The real life of the owner of the exchange: the horror of the thief, the night can not linger

Xu Mingxing once dreamed that someone had kidnapped him and asked him to hand over Bitcoin. Awakened in his dream, he redesigned the security mechanism of the exchange the next day.

Since I opened the exchange, I can't sleep every day, worrying about theft of the client's assets.

Even the founder of the OK, Xu Xing, has experienced this kind of mood in the early days of the venture. The founders of the exchange are no exception.

The bull market is coming, and the biggest short seller in their eyes may be a hacker.

• Three stages of bitcoin awareness: Trump, Fed chairman, MPs PK
• DApp Ecology | Halo is snatched away by DeFi, how do the left-wing chain tour developers break through?
• Frequent news on the regulatory level, Iran is in urgent need of compliance with Bitcoin mining business

After all, the yak market sells more money. For example, Wu Jiazhi, vice president of blockchain security company PeckShield, said that the hackers attacking the exchange are all a group of people who are familiar with the exchange system and understand the cryptocurrency. Therefore, selling the stolen coins is also an opportunity. "After $8,000 on the Bitcoin station, the previously monitored hacker address started to move again, and the currency often went into the exchange after a few turns."

With the market coming, it is the multiplication of the exchange's funds. Naturally, this battleground has become a hot spot for entrepreneurs and capital chasers, and it has also become the target of hackers.

Slow fog statistics, since the second quarter of 2019, nearly 10 exchanges including Coinbase and Coinbase have been successfully attacked by hackers, with losses exceeding US$76 million.

Many unnamed exchanges have been shut down due to hacking. If they are not shut down, they may just be able to pay for it.

The exchanges have survived the bleakness of the bear market, but have not escaped the bull market hackers.

The money is scared, the founder is sleepy

The coin was created, leaving a "pit of the exchange, it is difficult to continue." It is very emotional.

According to industry insiders, before and after the 7,000 Bitcoin was stolen (in early May), many exchanges were also robbed by hackers. Therefore, there are many small exchanges that are under pressure to shut down.

The founder of a small exchange has been under tremendous pressure since then. "Although the hole was later filled in, it is said that the founder has often lost sleep and couldn't sleep since then, and the spirit has almost collapsed. After several months of persistence, he decided to close the station."

OK founder Xu Mingxing once dreamed that someone had kidnapped him and asked him to hand over Bitcoin. Investing in the net reported that he was awakened in his dream. He redesigned the security mechanism of the exchange the next day, handing the cold wallet key to multi-person management and establishing off-site backup.

There is no shortage of lessons in the history of exchange security, and Mentougou and Bitfinex have stolen 100,000 bitcoins, which still deeply affect the relevant parties.

Everyone who sits on the position of the CEO of the exchange is like Damocles who suddenly gets the throne. In front of him, in addition to the wine and beauty in front of him, there is a sword hanging above the throne with only one horse. For the exchange, this sword is a hacker attack at any time, and hundreds of millions of wealth may also be handed over.

“All the exchanges are most worried about being stolen. There is no safest, only safer, and safer.” Yao Yuan, founder of HB.top, said frankly, “hackers are the same as the policy ban. Two big problems."

Every time a stolen coin occurs, it will stimulate Yao Yuan’s nerves. On the second day after the currency was stolen, Zhao Changpeng appeased the user on the live broadcast and detailed the compensation plan. "I can see that he was very embarrassed all night. When this happened, I had to pay the bill. I was worried about it happening to me." Yao Yuan said frankly.

Other people’s wallets don’t dare to use them, and they don’t dare to use them.

The exchange needs to prepare enough liquidity to raise coins every day. According to industry sources, some exchanges are going to pay and raise money. It is the work of several founders working together every morning. "Thinking about it is still very manual, treacherous, and the money is not cleaned up? "

This sense of ritual reminds every day that they are the largest center in the industry and the biggest target.

"More than one exchange founder told us that I was worried and couldn't sleep. Then I repeatedly asked us to do a good job in testing and strengthen system security." Slow Mist Technology Partner and Security Leader One Piece told Odaily Planet Daily.

An entrepreneur in the field of exchanges said, "The centralized exchanges are actually quite big for the founders. After all, there are only a handful of money that can be lost. The exchanges have to make their own wallets, and others don’t dare to use them. Some people don’t even dare to use their own wallets."

The anxiety of the founders is not without reason. According to the data provided by the Slow Mist team, since the second quarter of 2019, nearly 10 exchanges including Coinbase and Coinbase have been successfully attacked by hackers, with losses exceeding US$76 million.

Every day, Yao Yuan can see the reports of malicious scans and attack servers submitted in the analysis log from Alibaba Cloud and Amazon Cloud purchased by the exchange. “Looking at the anxiety, we have to play 12 points of spirit every day, be cautious and operate, and repeatedly check the health indicators of the system. Although it is boring but important.”

Under the control of fear, some head exchanges spare no expense to dig senior security personnel.

“The average salary of security personnel is usually twice as high as that of programmers with the same qualifications. For those with special abilities, there is no upper limit, and the Offer is more likely than the boss.” Wu Jiazhi told the Odaily Planet Daily.

Wu Jiazhi admits that for a while, several partners have received the offer of hunting hair. "Everyone found out that they were all issued by the same head exchange."

In addition to staffing, there are also investments in wallets and hosting services. According to Coinbase's quotation announced a year ago, its hosting service will charge $100,000 at a time, on the basis of which it will increase by 10 basis points per month, and the client's encrypted asset balance must be no less than $10 million.

