Jesse Powell, the CEO of a major crypto exchange Kraken, warned users of digital assets to not store funds on trading platforms.
The warning of Powell follows a high profile security breach suffered by Cryptopia, a New Zealand-based crypto exchange known for its listing of a wide range of small market cap tokens.
Why Investors Shouldn’t Hold Crypto on Exchanges
Any application or platform connected to the internet by nature is hackable. In essence, centrally operated crypto exchanges are similar to banks in that they hold the private keys and funds of users.
If a hacker gains access into the central servers or internal management system of an exchange, the hacker can steal user funds, private information, and financial data.
As Powell said, a more secure way of storing cryptocurrencies is in a hardware wallet or a non-custodial wallet that allows users to manage their own private keys.
“Please do not store more coins on an exchange (including @krakenfx) than you need to actively trade. Use Ledger or Trezor. DEXes are not a panacea — look at the DAO. Open source just means exploits will be discovered sooner (probably not by good guys),” he noted.
Some experts have argued that major centralized exchanges can be safer for casual or beginner crypto users because it is possible for new users to mismanage private keys and sensitive data.
Well regulated cryptocurrency exchanges like Gemini, for example, have insurers in place that are able to reimburse investors in an unlikely event of a security breach or a hacking attack.
In October, Gemini revealed that it obtained insurance coverage from Aon, one of the largest insurance service providers in Europe.
In light of recent hacking attacks on cryptocurrency exchanges, certain markets including South Korea have requested trading platforms to obtain insurance to protect investors and their capital.
Centralized crypto exchanges are still vulnerable to security breaches and it is difficult to have all of the user funds insured by insurance companies.
The risk in storing crypto in a hardware wallet or a non-custodial wallet is the lack of presence of a company or a representative that could help an investor recoup funds in an event that a private key is lost.
But, the responsibility is fully on the investor to securely manage funds and back up wallets on a regular basis and as long as the wallet is well maintained, there exists no possibility of a security breach.
The Cryptopia hack, which prompted Kraken CEO Jesse Powell to ask investors to avoid storing funds on an exchange, is currently being investigated by the New Zealand police.
In an official announcement, the New Zealand police said:
A significant value of crypto-currency may be involved and Police are taking this very seriously. We are currently talking to the company to gain a further understanding of what has occurred. A dedicated investigation team is being established in Christchurch including specialist police staff with expertise in this area.
It remains uncertain whether the exchange will be able to reimburse every investor affected by the hack.
The privacy factor in case of blockchain platforms is a little tricky as most of the public blockchains have been designed to support transactions that are transparent and there is the requirement of public (user) verification. So when privacy is considered the developed mechanism has to see that both the elements are retained without any conflict. The decentralized concept of blockchain technology highlights transparency and visibility and ensures security through encryption. If privacy or anonymity is introduced, then it would contradict with the open-source nature of the blockchain.
Tumblers and CoinJoin
The developers had first tried to achieve privacy in the blockchain space through the cryptocurrency tumblers. The process involved a group of people accumulating coins by contributing the same amount and then withdrawing a particular amount that is equal for everyone. As it would be a little difficult to show who contributed which coin exactly, a sense of privacy would be created. But, the main drawback is that you cannot expect the tumbler to not steal the coins or respect anonymity. CoinJoin was used in the Dash platform and is a step ahead of the implementation of the tumblers. The Dash blockchain incorporates CoinJoin mixing, which involves only 3 participants but, here the user’s wallet can be identified if they are not careful with browser cookies when performing transactions. This is mainly because the mixing process only hides the transaction links between the addresses instead of breaking them completely.
CryptoNote and Ring Signatures
Monero and AEON are other cryptocurrencies that focus on privacy and anonymity of the users. Here, the mixing is done automatically and the process can also hide the transaction amounts. It is also said that the anonymity feature increases with time when the outputs are seen as new inputs of new mixes. Scalability issues developed as the transactions volume increased with time as well as the risk of the blockchain becoming losing anonymity feature. Moreover, you will have to run a full node or make a connection to one of them.
