Only a third of cryptocurrency exchanges inspected got a full pass in a recent government security audit.
The Ministry of Science and ICT, the Korea Internet & Security Agency and the Ministry of Economy and Finance inspected a total of 21 crypto exchanges from September to December 2018, examining 85 different security aspects.
Notably, only 7 of them – Upbit, Bithumb, Gopax, Korbit, Coinone, Hanbitco, and Huobi Korea – cleared all the tests, CoinDesk Korea reported Thursday.
The remaining 14 exchanges are “vulnerable to hacking attacks at all times because of poor security,” the Ministry of Economy and Finance said, though it didn’t name the platforms. The agencies put down the security failures to “insufficient establishment and management of security system such as basic PC and network security.”
The exchanges were inspected in a review that looked different aspects of administrative, network, system and operational security, as well as database backup and wallet management.
South Korea has lost many millions of dollars in cryptocurrencies through hacks at exchanges such as Coinrail (over $40 million) and Bithumb (over $30 million).
Back in February, the country’s officials said that they believed North Korean hackers were behind the attacks. Indeed, North Korea’s infamous hacking group, Lazarus, has been reported to be behind the theft of $571 million in cryptocurrencies since January 2017, according to a report from cybersecurity vendor Group-IB.
In the wake of the security breaches, South Korea’s Financial Services Commission, in July of last year called on politicians to pass a bill regulating domestic cryptocurrency exchanges with urgency in order to counter lax security in the industry.
To mark the tenth anniversary of the genesis block – the first-ever block of Bitcoin mined – crypto holders across the globe are withdrawing funds from third party exchanges. Doing so, will ensure these exchanges are solvent and, more importantly, honors crypto’s founding principle of independence from centralized financial systems. This ‘Proof of Keys Celebration’ has gained steam and we are supportive.
At Blockchain, we’ve always believed that owning and controlling your private key – and with it your crypto – is the single most important aspect of using crypto. Without having full control over your private key, you’re missing the defining aspect of crypto: user controlled, sovereign assets. Not sure what your private key is? Learn more here.
Enabling users to “be your own bank” and truly maintain control of their crypto has been at the core of the Blockchain Wallet since its inception. Our passion for ensuring that users retain control over their funds was extended last year with the launch of Blockchain Swap, a next generation trading product that allows Blockchain Wallet users to exchange crypto quickly and with ease for the price you’d pay on exchange, without giving up control of your keys.
Not one of the 30M+ Blockchain Wallet holders using our platform to store, trade and transact while maintaining full control of your funds? It takes moments to create a free Blockchain Wallet with a verified email address and be on your way to taking back control of your crypto from centralized exchanges. Get started here.
Note to those planning to take part in the Proof of Keys Celebration: As you prepare to transfer funds from your exchange account to your wallet address, make sure to factor in withdrawal limits and network congestion. And, as always, it is critical to keep your private keys secure. Don’t share them with anyone you don’t want to share full control over your funds.
An open source and decentralized blockchain says it is reducing barriers to entry for newcomers so “everyone can enjoy the benefits and security of crypto.”
A blockchain-based platform says it is the first that puts all users and ecosystem participants on an equal level, and has set out its vision for how its platform will develop in the coming months and years.
Transcendence describes its blockchain as open source and decentralized, and says it offers full compatibility with existing systems such as AmiCloud, an internet-based file storage and file sharing facility, and the indieGO app store.
The company says it wants its platform to offer an open marketplace for developers and artists, giving content creators a way to interact through a decentralized messaging service that provides an option for private communication.
Wallets for Telos Coin, Transcendence’s native cryptocurrency, are being made available through eight operating systems. As well as Windows, iOS, Mac, Android and Linux, support is being offered for those who use AmigaOS, AROS and morphOS.
Through the online web wallet for Telos, the company says that users no longer need to store their private keys or use an offline wallet – adding that transactions can be completed quickly and easily. Further, users have the opportunity to receive payments for the services they offer, with merchants able to integrate the TelosPay system into their website if they so wish.
