Most crypto exchanges are vulnerable by design, says Bybit CEO

Published at: Sept. 27, 2020

Crypto exchange security is once again in the news after hackers breached KuCoin. But this shouldn’t surprise people as exchanges are vulnerable by design, according to Bybit CEO Ben Zhou. 

Zhou told Cointelegraph that exchanges act as a single point of failure. As a centralized web application, exchanges are susceptible to the same security issues as all other websites. 

Security becomes even more important as investors and traders are increasingly taking exchanges to task to protect funds. 

The vast majority of crypto exchange servers and storage networks, Zhou said, keep digital currencies in hot wallets. If hot wallets are not properly protected, then this opens them up to theft. Zhou thinks that a cold wallet system is more secure since hot wallets are connected to the internet, making them more vulnerable to hacking. Cold wallets, on the other hand, are not connected online. The only downside is not being able to make large withdrawals from an exchange immediately.

According to Zhou, investing in security should be one of the highest priorities on an exchange platform’s agenda, especially if it operates online. To combat potential hacking threats, exchanges also need to better address vulnerable areas and apply multiple security layers for penetration testing. 

Any security system should also protect information across all points of interaction. This means protecting user data from account registration, login, trading, and any information exchange with the platform. Zhou added that:

“This can be accomplished by applying best practices for application lifecycle management, hiring knowledgeable and reputable security consultants for penetration testing and running bounty programs within the white hat community to identify any potential vulnerabilities.” 

Zhou also recommends cryptocurrency exchanges work with reputable security firms to carry out security audits, apply strict management processes, and invest in zero-trust architecture. Zero-trust architecture requires verification for anyone accessing a service to prevent any potential data breaches both internally and externally. 

He said there are several bespoke security solutions from third-party vendors that exchanges can use but noted these could also be developed in-house.

Zhou revealed that Bybit invested considerable resources in developing and enhancing its own security protocols and solutions. They have implemented a multi-signature cold wallet system to protect the safety of users' funds. ​

When it comes to combating potential hacking threats, Bybit organized and conducted multiple red alert scenarios and bounty programs with the white hat hacker community. This is to ensure there are no system vulnerabilities. Zhou added that: 

“Even when it comes to withdrawals, we subject any requests to at least three layers of risk-control verifications. Crypto asset consolidation among cold wallets follows the strictest policy, including physical environment security, system security, encryption techniques, operation authentication, monitoring and audit.” 

As Cointelegraph previously reported, the recent crypto twitter hack was a wake-up call for centralized platforms to address online security issues. 

Tags
Related Posts
Pioneering hardware wallet brings enhanced staking to cold storage
Twelve months ago, the total value of cryptocurrency locked in staking programs was barely more than $1 billion. Today, there is $58 billion locked in decentralized finance, or DeFi. The adoption of DeFi has been a sea change that’s helped push the crypto industry into the mainstream, but it’s hardly the only one. Mainstream institutions including MicroStrategy and Tesla have poured billions of dollars into Bitcoin — and some have been buying the dip — while nonfungible tokens have evolved from CryptoKitties and CypherPunks to an artistic medium pulling in millions in bids for a new generation of digital artists …
Technology / June 8, 2021
Crypto Startup Uses Surveys to Build Exchange Based on ‘Emotions and Thoughts’ of Traders
A new crypto exchange says it offers “bells and whistles” compared with rivals – and argues that most of the market leaders are failing to provide investors with the technical analysis tools they need to make informed decisions. In a break away from confusing user interfaces, Encrybit wants to help traders that it says have been pushed to use third-party software because exchanges have let them down. It claims many crypto enthusiasts have no choice but navigate between multiple exchanges – remembering seemingly endless passwords and withdrawals fee in order to access the broad range of cryptocurrencies they want to …
Blockchain / Nov. 30, 2018
Overview of Software Wallets, the Easy Way to Store Crypto
Similar to a bank account for fiat currency, a crypto wallet is a personal interface for a cryptocurrency network that provides reliable storage and enables transactions. Whether a cryptocurrency is securely stored or not, much depends on the wallet, which is only as secure as its private keys. Wallets are generally either hot or cold. The funds in a hot wallet can be spent at any time, online. A cold wallet functions in contrast: not intended for regular cryptocurrency transactions, but funds can be received at any time. Wallets can also be divided into three groups: software, hardware and paper. …
Blockchain / March 29, 2020
Broker Launches ‘Trading Ideas’ Tool ​—​ Incentivizing Experts to Share Insights on Crypto
A contract-for-difference (CFD) broker says its platform is one of the first to operate in both crypto and fiat currencies — with a simple interface that’s designed to appeal to new and advanced traders alike. SimpleFX says that it already boasts more than 200,000 active traders around the world and aspires to become “the go-to app for the new generation of mobile-first traders.” In order to achieve this objective, the company has added social features that deliver a social element to its platform — giving experienced traders an opportunity to gain influence, mentor their followers and earn a reputation. Known …
Blockchain / March 25, 2019
Binance Falls From Top 10 in CryptoCompare’s New Crypto Exchange Rankings
London-based crypto data provider CryptoCompare has updated its crypto Exchange Benchmark, removing Binance cryptocurrency exchange from the list of the top 10 exchanges. Binance, the second biggest crypto exchange by daily trade volume to date, is not included in the CryptoCompare’s list as the rankings do not rely on aggregate volume data in its analysis, the firm said in a press release to Cointelegraph on Nov. 19. In order, the top 10 crypto exchanges in CryptoCompare’s second Exchange Benchmark are: Gemini, Paxos’ itBit, Coinbase, Kraken, Bitstamp, Liquid, OKEx, Poloniex, bitFlyer and Bitfinex. Binance was ranked seventh in the first Exchange …
Blockchain / Nov. 20, 2019