general

Why is the incident of hacking cryptocurrency exchanges frequent?

Why is the incident of hacking cryptocurrency exchanges frequent?

The content site is one of the sites that provide the service of answering general questions and solving puzzles and crossword puzzles

Where the content site is primarily interested in answering your questions in all areas, including solving puzzles and crossword puzzles

Answer Why is the incident of hacking cryptocurrency exchanges frequent?

This year, we have seen a rise in cryptocurrency exchange hacks and the theft of millions of dollars. The data even indicates that losses from these hacks have increased more than three times compared to last year.

In less than a year we have seen many recurring headlines that headline the headlines of “Cryptocurrency Trading Platform Hacking”. Here is a list of the top five cryptocurrency exchange hacks over the past 10 months.

December 2017: $63 million in cryptocurrency stolen from NiceHash.

January 2018: A group of hackers stole more than $500 million from Coincheck.

February 2018: About $195 million worth of cryptocurrency stolen from BitGrail.

Read:Kuwait Finance House launches a new service based on Ripple technology

June 2018: Hackers stole about $40 million in cryptocurrency from Coinrail.

June 2018: Hackers steal $30 million in cryptocurrency from Bithumb.

And that’s not all – there have been other hacks as well like the recent incident of decentralized trading platform hacking, Brazilian trading platform hacking and customer data leaking and in this article, we will explain to you why many cryptocurrency exchanges are hacked.

Secret security is the formation of a hierarchical system: protocol, trading platforms, and personal wallet security are the three layers. This hierarchy means that if you have a problem with Layer 1 (the currency protocol), it will be compromised, no matter how secure Layer 2 and Layer 3 are. But as it is known, the protocol is usually very complex and it is difficult to find a problem or vulnerability compared to trading platforms or personal cryptocurrency wallets. That is why hackers target trading platforms as it is the most effective way to steal your money and to save huge amounts within the platform. As mentioned, the protocol is difficult to hack, and personal wallets are distributed among a very large number and usually keep small amounts. While cryptocurrency exchanges are perfectly suited for them to try to hack it.

Read:Is Tether’s (USDT) settlement really a positive step for the crypto industry?

Now that we have described why trading platforms are the most attractive targets for hackers in the cryptocurrency world, it is time to understand the reason for the hack.

The reason is simple. Any cryptocurrency exchange has a weak point which is centralization, and is vulnerable to being affected. As a web-centric application with transaction execution functionality and a wallet containing a large number of cryptocurrencies, the platform is subject to the same security issues as all other sites.

That’s why all the usual application aspects such as the JS front end, mobile app, terminals, other client side clients, APIs, and data warehouses must be protected. The most serious security problems of cryptocurrency trading platforms are divided into the following reasons:

Client side

• Cross-Site Scripting (also known as XSS for short): They are the most common vulnerabilities for attackers using a user’s browsers. The reason for this is that malicious JS/HTML code can be injected into the web page generated by the fragile servers. There is a myth that two-factor authentication (2FA), such as Google Authenticator or an SMS code, saves from such vulnerabilities. The malicious Javascript that arrives at the page due to this vulnerability replaces the address of the withdrawal wallet immediately before withdrawing funds. You do not see anything and it cannot be prevented in any way.

Read:Starting work in digital yuan at gas and gas stations in a Chinese city

• Open redirects that help hackers carry out phishing-like attacks: This is the ability to be redirected in a random manner from the link to the cryptocurrency trading platform website. Sometimes it seems like it wouldn’t be a problem but technically, it allows attackers to do two things:

1) Exchange listings in search engines like Google as a malicious site

2) Increased success rate of malware installation attack due to trust in the trading platform. A typical attack looks like a link to the original domain of the trading platform you are using (not real or phishing) downloading some kind of “new version of the desktop client”, which is technically a malware intent on stealing your wallet.

• Issues with the security certificate layer of mobile applications (such as installing certificates): This is a small problem. However, it has become critical when users travel to countries such as China, Iran or Russia where governments can intercept internet connections with their own certificates.

Common CSRF attacks are not on the list due to the widespread implementation of two-factor authentication in cryptocurrency exchanges.

Server side

• NoSQL / Key Value: This mechanism works mainly in common volumes such as: Redis, Memcached, and MongoDB. Similar to the more well-known old SQL attacks that have mainly been fixed at the frameworks and ORM level, there are similar attacks targeting new technologies like NoSQL and in-memory databases. These are the latest and are only discovered by developers and action centers.

• Logic problems and race conditions: These issues are critical and difficult to detect by automation tools such as source code analysis. An example is processing more than one withdrawal at the same time (Double Spending), which may result in a negative account balance.

• Authentication issues (eg, bypass): Sometimes, passwords and even 2FA methods don’t work due to authentication bypass issues. These are logical problems related to the issue of input validation, allowing access to a user account without validating the appropriate credentials.

There are also other types of security breaches in which hackers steal gas (internal metering pricing), and not the coins themselves. This is because it is a Proof of Secret (PoS) value in which all coins within your wallet are produced as a proxy and proof.


And you can ask questions on the content site through the word “Ask a question” at the top of the site, where we answer your questions in a short time

Previous post
Dubai Police warns of cryptocurrency fraud and expects it will exchange cash
Next post
New hack of a decentralized cryptocurrency exchange and money theft