follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel . ask urgent question ONLY . Subscribe to our reddit . Altcoins Talks Shop Shop


This is an Ad. Advertised sites are not endorsement by our Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise Here Ads bidding Bidding Open

Author Topic: Why Are Crypto Exchanges Hacked So Often?  (Read 43753 times)

Offline Ozark

  • Hero Member
  • *
  • Activity: 1130
  • points:
    6028
  • Karma: 12
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: November 20, 2021, 03:05:37 PM
    • View Profile

  • Total Badges: 20
    Badges: (View All)
    10 Posts First Post Fifth year Anniversary
Why Are Crypto Exchanges Hacked So Often?
« on: January 16, 2019, 07:26:26 AM »
Last year, at least five major crypto exchanges were hacked. Here are the details:

December 2017: Hackers steal $63 million in cryptocurrency from NiceHash.

• January 2018:  Hackers steal more than $500 million in cryptocurrency from Coincheck.

• February 2018: Hackers steal approximately $195 million in cryptocurrency from BitGrail.

• June 2018: Hackers steal roughly $40 million in cryptocurrency from Coinrail.

• June 2018: Hackers steal $30 million in cryptocurrency from Bithumb.

And that's not all -- there were other hacks that happened as well. In this article, I’ll explain why so many exchanges are being hacked.

As I explained in my last Forbes article, crypto security is hierarchical: Protocol, exchange and personal wallet security are the three layers. This hierarchy means that if you have an issue at the coin protocol layer, you will be compromised, regardless of how secure your second and third layers are. At the same time, the complexity of the protocol level means it’s harder to find an issue like a DAO hack than finding a vulnerability at the lower layers like exchanges and wallets. That is why hackers target exchanges -- it’s the most efficient way for them to steal your money. Protocols are hard to hack, and wallets are too distributed. Exchanges are a good fit for them.

Now that we've described why exchanges are the most attractive targets for hackers in the crypto world, it’s a good time to understand why they're hackable.

The reason is simple. Any crypto exchange is a centralized single point of failure, vulnerable by design. As a centralized web application with functions to execute transactions and one or a few big crypto wallets inside, exchanges are prone to the same security problems as all other websites. All the usual application aspects such as frontend JS, mobile app, terminals and other clients on the client side and APIs and data repositories on the back end need to be protected. In my experience, the most critical security problems for crypto exchanges are split into the following buckets:

The Client Side

• XSS: Cross Site Scripting (aka XSS), which is the most popular client-side vulnerability, allows attackers to use your browsers as their own. The reason for this is an ability to inject malicious JS/HTML code to the web page generated by vulnerable servers. There is a myth that two-factor authentication (2FA), such as Google Authenticator or SMS code, saves from such vulnerabilities, but in fact, it does not. A malicious Javascript that gets to the page due to this vulnerability simply substitutes the withdrawal wallet address right before you withdraw funds. You do not see anything and can not prevent it in any way.

• Open redirects that help hackers perform phishing-like attacks: This is an ability to redirect you in an arbitrary way from the link to your crypto exchange. It sometimes looks like it wouldn't be an issue, but technically, it allows attackers to do two things: 1) list exchange in search engines like Google as a malicious website, and 2) increase the success rate of malware installation attack because of the trust to the exchange domain. The typical attack looks like a link to the original domain of your exchange (not a phishing one, a real one) that downloads some sort of “new version of trading desktop client,” which technically is a malicious software that steals your wallet.

• SSL issues related to mobile apps (like certificate pinning): This is a minor issue. However, it’s become critical when users travel to countries like China, Iran or Russia where governments could intercept internet connections by their own certificates.

Common CSRF attacks are not in the list because two-factor authentication is widely implemented in the exchanges.

The Server Side

• NoSQL/key-value injections: These injections are mainly in the popular storage modules like Redis, Memcached and MongoDB. Similar to the older, more well-known SQL attacks that were mainly fixed at the frameworks and ORM level, there are similar attacks targeting new technologies like NoSQL and in-memory databases. These are newer and are rarely discovered by developers and frameworks.

• Logic issues, mainly race conditions: These issues are critical and hard to discover by automation tools like source code analyzers. An example of this is simultaneously processing more than one withdrawal transaction, which could result in a negative account balance.

• Authentication issues (e.g., bypasses): Sometimes passwords and even 2FA don't work just because of authentication bypass issues. These are logical or input validation problems, allowing access to the user session without proper credentials being checked.

