Vulnerabilities are raising concerns from consumers and exchange operators as trade volumes soar.
Online cryptocurrency exchanges are the latest target of fraudsters taking advantage of significant holes in security. Many crypto exchanges are using dated authentication systems which put these transactions at risk.
“The risk associated with trading cryptocurrencies is increased because the technology used to authenticate transactions is decades old,” says Entersekt CEO, Schalk Nolte.
“Digital currencies, like bitcoin, are traded on exchanges – and many of them are using security technology that leaves them vulnerable to attack. These safeguards simply don’t hold up under current conditions,” he says.
As many as six million people are estimated to have a bitcoin wallet, and more than US$3 billion worth of the currency is traded every 24 hours.
Exchanges that still rely on traditional methods of verification – like username and password – are open to methods of attack like phishing, middlemen and bots.
“This is one of the reasons attacks on these exchanges are on the rise,” says Nolte.
Last year, Japanese crypto exchange Coincheck was hacked and US$530 million was stolen from some 250 000 users. In another heist, the NiceHash marketplace was taken for $64 million.
“This is against the background of a hype cycle that’s seen a huge growth of investor interest in cryptocurrencies and huge swings in their value. At the same time, security concerns have been raised by consumers and exchange operators,” says Nolte.
There are three things crypto exchanges can do to protect members, according to Nolte: minimise risk, simplify transactions, and achieve regulatory compliance.
“Risk can be minimised by implementing a solution that offers solid app security and strong customer authentication for all transactions.
“In terms of simplifying transactions, a convenient and user-friendly trading platform will attract and retain customers. Crypto exchanges need to mimic a real-world trading scenario: if you were a trader, would you want to open an app, copy a one-time password (OTP), switch apps, and then paste it? Or would you prefer to simply open an app and scan your fingerprint? The choice isn’t difficult – and the easier option also happens to be the safer one,” says Nolte.
New financial regulatory requirements like PSD2 (Revised Payment Service Directive) stipulate strong customer authentication. Third-party apps often only authenticate logins, not transactions, and so are not compliant with these requirements – nor are OTPs.
Says Nolte, “Exchanges should be employing a more robust and convenient authentication solution that does not rely on mobile networks. They should look for a solution that offers authentication based on public key infrastructure (PKI) and transaction signing directly from the mobile phone, which will eliminate fraudulent transactions and build trust in cryptocurrency trading practices – all while providing a seamless user-experience.
“Investors want to know that they have chosen an exchange that values their money and takes security seriously. With all the hacks out there, this will become a key feature differentiating the serious exchanges from the also-rans, and customers will increasingly choose exchanges accordingly.”