Get trading recommendations and read reviews on Hacked.com for only $ 39 a month
Yesterday, January 26, CoinCheck executives officially declared when they a press conference that $ 530 million XEM, the native cryptocurrency of the NEM network, was stolen by an unknown group of hackers.
Poor security measures
At the press conference, CoinCheck executives revealed several details regarding the hacking and, more particularly, the CoinCheck cryptocurrency exchange infrastructure. Yuji Nakamura, a technology journalist based in Japan, reported that the CoinCheck trading platform had not implemented multi-signature technology, stocked all pirated funds in a hot wallet, and that CoinCheck developers still do not know how the exchange was hacked.
Most of the major cryptocurrency exchanges such as Kraken, Coinbase, and Bitfinex have multi-signature security measures that prevent the processing of funds on public blockchain networks until they are cleared. a third-party security service provider confirms the legitimacy of the transactions.
For example, Kraken and Bitstamp partnered with BitGo, the industry's largest multi-signature technology and security blockchain firm, to ensure that hackers can not not withdraw funds from their platforms
The absence of a multi-signature service is a critical security flaw for any cryptocurrency exchange. If the multi-signature technology were integrated, the $ 530 million security breach could have been avoided.
In addition to not having multiple signature security measures in place, CoinCheck kept all of its funds in a warm wallet. In cryptocurrency, a hot wallet is defined as a wallet connected to the internet, while a cold wallet is described as a wallet that is stored offline. For large sums of money, cryptocurrency exchanges usually store cryptocurrencies in cold stores, to ensure that even in the case of a hacking attack, hackers can not access funds users.
CoinCheck's malpractice of storing funds in a hot wallet and failing to implement a multi-signature system ultimately resulted in the loss of $ 530 million in utilization funds.
Throughout the press conference, CoinCheck executives and its CEO refused to admit that the exchange was not secure, despite the obvious weaknesses of its infrastructure . Nakamura noted:
- Only NEM has been assigned
- CoinCheck plans to continue operating
- Order No on the Refund of Customers
- No multi-signature
- We would not admit that security was weak
- I do not know how he was hacked
It was also revealed that CoinCheck had not filed with the Japan Financial Services Agency (FSA) because it was confident in its security measures . Yet, CoinCheck's development team still needs to understand how the trading platform has been hacked.
If the method of a security breach can not be unraveled, the exchanges probably can not add the necessary improvements to prevent similar attacks from happening again in the future.
Do not store funds on trade
Given the weak and weak infrastructure of CoinCheck, a large-scale attack was inevitable. The company's developers are probably relieved that other cryptocurrencies on the trading platform such as Ripple or Bitcoin have not been affected.
As a general rule, investment in cryptocurrency is very unsafe to leave funds on centralized platforms. The safest way to store cryptocurrencies is to leave them on non-custodial platforms, where users have absolute control over their private keys.
Image of Shutterstock at one time
Follow us on Telegram.