There are also other types of security breaches in which hackers steal GAS, not coins themselves. In this instance, it’s a proof-of-stake (PoS) cryptocurrency in which all the coins in your wallet generates GAS, an alternative currency used to sign other transactions. Again, the GAS itself is an alternative coin in any PoS-based cryptocurrency, and a lot of them belong to crypto exchanges because they hold users PoS coins like ETH and NEO. That’s why if somebody steals GAS, you will never know about this as a client of crypto exchange.

Who is the victim in the case of GAS stealing? Technically, it would be an exchange, but at the same time, would you know if your transaction fees were higher because of the GAS? GAS is one of the good reasons why it’s so important to understand security basics while dealing with crypto.

Let’s summarize all the things explained above:

All the crypto exchanges have weaknesses in the architecture because they were never designed in cryptocurrency protocols. Any crypto exchange is an ordinary centralized web application with all the same issues that plague any other web application. Web application vulnerabilities resulted in many crypto exchanges being compromised recently. Some exchanges never announced hacks because attackers stole only GAS, not coins themselves and users never knew about these incidents.

SOURCE

Altcoins Talks - Cryptocurrency Forum

Why Are Crypto Exchanges Hacked So Often?
« on: January 16, 2019, 07:26:26 AM »

For Monthly biddings Check Here


Offline mpvz

  • Jr. Member
  • *
  • Activity: 48
  • points:
    140
  • Karma: 11
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: March 26, 2019, 01:04:44 PM
    • View Profile

  • Total Badges: 12
    Badges: (View All)
    10 Posts First Post Fourth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #1 on: February 28, 2019, 06:08:13 AM »
the main reason In my opinion  - is because there is SO MUCH money in it and its crypto, it's much easier to deal with than fiat money!
easier to hide and cash out

and the second reason - the security is still poorly managed.

Offline Sabiduria

  • Jr. Member
  • *
  • Activity: 60
  • points:
    129
  • Karma: 0
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: May 18, 2019, 11:07:10 AM
    • View Profile

  • Total Badges: 11
    Badges: (View All)
    10 Posts First Post Fifth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #2 on: March 02, 2019, 02:02:52 PM »
It is mainstream now, so exchanges emerge everyday, and as it is new field, it is hard to check their security

Offline Felix Felicis

  • Jr. Member
  • *
  • Activity: 60
  • points:
    128
  • Karma: 2
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: July 05, 2019, 11:26:26 AM
    • View Profile

  • Total Badges: 11
    Badges: (View All)
    10 Posts First Post Fourth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #3 on: June 20, 2019, 12:28:35 PM »
Well, isn't it obvious? These applications store our private keys on an online server, and you can imagine how 'safe' that'd be!
And if you're asking for the reason why hackers hack these exchanges, then, again, obviously because these exchanges have their users' accounts linked to them and as so many users have their crypto stored, hacking the exchange would mean the hackers would get their hands on the crypto of all the users, which would amount to a lot of money.

Offline Senin

  • Legendary
  • *
  • *
  • Activity: 1762
  • points:
    52093
  • Karma: 143
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: February 27, 2024, 12:23:46 PM
    • View Profile

  • Total Badges: 23
    Badges: (View All)
    Fourth year Anniversary Third year Anniversary 10 Posts
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #4 on: June 24, 2019, 08:01:43 PM »
The main reason for such hacking by hackers is high material interest, since, as can be seen from the above topic, tens of millions of dollars are being stolen from cryptocurrency. In this case, some digital programs will inevitably be vulnerable to hacking by other similar programs. All you need is time. Hackers spend their time on it, because these costs pay off many times over.

Offline miraclealigner

  • Baby Steps
  • *
  • Activity: 19
  • points:
    83
  • Karma: 0
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: March 03, 2020, 07:20:34 PM
    • View Profile

  • Total Badges: 8
    Badges: (View All)
    10 Posts First Post Fourth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #5 on: June 26, 2019, 05:38:11 PM »
It's because of money. Huge money. No matter what - cryptocurrency exchanges are still very young platforms in financial world. There is certain amount of time needed to learn how to protect their users from hackers, but the number of hackers will increase.

All the crypto exchanges have weaknesses in the architecture because they were never designed in cryptocurrency protocols. Any crypto exchange is an ordinary centralized web application with all the same issues that plague any other web application. Web application vulnerabilities resulted in many crypto exchanges being compromised recently.

