Most crypto exchanges are vulnerable by design, says Bybit CEO
Crypto exchange security is once again in the news after hackers breached KuCoin. But this shouldn’t surprise people as exchanges are vulnerable by design, according to Bybit CEO Ben Zhou.
Zhou told Cointelegraph that exchanges act as a single point of failure. As a centralized web application, exchanges are susceptible to the same security issues as all other websites.
Security becomes even more important as investors and traders are increasingly taking exchanges to task to protect funds.
The vast majority of crypto exchange servers and storage networks, Zhou said, keep digital currencies in hot wallets. If hot wallets are not properly protected, then this opens them up to theft. Zhou thinks that a cold wallet system is more secure since hot wallets are connected to the internet, making them more vulnerable to hacking. Cold wallets, on the other hand, are not connected online. The only downside is not being able to make large withdrawals from an exchange immediately.
According to Zhou, investing in security should be one of the highest priorities on an exchange platform’s agenda, especially if it operates online. To combat potential hacking threats, exchanges also need to better address vulnerable areas and apply multiple security layers for penetration testing.
Any security system should also protect information across all points of interaction. This means protecting user data from account registration, login, trading, and any information exchange with the platform. Zhou added that:
“This can be accomplished by applying best practices for application lifecycle management, hiring knowledgeable and reputable security consultants for penetration testing and running bounty programs within the white hat community to identify any potential vulnerabilities.”
Zhou also recommends cryptocurrency exchanges work with reputable security firms to carry out security audits, apply strict management processes, and invest in zero-trust architecture. Zero-trust architecture requires verification for anyone accessing a service to prevent any potential data breaches both internally and externally.
He said there are several bespoke security solutions from third-party vendors that exchanges can use but noted these could also be developed in-house.
Zhou revealed that Bybit invested considerable resources in developing and enhancing its own security protocols and solutions. They have implemented a multi-signature cold wallet system to protect the safety of users' funds.
When it comes to combating potential hacking threats, Bybit organized and conducted multiple red alert scenarios and bounty programs with the white hat hacker community. This is to ensure there are no system vulnerabilities. Zhou added that:
“Even when it comes to withdrawals, we subject any requests to at least three layers of risk-control verifications. Crypto asset consolidation among cold wallets follows the strictest policy, including physical environment security, system security, encryption techniques, operation authentication, monitoring and audit.”
As Cointelegraph previously reported, the recent crypto twitter hack was a wake-up call for centralized platforms to address online security issues.