The exchange is frequently stolen, and where is the security of digital currency going?

In the food chain of digital currency, the exchange has always stood at the top. But if you want to wear a crown, you must bear the weight. The security of the exchange has been criticized by the industry, and the frequent theft of exchanges has constantly challenged the industry position of the exchange and the fragile nerves of traders.

Frequent incidents of stolen exchanges

First, let's review the theft of major exchanges in the past three years. Behind the simple data is the loss of the trader's assets, the internal collapse and helplessness, the inevitable turnover of the exchange practitioners and the asset tracking that stays up all night . The incident of theft of the exchange has repeatedly sounded the alarm of industry supervision, and the whole industry has talked about stealing and thinking.

On June 17, 2016, TheDAO, the world's largest crowdfunding project in the blockchain, was attacked, resulting in a hard fork in Ethereum.

On August 4, 2016, Bitfinex, one of the world's largest digital asset trading platforms, was stolen by BTC worth more than $60 million.

On April 22, 2017, South Korea's bitcoin trading platform Yapizon was attacked and stolen $5 million in BTC.

In June 2018, the Korean exchange Bithumb was stolen and the amount of the loss reached 30 million US dollars equivalent in various cryptocurrencies.

In July 2018, the decentralized exchange Bancor was stolen and lost $23 million (mainly ETH).

On January 15, 2019, the exchange Quadrigacx was stolen, losing $190 million in BTC, ETH and CAD.

On July 12, 2019, Bitpoint (BPJ), a licensed cryptocurrency exchange in Japan, was attacked by hackers and is expected to lose about 3.5 billion yen (about 220 million yuan & about 32 million US dollars). It is also concerned by the CCTV Financial Channel. The CCTV Financial Channel's "International Financial Reporting" column reported the cryptocurrence theft.

Decentralized Exchange VS Centralized Exchange

When it comes to blockchains, the biggest feature is decentralization. In this decentralized world, the trading market is also different from the general trading market, and can be divided into decentralized exchanges and centralized exchanges according to the degree of decentralization.

Decentralized exchanges, where trading behavior occurs directly on the blockchain, digital currency is sent directly back to the user's wallet, or smart contracts stored in the blockchain.

The advantage of this type of chain trading is that the exchange does not hold a large amount of digital currency for the user, and all digital currencies are stored in the smart contract of the user's wallet or platform. Decentralized transactions are decentralized at the level of trust through technical means. It can be said that there is no need for trust. Each transaction is transparent through the blockchain. It is not responsible for keeping the user's assets and private keys. The ownership of the user funds is completely In my own hands, I have very good personal data security and privacy.

At present, the decentralized trading on the market is all EtherDelta and Germany and KyberNetwork.

Most of the current exchanges are centralized exchanges, ie exchanges that use centralized technology. Traders need to complete registration on the exchange platform first, and a series of identity verification procedures (KYC) must be passed during the registration process.

Trading on such exchanges generally does not occur on the blockchain, it may simply be to modify the asset numbers in the exchange database, and the user sees only the changes in the numbers on the books. As long as the user withdraws money, the exchange will prepare sufficient digital currency for remittance. Most of the current mainstream transactions are completed in the centralized exchanges. Currently, the centralized transactions on the market are all currency, fire, OKEx and so on.

So how do you judge whether the exchange you are using is a centralized exchange or a decentralized exchange? If you use KYC authentication when registering, most of these are centralized exchanges.

Whether it is a centralized exchange or a decentralized exchange, there have been security incidents that have been stolen. But in the trust mechanism, decentralized exchanges have more advantages. It can use the smart contract to realize the decentralized and trustworthy trading mechanism, and solve the risk of internal operation risk, business ethics risk and asset theft caused by the human factors of the centralized exchange, which seriously affect the security of the user's assets. However, in terms of transaction speed and transaction depth, centralized exchanges have advantages because of the maturity of technology.

How is the digital currency exchange stolen?

First, let's take a look at the properties of digital currency. Its essence is based on blockchain technology, an anonymized asset. Anonymity is reflected in the transmission of digital currency itself through the code, so hackers cash in after cash or transfer, have the advantage of being difficult to find, this advantage makes digital currency become the fat of the hacker's eyes. So, as long as the hacker can break the code, or if there is a bug in the trading platform, the hacker can take the opportunity to steal the digital currency.

