas you may be blocked from accessing your money.
The actual location of the servers should be listed in the exchange by-laws and terms of service. There are also technical ways to trace the original source/endpoint of the transaction. Make sure verifying the actual location of the exchange is part of your trading diligence.
3. Two-factor doesn’t mean double security.
Theft may not be stopped by authentication checks. Vulnerabilities can exist on client-side as well as server-side applications.
On the client side, a hacker can sneak in and exploit an XSS issue to change a customer’s withdrawal address in HTML code and siphon money from that legitimate account to their own legitimate account. These look like transactions, not break-ins.
With server-side vulnerability, like remote code execution (RCE), attackers can easily avoid any two-factor checks entirely. By exploiting this vulnerability and bypassing authentication, bad actors can execute their own transactions using your client ID.
While two-factor authentication (2FA) is an important measure to avoid account takeover by simply stealing a password, it doesn’t replace other systematic protection measures both on the client and on the server side.
4. Distributed exchanges (DEX) are hackable.
Distributed exchanges are not 100% secure. It’s not about the type of exchange. Even with the most secure cryptocurrency exchanges or wallets, the web interface you have to use for transactions is unavoidably risky. A distributed exchange is vulnerable to client-side vulnerabilities, like CSRF or XSS attacks. They’re also susceptible to access takeover attacks (credentials being hacked) and vulnerabilities that arise during any online transaction.
Exploiting these vulnerabilities, hackers can change destination addresses right in HTML code, as just one example.
And code is inherently vulnerable. Even if the whole cryptocurrency exchange system is based on smart contracts, smart contracts are themselves code that can include hackable vulnerabilities.
Regardless as to whether an exchange is centralized or defrays risk through decentralization on the back end, from a front-end perspective, the exchange is still at risk. That’s because the frontend activity — the crypto-customer using their web interface — is all centralized. If you are using the internet to connect to somebody, there is no actual decentralization. Somewhere, there is still a centralized server that can be attacked.
Look for exchanges that include whitepapers covering both the security audit of their smart contract and the security audit of the front-end application server of the exchange.
5. What’s inside your exchange? Understand tech and infrastructure.
Everything in your exchange is critical to ensuring your virtual currency is safe. Network and cloud providers are as important as development, deployment, and security processes that are in place. Even a minor detail can break everything.
Cryptocurrency doesn’t magically poof into and out of storage. Vulnerabilities exist surrounding the hot or cold wallet you use. People can change where your money goes or the amount you are sending.
That’s why it’s important to look at technology and partnership pages on your exchange website to understand the underlying cloud or API infrastructure. If they have none of these pages, pay additional attention to it. This should be a bright red flag.
All protected back-end cryptocurrency operations have to go through more vulnerable front-end servers. You need to know that the “gateways” that run into and out of even the most protected back-end servers are themselves secure.
Attackers won’t waste time trying to hack your hardware or infrastructure. Instead, they will attempt to exploit application and client-side vulnerabilities, which is why so many exchanges have been attacked in recent years and why you need to make sure the exchange you use has proper application security in place.