CryptoNote currencies like Monero also incorporate ring signatures where outputs of similar transactions are used to form a ring structure such as to hide the real transaction. In this case, you do not need to trust any mixer. Monero had also used RingCT (Ring Confidential Transactions) system that hides the transaction amounts.
Noir and Zerocoin Protocol
The Zerocoin Protocol firstly eliminates the need of a mixer and offers very high anonymity. Other than Noir, Zcoin also incorporates the Zerocoin Protocol. This mechanism is becoming popular as it completely breaks the transaction links by using the zero-knowledge proofs. The previous methodologies simply obscured the real transactions with other transactions. It is quite an ineffective way as one can break through the coverage and see the real transaction data. But, when using a zero-knowledge proof this risk decreases significantly. Implementing a zero-knowledge proof will prevent leakage of any information other than what you want to reveal.
The Zerocoin Protocol functions by allowing you to burn crypto coins that you can later redeem. You will receive brand new coins (Zerocoin spend) when you redeem. No one can access transaction history as there is no transaction history and these coins are similar to the newly mined ones.
Cryptocurrency Noir and its developers
The cryptocurrency, Noir is also focused on making your transactions secure and private without compromising on the core nature of the blockchain. Noir is also focused on the failure of Bitcoin; lack of privacy. The objective is to develop a platform that will allow transaction of cryptocurrencies for your business or to a relative or friend without letting any competitor or enemy knowing about it. The team members of the project include the original Zerocoin project members, and cryptographers at The Technion, MIT and Tel Aviv University. With such an efficient collaboration Noir aims to be the medium for daily transactions. This decentralized digital cryptocurrency is governed by the community and anyone who wants to be in a project of the future can take part.
Noir – a community project
Noir is a community-governed project as it was taken up by the community only once the original developers had left. Now, the team mostly consists of volunteers and developers with an interest in its platform. So, in one sense Noir has been able to do what Bitcoin could not– owned by the community only and privacy. There are also talks of developing a wallet that will enable people to make a purchase in a secure and untraceable way.
Privacy as fear
The issue of privacy in blockchain-based platforms is not just about the difficulty in the process of development. Several cases have been reported where the privacy and anonymity features in the cryptocurrencies have been used for unsavory works like dealing in drugs. It also creates extra work for the regulators and such issues are also not helping them. It can even be said that anonymity introduces fear in the regulators.
Yet another Japan-based cryptocurrency exchange has been hacked, losing a 6.7 billion yen (about $60 million worth of cryptocurrency), including 5,966 bitcoins.
The licensed exchange, called Zaif, is operated by the Tech Bureau. It said on Thursday that the exchange first noticed an unusual outflow of funds on the platform around 17:00 Japan time on September 14, after which the company suspended asset deposit and withdrawal services.
Tech Bureau explained that after further investigation, it discovered that hackers with unauthorized access to the exchange’s hot wallets had stolen roughly $60 million in bitcoin, bitcoin cash, and MonaCoin. That being said, the exact amount of bitcoin cash stolen remains unknown.
The exchange added that since its own asset reserve is currently around 2.2 billion yen (or $20 million), it has reached an agreement with a Japan-listed firm called Fisco to receive a $44.5 million investment in exchange for a major share of ownership.
Tech Bureau said given the nature of the unauthorized fund access, it has filed the incident as a criminal case to local authorities for further investigation.
The incident marks the second hack in Japan this year, after Coincheck also reported that a whopping $520 million in NEM tokens were stolen by hackers in January.
Following Coincheck’s hack, the Financial Services Agency (FSA) – Japan’s financial watchdog – has launched a series of inspections on cryptocurrency exchanges in the country regarding their security measures.
The FSA had already notably issued a business improvement order to Tech Bureau in March specifically on its security and anti-money laundering enhancement.
Cryptojacking is a cyberattack like no other. Attackers don’t steal your data or ransom off access to your network. Instead, they commandeer your hardware when you’re not looking and redline the processors to mine cryptocurrency.
This rise in malware corresponded to the astronomical rise in cryptocurrency’s value. By December 2017, Bitcoin was worth nearly $20,000 — or 20 times the average ransomware payment at the time. Today, that price has settled to an average of just over $6,000 — but that doesn’t mean cryptocurrency’s dominance is waning.
