Friday, December 20, 2019

Security is the next concern for Crypto exchanges

As those who follow Crediblock know, we’ve been monitoring Crypto for some time.  But 2019 was the year of the hack, so we are thinking that 2020 will be the year of security.  Here are just a few examples of big hacks that happened.  And then there’s the huge example of Upbit, that made investors fed up:

Cryptocurrency exchange UPbit announced today that it lost almost US$50 million worth of ether (ETH) in an apparent security breach.  According to this statement by Lee Seok-woo, the CEO of the exchange’s operator Dunamu, around 342,000 ETH were moved from the platform’s ‘hot wallet’ to this unrecognized wallet today shortly after 1 p.m. local time. Client funds were not affected, said the South Korea-based cryptocurrency exchange.

So we know that security is going to be a big issue if not THE issue in 2020, but what firms are doing something about it?  As we’ve referenced before, there are security companies offering full-stack solutions, like Blackwatch Digital.  But what exchanges are implementing them?  What are the exchanges to watch in 2020?

One notable exchange is ECXX, they have a 3 step security protocol that blows 2FA out of the water.  Multiple departments must authorize a withdraw, similar to military protocols for Nuclear missiles (In the US, the President can’t unilaterally start a Nuclear war, it takes 2 other top ranking Generals to agree).   They also use a solid user id verification system, with a proven track record.

Based in Singapore, ECXX is one to watch out for in 2020.  Binance was hacked recently and has been buying up the Crypto industry (a strategy similar to large cap technology companies).

So it’s only reasonable that ECXX would be snapped up next. 

It seems like security is going to be the big concern for the Crypto community in 2020, and perhaps for the coming years ahead as well.  But the biggest issue that companies face, isn’t implementing a good security protocol, it’s finding trustworthy employees, which will be hard to find in Asia.  Although it has been known for years that the majority of hacks come from an inside threat, and this number keeps falling; the number is still quite large. 


The majority (70%) of organizations are seeing insider attacks more frequently, with 60% experiencing at least one attack within the past 12 months, according to the Nucleus Cyber 2019 Insider Threat Report, conducted with Cybersecurity Insiders, released on Thursday. 
The report surveyed 400,000 members of the Cybersecurity Insiders community to determine how prevalent email attacks are in the cyber threat landscape. Some 68% of respondents reported feeling "extremely to moderately" vulnerable to them, and 85% said it's difficult to fully see the damage caused from each attack. 
 One mistake that many Crypto exchange have made, is by being biased that Crypto is somehow different than I.T. – or in other words, that traditional threats do not apply.  Exchanges have firewalls, Windows machines, networks, routers, and employees.  Exchanges do not live inside their own world – they are part of the world that you and I are part of.  This systemic (Cybernetics) thinking has not ‘trickled down’ to most of the exchanges, which is why we are seeing the hacks.  Basic I.T. and security hygiene would have prevented 90% of these Crypto attacks.

In other words, it’s not the Blockchain being hacked – that’s possible but very complex.  Hackers are using the tried and true methods of phishing, brute force attacks, and other methods that have been used since the 90s. 

Various security companies have risen proposing a ‘Blockchain’ solution to security, when having secure protocols, as pioneered by ECXX, is sufficient.

So we’ll be watching ECXX closely in 2020, and look forward to seeing more security developments in a space plagued with fraud and hacks.