In summary, they can be roughly divided into three categories:

Platform system bug. Blockchain technology has a high threshold, combining cryptography, computer, mathematics and other technologies. Exchanges not only need to develop trading platforms, but also need to do an integrated trading experience, which is a very big technical challenge. Often a small bug on the entire trading system allows hackers to lurk and break through and steal assets.

The exchange's hot wallet was stolen, such as Mt.Gox, Biter, and Bitstamp. Hot wallet is a network-connected online wallet. The principle is to encrypt the private key and store it on the server. When it is needed, it can be downloaded from the server and decrypted on the browser. Due to networking, personal Electronic devices may be hacked into Trojans to steal wallet files, record wallet passwords or crack encrypted private keys, and wallet servers are not completely secure.

Personal accounts are stolen, such as LocalBitcoins, currency security, etc. The means of hacking can be described as diverse, and exchanges and users can't prevent it.

How to deal with the theft of the exchange

How to deal with the theft of exchanges that occur frequently? Xiaobian feels that he can respond from the following angles.

The exchange has a long way to go

As the exchange at the top of the digital currency food chain, since it is on this throne, it is necessary to have the ability and determination to control the country. Although this is a commercial blue ocean, with the popularity of digital currency and the development of blockchain technology, the competition of the exchange is also intensifying. Exchange practitioners, especially founders and core teams, face the dual challenges of regulation and technology. The exchange must strictly polish the technology, and do code auditing, system security testing, multi-dimensional risk vulnerability testing to ensure system security, and make up-up measures. After all, security and trust are the first way to survive.

Once a security incident occurs on the exchange, the exchange needs to quickly analyze the address and capital direction through technical means, and freeze the assets according to the first time to reduce losses.

Exchanges can also begin to popularize technology in the community, allowing more users to understand the principles of blockchain, trading rules and transaction security rules. The exchange can also do a good job of user education, cultivate users' risk awareness, and timely information exchange.

In addition, exchange practitioners, especially founders, should strengthen their sense of social responsibility. You can't transfer or steal assets because of your own lusts, and you can dominate the scene of the stolen exchange. This will not only cause huge financial losses to users, but also bring negative impacts to the entire industry.

Trader, carefully drive the ship

As a trader, you need to establish a sense of security and awareness, especially in mind the rules of the transaction, in strict accordance with the steps. Trading 10 million, the first security. The transaction is not standardized, and there are two tears in the heart. As a trader, you can't track the funds after you find a security problem, but you must always have the initiative to protect your security assets. There are the following points, the trader is very easy to master and operate.

About password: PC must set a password, and do not set too simple, install anti-virus software and firewall. To periodically modify and remember the exchange login password, try to avoid using the previously used password, do not use the same password on different websites. Passwords set on one trading platform should not be used on other platforms, and passwords may be leaked due to security issues on other platforms.

About private key: It is recommended to generate a private key in the offline computer and ensure that the private key never appears on the network. The private key is only available to you. Mnemonic, it is recommended to copy on paper and keep it in a safe place. As long as the mnemonic is stolen, it can be easily re-imported into the wallet, set a password, and steal the assets in the wallet.

About asset storage: Considering the stolen situation of the exchange, the assets do not exist in the exchange, they need to be transferred when the transaction is needed, and the transaction is transferred immediately after the transaction is completed. If you only have one computer, consider installing a virtual machine to protect the Bitcoin wallet, an operating system for installing a hot wallet, and an operating system for using a cold wallet. You can put the digital currency of daily transactions in a hot wallet and put the asset storage in a cold wallet.

Association or alliance regulation

The cryptocurrency industry should establish decentralized management organizations, including media, security companies, exchanges, and so on. The blockchain industry can choose to set up associations or alliances to self-regulate and regulate companies within the industry; in this process, some mature proposals can be provided to the regulatory agencies to provide a basis for the formulation of regulatory policies, which is beneficial to The development of the blockchain industry.


Digital currency is still only in the early stage of development, the exchange, as the top king of the digital currency food chain, its security is related to the life cycle of digital currency and industry development. The safe development of the industry is inseparable from the continuous efforts of technology developers, the monitoring of security workers and the strong social responsibility of exchange practitioners.

Blockchain practitioners need to jointly maintain digital currency security, which is a long way to go.

Author: Justina