Some startups may falter or fail, but cryptomining isn’t going anywhere, and neither is the malware that exploits it. Decentralized currency has been revolutionary, and it’s easy for hackers to exploit that by simply “borrowing” your computer when you’re not using it. No matter how much or how little they use it, they get a 100 percent return for every processor they infect.
Cryptojacking Is Here to Stay
The blockchain technology that powers Bitcoin and similar companies is what makes cryptocurrency much more than just a trend. Besides decentralizing currency, it’s being used for legal, agricultural, real estate, and other industry applications. However, the ability to create wealth digitally is what makes it a prime target for hackers.
Mining cryptocurrency isn’t illegal, but it does take a substantial investment in hardware to create any amount of substantive wealth. For instance, you could invest several thousand dollars in the most powerful laptop with multiple high-end drives and eventually recoup your investment.
For a hacker, though, it isn’t about investing money in new hardware. It’s about pouring time into writing malicious code that will give them access to thousands of processors around the world. That is ultimately much more cost-effective than investing in their own hardware.
Cryptojacking malware is written specifically to hide once it’s in your system and activates only when your computer becomes idle. It doesn’t compromise your data or access to your network. In fact, the most effective codes leave almost no footprint because their goal is to remain as long as possible.
Warning Signs to Watch For
The fact that you might never know it’s there makes cryptojacking the phantom of malware. But maxing out your hardware’s operating capacities every night will eventually lead to odd tech behaviors, and that can act as a warning sign. Plus, hackers still have to retrieve their prize, which often leaves a handy trail of breadcrumbs to follow if you know what you’re looking for.
For example, even during peak business hours, employees don’t usually do enough at one time to push their computers to the max (except for IT personnel, graphic designers, and other tech-heavy roles). On average, the equipment they use should last for several years before slowing down and showing its age.
But if those same PCs and laptops are being switched on and maxed out after everyone leaves each night, they won’t last nearly as long. It may not be immediately obvious, but the processors will burn out sooner than expected. This can lead to employees having trouble maintaining their productivity and you upgrading your infrastructure years earlier than you originally planned.
Fortunately, you don’t have to wait until your hardware starts to crumble before recognizing these signs. Performance monitoring tools can detect when certain devices are running at 3 a.m. and how much juice they’re using. Analytic software can track down and identify outbound communications to places where your hardware shouldn’t be communicating.
Even more fortunate is that cryptojacking tools have the same weaknesses as all other forms of malware. For instance, they work only if you let them in. Proper preventive and security measures can usually protect your network from them, and even if your system is infected, the virus can be routed out before it causes significant damage.
How to Protect a System Through IT Security
The first step to protecting any system from malware is to invest in decent antivirus software, including anti-spam and anti-phishing filters for your email platforms. Along with ransomware and other malicious code, cryptojacking happens through email phishing techniques. It’s also useful to invest in a high-quality backup system, preferably on-premise and cloud-based, to protect your data in worst-case scenarios.
Such solutions are as cost-effective as they are essential, but they work only if you train employees to stay diligent against any attacks that might make it through. Tricks like display-name spoofing can fool some anti-phishing tools, and overconfident employees might still invite in cryptojacking malware without realizing it.
If your system is infected, then performance monitoring and analytics tools can reveal the malware’s incriminating symptoms. Depending on the extent of the virus, restoring your system may require routing it out or resetting it and starting fresh with your backed-up data.
If you’ve partnered with a managed IT service provider, it can run a comprehensive systems analysis to scan software registries and measure each device’s performance. After stripping the code from your system, your provider will run a thorough retest before giving it a clean bill of health. Then it’ll help you ensure proper security measures are in place to prevent it from happening again.
Printing money is a thief’s dream, and with cryptojacking being so lucrative, it isn’t likely to disappear or fade. Sooner or later, it could hit any company, so implementing sound protective methods is crucial. Put in place strong antivirus software, know how to recognize the symptoms, and if worse comes to worst, know how to recover as effectively as possible. Even if you can’t avoid cryptojacking malware, you can minimize its damage by staying a few steps ahead.
Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!