The currency was stolen again, and the loss was nearly 300 million. How does the exchange protect the security of user assets?

On May 8th, the well-known cryptocurrency exchange currency issued an announcement: The currency security discovered a large-scale security vulnerability at 17:15:24 on May 7th. The hacker stole from the currency security BTC hot wallet at block height 575012. 7,000 bitcoins.

Source: Coin official website

The announcement said that by exploiting security vulnerabilities, hackers obtained a large number of user API keys, 2FA codes, and other possible information, and used phishing, viruses, and other technologies to attack.

According to the currency security, the hacking incident only involved the stolen transaction, and only affected the BTC in the coin security wallet (announced that this part of the BTC accounts for about 2% of the total amount of BTC held by the currency security).

For the stolen BTC, Coin said it would use the SAFU Fund (full name "User Security Asset Fund", which was established in July 2018 and invested 10% of all transaction fee income to provide insurance for potential security breaches) Full payment to protect user assets from loss.

At the same time, in order to prevent such incidents from happening again, the currency has suspended all the bitcoin withdrawals and recharges, and will conduct a security review for about a week.

1

Where is the most secure encryption asset?

For the hacked exchanges and the theft of encrypted assets, industry insiders have long been accustomed to it.

According to a report released by the US digital currency security company CipherTrace, in the first half of 2018, the global cryptocurrency exchange had $731 million worth of crypto assets stolen by hackers.

• Analysis of the loss of 7000 bitcoin and the theft of the coin hot wallet
• What is the SAFU fund of the currency security? Is $41 million a small case for it?
• Decreased power by 88%? Bittland may be seeking a new round of bitcoin mining "bidding war"

Why do hackers have a soft spot for cryptocurrency exchanges?

The most direct reason is because it is profitable. As an upstream of the cryptocurrency market food chain, cryptocurrency exchanges aggregate the assets of a large number of institutions and retail investors. Compared to attacking individuals, the benefits that an attack exchange can take are even more impressive. Of course, as a head exchange, the currency security is more favored by hackers.

In addition, the reason why hackers dare to do whatever they want is because the cryptocurrency industry, including cryptocurrency transactions, is still largely outside legal supervision. For hackers, the risk of attacking an exchange is much less than attacking other economic entities of equal value, and the cryptocurrency is also uniquely convenient and secure in terms of cash and cash transfer.

More importantly, cryptocurrency exchanges have a relatively low level of security. This aspect is due to the fact that cryptocurrency is different from other assets and cannot exist without the network. As long as it exists on the network, there is always a way to invade. The difference is only the cost. On the other hand, the level of security protection between different exchanges is very different, and the lack of attention to security maintenance is the root cause. The current exchange is more about doing post-processing, not pre-emptive prevention.

In this way, the theft of encrypted assets is almost impossible to prevent. Where is the safest?

First of all, it must be a cold wallet. A hot wallet is an online wallet, and a cold wallet is an offline wallet. In theory, the cold wallet can make the private key never touch the net, which can effectively prevent hackers from stealing.

However, if you want to invest in long-term encrypted assets on the trading platform, it is recommended to choose a head exchange such as currency security and fire currency. Although they are often attacked, the user's assets can still be protected. Even if it is stolen, there are exchanges, just like the 7000BTC was stolen, and the company announced that it will use the SAFU fund to pay the user's damaged assets in full.

2

The currency is "black" history

This is not the first time that the currency has been stolen.

In the middle of the night of March 7 this year, the currency security was attacked by hackers. But what's interesting is that during this attack, a large number of users found that their account was stolen, but the hacker did not directly steal the user's cryptocurrency, but sold the cryptocurrency in the account at the market price without the user's knowledge. After buying Bitcoin, the BTC in the stealing account was manipulated to purchase a digital currency called VIA, which drastically increased its price.

This "singular" hacking attack has led to a general plunging of the cryptocurrency market, including Bitcoin, while VIA has achieved a hundredfold increase.

In July last year, the currency security was also suspected of being stolen 7,000 BTCs. Although the currency security did not confirm the matter, at that time, the "About SYS Abnormal Transaction Processing Plan" was issued in time, and the SAFU fund was established in the same month.

For the BTC theft incident on May 8, most of the industry insiders also expressed their views afterwards:

Zhao Dong, founder of Dfund, said, "In the eyes of professional hackers, there is only a time problem, there is no unbreakable exchange. Zhao Changpeng is straightforward and transparent, and I still believe and support the currency security as always."

Source: Weibo

He Yi, co-founder of the currency security company, said, “In the world of blockchain, transparency is the foundation. We hope to have the courage and perseverance to take responsibility while being transparent. Protecting the interests of users is our value criterion. In this difficult period. We will strive to maintain transparency and continue to update you with relevant information, thank you for your support."

Source: Weibo

Wave field founder Sun Yuchen said on Weibo, "In order to express my support for the currency security, I will personally deposit 7,000 BTC equivalent US dollars (a total of 40 million US dollars) into the currency security for the increase of the currency security. Coins (BNB), Bitcoin (BTC), Wave Field (TRX) and Currency (BTT), if Zhao Changpeng agrees to do this. Don't panic, everything is fine!"

Source: Weibo

In addition, there have been many conspiracy theories about the incident. These conspiracy theories mainly include:

1. Surveillance and self-stealing. This is not the first time that the currency has been stolen, but it is 7000BTC every time, which is too coincidental;

2. In order to create momentum for the decentralized exchange of the currency;

3. In order to combat the upcoming Bitfinex;

4, hacking is not for 7000BTC, but to create panic, short market;

……

1

Those stolen exchanges

According to relevant media reports, the hackers in the money theft case should have been premeditated for a long time. Just a few hours before the attack, Zhao Changpeng revealed on Twitter that the currency security would be subject to some “unscheduled” server maintenance. Work, and the hacker is likely to be aiming at the timing of this maintenance and find the vulnerability to attack. But as of now, it is not clear whether hacking is related to this server maintenance.

According to the data of PeckShield digital asset escort system, as of now, the 7074 BTCs that were stolen by the money security wallet were temporarily stored by hackers in 20 main addresses and have not been further spread.

According to the current BTC price, the total loss of the currency is more than 41 million US dollars, and all user losses will be fully borne by the Kanan SAFU Fund.

This kind of treatment is the most direct. Why are other stolen exchanges in history historically stolen? How is it handled?

Table: Historically stolen exchanges

Source: Zero Financial is organized according to public information

Note: This article only represents the views of the authors and interviewees and does not constitute any investment advice.

Text | Mr.J

Source | Zero Finance

We will continue to update Blocking; if you have any questions or suggestions, please contact us!