And because crypto exchanges are operating with millions of dollars every day, stealing from them is worth the risk.

Offline Dprincebh

  • Sr. Member
  • *
  • Activity: 406
  • points:
    1295
  • Karma: 0
  • Trade Count: (0)
  • Referrals: 2
  • Last Active: May 04, 2020, 02:30:58 PM
    • View Profile

  • Total Badges: 18
    Badges: (View All)
    10 Posts First Post Sixth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #6 on: July 29, 2019, 07:33:26 AM »
The need for more security is still needed in the crypto exchange security system. Some exchangers just have to copy the same code used in another exchange without even minding to check if there are certain vulnerabilities in it. That is one of the major reason that's why Decentralized exchangers are hard to get hacked

Altcoins Talks - Cryptocurrency Forum

Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #6 on: July 29, 2019, 07:33:26 AM »


Offline cheezcarls

  • Legendary
  • *
  • *
  • *
  • Activity: 1213
  • points:
    41205
  • Karma: 126
  • Revolutionized copy gaming platform
  • Trade Count: (0)
  • Referrals: 2
  • Last Active: December 16, 2023, 12:04:43 PM
    • View Profile

  • Total Badges: 21
    Badges: (View All)
    Fifth year Anniversary Fourth year Anniversary 1000 Posts
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #7 on: September 19, 2019, 10:58:41 AM »
It is why there’s no such thing as “the safest exchange in the world”. Even Binance, the world’s most popular crypto exchange was vulnerable to hacking. But the good thing is that they have the money to reimburse all affected traders. Even TRON founder and CEO Justin Sun pledges to donate as well.

I’m one of the #DevelopmentTeam  members of MetaMorph Pro exchange (event coordinator), and I also can’t guarantee that our exchange is also 100% safe. The reason why is that there are lots of traders, and a lot of them are lazy enough to store them immediately to cold wallets after they’re satisfied with the results of their trading.

It makes them vulnerable that would result to massive loss of funds. Hackers are taking their skills to the next level with their “whatever it takes” attitude (excerpt from Avengers Endgame) to breach the security of these exchanges.

It’s better to store in a cold wallet like Ledger Nano S or Trezor.
Pla
                             ▄██████████▌
████             ▐███████████▌
  ████         ▐████    ███
   ▐████     ▐████     ███       ███      ▂▃▅
     ████    ████        ███      ███████
        ███    ████        ███      ███████
         ▐██    ████        ███      ███          
                 █████         ███      ███
              █████▌         ███      ███
           █████▌            ███      ███
     ██████▌
███████
ade.win
██            ██
██            ██      
██            ██      
██         ██     ██
  ▌         ██     ██
  ▌   ██    ██     ██
        ██    ██     ██
        ██      ▌      ██
        ██      ▌
        ██
        ██
.R E V O L U T I O N A R Y   C O P Y   G A M I N G   P L A T F O R M  .
██            ██
██            ██      
██            ██      
██         ██     ██
  ▌         ██     ██
  ▌   ██    ██     ██
        ██    ██     ██      
        ██      ▌      ██
        ██      ▌
        ██
        ██
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█
█ ████▀▀▀▀▀███████▀▀▀████ █
█ █████▄  █ ████▀  ▄█████ █
█ ██████▄  █ █▀  ▄███████ █
█ ███████▄  █  ▄█████████ █
█ ████████▄  █ ██████████ █
█ ██████▀  ▄█▄ █ ████████ █
█ ████▀  ▄███▄  █ ███████ █
█ ██▀   ██████▄  █ ██████ █
█ ██▄▄▄████████▄▄▄▄▄█████ █
█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█
Play Smart Win Big!

Offline paydayloan

  • Member
  • *
  • Activity: 120
  • points:
    226
  • Karma: 1
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: March 03, 2024, 05:02:22 PM
    • View Profile

  • Total Badges: 13
    Badges: (View All)
    10 Posts First Post Karma
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #8 on: September 21, 2019, 10:01:47 AM »
Because hackers always try to be smarter and know well that the digital world has many loopholes to be manipulated.
So, it is almost impossible to have perfect security. That's why security level must be upgraded regularly.

