With the increasing amount of funds stored on crypto exchanges, and the facility of moving cryptocurrencies, it’s no surprise that security is a major concern for these entities. Funds can be moved in seconds and not easily recovered. How can exchanges ensure that they are safe against hacks, and what can they do in the unfortunate event that they do get hacked? At PBWS 2020: Online Edition, we invited industry experts to provide clarity on this very important subject.
Often it’s not the blockchain or the individuals that have been hacked, it’s the exchange business themselves through traditional measures such as viruses sent via email links. Cryptocurrencies are very easy to move, so hackers only need access to the customers’ private keys. However, after the fact it is not as easy to hide cryptocurrencies because the money can be followed after the hack takes place thanks to the distributed ledger.
It varies, it can be more sophisticated actors or sometimes even teenagers. They can be skilled groups or individuals, or scammers. Hackers don’t always target money, they can also target data or other information.
Companies don’t invest a lot in cybersecurity because it is highly complex and experts are rare, however it is strategic and must be practiced throughout the organization, and employees must be trained. It’s important to train employees about hard skills such as which emails not to open and how hackers function., but also soft skills such as how to avoid being scammed during phone calls for example, because some scammers are highly skilled in persuasion.
They should take responsibility, since they are protecting the users’ assets. It is also important to admit it earlier, so that the funds can be traced and frozen. They can also take initiative to prevent it happening again by training staff and increasing cybersecurity measures. It should be a strategy, since hackers can infiltrate companies silently before attacking. Conforming to regulations also implicates accountability after a hack since the regulators will check the affected companies.
It is necessary to find the person who controls the private keys, and often they put the funds directly on exchanges or in wallets. It can be challenging to get attention from law enforcement because it is a newer sector. Smaller amounts are also more difficult to track, and the cost of tracking can be higher than the funds stolen from the hack.
Since the sector is quite new, many regulators are still learning about the ecosystem and don’t have specific policies for crypto exchanges, which can make it difficult to understand specific cases. Existing regulations could potentially be applied to these exchanges and transactions in new ways if the regulators were educated about the topics. Regulation and compliance don’t make exchanges completely secure, however, and this is important for exchanges to keep in mind so that they don’t become overconfident and neglect cybersecurity measures.