The high cost of security is indeed not a common exchange. Coin founder said on Weibo that security cost is one of the reasons for choosing to shut down: “Small team development resources are extremely limited, and it is impossible to tilt a lot of energy on security while maintaining functional progress.”

There are countless pits for trading security.

Such high security literacy is taught by the pits that the exchange has stepped on.

1, patient hacking under the end of half a year

At the beginning of May, the currency was stolen. Beijing Chain Security analysis believes that the problem lies in the fact that the currency security network has been infiltrated by hackers for a long time, thus easily obtaining user keys and other related information, and then withdrawing the coins.

More than a month before, DragonEx, BiKi and other platforms have just been "infiltrated" by hacker organization Lazarus.

According to 360 security experts, Lazarus usually takes half a year to investigate the internal structure of the exchange, and then disguise the identity and exchange personnel with the exchange for long-term communication.

"It's all friends, who will have such strong defenses?" 360 security experts said. When the time is ripe, the trading company will recommend automatic trading software that adds malicious code. Once the exchange personnel are recruited, the hacker can control the computer in the cloud, get the information and permissions he wants, and do whatever he wants.

“Starting in October last year, I finally received the net in January and March of this year.” When patient Lazarus received the net, only the DragonEx family made a profit of 40 million yuan. "In the face of such long-term, well-designed traps, most companies can't stand it." 360 security experts added.

2, pick the security personnel will be weak when the will

Ordinary hackers, even without Lazarus, are so patient, in order to improve the success rate, after the early test, they will ambush to the appropriate time to start.

Yao Yuan does not like to spend the holidays, because it is the most dangerous at this time, and I must do my best to prevent these people. "The hacker stares at you all the year round, even if it is stolen on the first day of the New Year's Day. The hacker still squats at night, and there must be someone on duty to monitor from 2 am to 5 pm." There are only 10 people in the team of HB.top, and security personnel account for 3. ”

3. Don't just blow yourself safely.

There is no small matter in safety. But there are still exchanges that ignore this rumor.

Security industry practitioner Ken told Odaily Planet Daily that the exchange avoids high-profile exaggeration. Some exchanges may not be on the line for a long time, and there have been no problems, so they are touting how powerful and secure their technology is on social media.

"What? Then I have to challenge. The hacker is likely to come after seeing it. So, security matters should be done silently, with less holes and zero loss," Ken said.

4, the stolen money is still not known as the most miserable

The risk warning is only the first half of the security attack and defense, and the other half is the processing power after the hacker attack. If it is handled properly, it can definitely reduce the loss to a minimum or even zero.

The Shield team sometimes encounters the attacked customer for help. The headache at this time is that I know the fact of being attacked, but I don’t know where the problem is.

"When I first started working, I felt very embarrassed and stressed. Sometimes I had to take a day or two to check the problem, and then I got used to it." Wu said.

In July last year, HB.top found that there were hundreds of USDTs in the wallet, so it was quickly investigated and found that hackers were launching fake recharge attacks, that is, hackers pretending to break into USDT in the exchange account, but actually using the exchange mechanism. Vulnerabilities (when the USDT has not arrived, the fake recharge account was given the right to withdraw money), allowing the hacker to withdraw within a few minutes, thus causing a deficit.

After discovering the problem, HB.top immediately checked the hacker account and adjusted the mechanism to open the coin after the approval of the account record, thus blocking the hacker's larger amount of fake recharge.

Later, it turned out that this "innovative" attack by hackers would have dealt a large number of exchanges, and some exchanges lost as many as millions of USDTs.

To sum up, many practitioners believe that the most vulnerable part of the exchange's security is people.

The first is how high the security awareness of the boss is, and the range of people who are willing to believe when the private key is saved. Second, there is no place in security investment, mechanism setting and security education.

As Yao Yuan said, where human nature is weak, it should be restrained by institutions. For example, some companies set up internal and external gateway cards to implement network isolation, and also require all employees to install anti-virus software, do not open unknown links, and so on.

It’s not terrible to lose money. The terrible thing is that the exchange has no money to pay.

The exchange itself is safe, on the one hand; on the other hand, it is the transaction user.

The above entrepreneurs believe that users will not assess how safe they are when they choose an exchange. After all, the big ones will be stolen.

So what do users mainly look at?

The key is to see if the exchange can lose the money after losing money. This involves whether the exchange has set up a counterfeit money payment fund and acts after the attack. If the exchange's claims are in place, the stolen money may also add value to the brand's value. "I don't know if the big exchange is safe, but I know he won't run."

At present, both large and small trades tend to pay in full after losing money.

But in the eyes of security practitioners, the security of a type of exchange can be quite worrying – those black horses that suddenly fire up.

Many exchanges did not pay attention to security protection in the early days. After rapid development, they were also easy to become Easy Girl in the eyes of hackers. We have seen that in the past three months, new exchanges such as Biki and Matcha have been looted by hackers.

Wu Jiazhi admits that compared with two years ago, the safety awareness and protection technology of practitioners have indeed improved. Some exchanges even purchased expensive services such as managed wallets and AWS's Key Hosting Service (KMS).

In the case of multiple measures, we can see that the number of stolen exchanges has dropped significantly.

Data from: Slow fog

But security practitioners know that man-made systems have a variety of possibilities to be overcome. In other words, the security issue is the Achilles heel of the exchange, and the industry will always exist.

Text | Huang Xueyu

Produced | Odaily Planet Daily (ID: o-daily)

Original article; unauthorized reprinting is strictly prohibited, and violation of the law will be investigated.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!