Offline SonyChristopher

  • Jr. Member
  • *
  • Activity: 88
  • points:
    460
  • Karma: 2
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: October 13, 2021, 04:01:22 PM
    • View Profile

  • Total Badges: 14
    Badges: (View All)
    10 Posts First Post Fourth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #9 on: September 21, 2019, 12:13:12 PM »
Actually cryptocurrency cannot be hacked, but what can be hacked is the existing system on each web, which have insufficient security

Offline WhiskeyHoney

  • Full Member
  • *
  • Activity: 137
  • points:
    243
  • Karma: -1
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: April 15, 2020, 05:39:38 PM
    • View Profile

  • Total Badges: 10
    Badges: (View All)
    10 Posts First Post Fourth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #10 on: October 21, 2019, 06:19:21 PM »
I wonder if those exchanges are centralized? a decentralized exchange cannot be hacked.. or am I mistaken? :o

Offline vicoma4real

  • Baby Steps
  • *
  • Activity: 35
  • points:
    1242
  • Karma: 0
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: June 14, 2021, 06:42:40 PM
    • View Profile

  • Total Badges: 8
    Badges: (View All)
    10 Posts First Post Fourth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #11 on: January 04, 2020, 06:50:01 AM »
If you look at all those that have been listed, they are centralized exchanges. Besides, security should be paramount in any dealing even in life.

Offline bxipp

  • Baby Steps
  • *
  • Activity: 34
  • points:
    135
  • Karma: 1
  • i can be your friend
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: September 22, 2020, 05:21:03 AM
    • View Profile

  • Total Badges: 10
    Badges: (View All)
    10 Posts First Post Fourth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #12 on: January 08, 2020, 03:01:57 AM »
I wonder if those exchanges are centralized? a decentralized exchange cannot be hacked.. or am I mistaken? :o
Tell the hacker what things that they cannot be hack? Anything in this world can be hack soon or later.

Offline endlasuresh

  • Full Member
  • *
  • Activity: 143
  • points:
    141
  • Karma: 3
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: January 04, 2021, 04:07:55 PM
    • View Profile

  • Total Badges: 17
    Badges: (View All)
    10 Posts First Post Sixth year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #13 on: January 13, 2020, 04:16:10 PM »
They should have moved the funds into different wallets so this could not be an easy way to scam large amount of funds. These hackers target people anyway as long as their is money inside it.

Offline Jentot

  • Legendary
  • *
  • Activity: 1319
  • points:
    51458
  • Karma: 11
  • Changing the game
  • Trade Count: (0)
  • Referrals: 0
  • Last Active: June 04, 2022, 08:48:19 AM
    • View Profile

  • Total Badges: 21
    Badges: (View All)
    10 Posts First Post Third year Anniversary
Re: Why Are Crypto Exchanges Hacked So Often?
« Reply #14 on: July 05, 2020, 05:53:31 AM »
I wonder if those exchanges are centralized? a decentralized exchange cannot be hacked.. or am I mistaken? :o
Tell the hacker what things that they cannot be hack? Anything in this world can be hack soon or later.
Agree, Even popular exchange has flaws that's why
it's not guaranteee top exchange is 100% safe.
« Last Edit: July 06, 2020, 06:23:01 AM by Jentot »
]
█████▄
██▀   ▀██
██     ██
▀██▄ ▄██▀
▄████▄   ▀███▀   ▄████▄
▄██▀  ▀██▄▄████▄▄██▀  ▀██
██       ███   ███       ██
██▄  ▄██▀▀████▀▀██▄  ▄██▀
▀████▀   ▄███▄   ▀████▀
▄██▀ ▀██▄
██     ██
██▄   ▄██
▀█████
          ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄    ▄▄
Prasaga
                                                    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄
████████████████▄
██████████████████▄
████████████████████▄
█████████████████████
█████████████████████
█████████████████████
█████████████████████
█████████████████████
█████████████████████
█████████████████████
█████████████████████
█████████████████████
█████████████████████
WHITEPAPER    
TECH WP
COMMERCIAL WP
►►  Powered by
BOUNTY
DETECTIVE

 

ETH & ERC20 Tokens Donations: 0x2143F7146F0AadC0F9d85ea98F23273Da0e002Ab
BNB & BEP20 Tokens Donations: 0xcbDAB774B5659cB905d4db5487F9e2057b96147F
BTC Donations: bc1qjf99wr3dz9jn9fr43q28x0r50zeyxewcq8swng
BTC Tips for Moderators: 1Pz1S3d4Aiq7QE4m3MmuoUPEvKaAYbZRoG
Powered by SMFPacks Social Login Mod