“Fully fledged infrastructure”
In a video explaining its offering to consumers, Transcendence said its Telos Coin is based on a fork of PIVX technology. The clip adds: “Low energy consumption in comparison to other Proof of Work coins means Telos Coin offers an extremely low cost entry point, which means there is a significantly reduced barrier to entry for users. Everyone can now enjoy the benefits and security of blockchain technology and cryptocurrency.”
The project says that its infrastructure is fully fledged and based on a “decentralized and democratic peer-to-peer model.” Transcendence believes that, in practice, this means that no single entity has the capability of causing its network to stop working – and resultantly, this means funds remain safe and secure at all times.
One of the main services offered by the project is a dashboard where users can send and receive coins, check their balance, and monitor current exchange rates for Telos in one place. The team behind Transcendence says that creating a well-designed and user-friendly dashboard has been a priority.
The next phases
In its white paper, Transcendence has also set out a series of projects where users will be able to use Telos Coin as payment. Among them is ProfitCycle, a concept which enables crypto enthusiasts to earn the currency as they ride their bike in everyday life. An app serves as a wallet, navigation system and community hub – directing the user to places where they can spend their crypto. Power banks are used to power the technology behind the ProfitCycle, and also enable the cyclist to keep their cell phone charged while they are on the move. When the product launches, customers will have the option of purchasing a kit to adapt their existing bike, or buy a completely new one that is furnished with the technology.
Meanwhile, CryptoMages is a trading card game which is set to launch on the Transcendence blockchain. As well as monthly online contests and a global ranking system, the project has plans to release physical decks for the cards which players could use to store Telos Coin in the real world.
Transcendence is the brainchild of Pascal Papara, and Telos Coin has already been listed on five exchanges – including Graviex, SouthXchange and BiteBTC.
Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.
Hackers have reportedly been awarded $878,000 in bug bounties by blockchain companies on vulnerability disclosure platform HackerOne this year.
White hat hackers have been awarded $878,000 in bug bounties this year, technology news website TheNextWeb reports on Dec. 30.
Bug bounties are a type of competition in which companies that develop software invite hackers to break their software and responsibly disclose the vulnerabilities, so they are able to fix them before they are exploited.
According to TheNextWeb, hackers earned $534,500 on HackerOne, a bug bounty platform connecting companies with hackers just from Block.one, the company which stands behind EOS. In fact, Block.one is reportedly responsible for 60 percent of all the bounties handed in this year.
Major cryptocurrency exchange Coinbase is reportedly the second-largest bounty spender and spent $290,381 in 2018. Tron is third-largest bounty spender, reportedly paying $76,200 this year.
Nearly four percent of all bounties awarded on the platform were for blockchain vulnerabilities, a HackerOne spokesman told TheNextWeb. The average prize in the blockchain industry was $1,490 this year, while the average HackerOne bounty in Q4 2018 was about $900.
As Cointelegraph recently reported, EOS decentralized apps (DApps) have reportedly lost up to $1 million to hacks since July. Also, hardware wallet Ledger recently expressed regret over the fact that the security researchers disclosed vulnerabilities in its hardware wallets publicly instead of following the standard security principles that are written in Ledger’s Bounty program.
From the number of cryptocurrency exchange hacks, to the amount of assets that were stolen, to the largest exchange hack of all-time, crypto set a lot of records. Too bad they’re not the kind of records crypto innovators will be boasting about next year.
Although cryptocurrency continues to become more mainstream, this goes to show awareness around how dangerous it is to keep your crypto on exchanges doesn’t seem to be keeping pace.
It has been a very volatile 12 months for cryptocurrency markets, and as the value increased earlier in the year, so did the number of new investors. With these new investors came an increased interest from hackers, and because the markets grew so quickly, exchanges didn’t have the time or resources to build resilient security solutions.
Key Lessons for 2019
Exchanges suffer from systemic risk – By having to secure billions of dollars in deposit, they are a magnet for hackers. It is much less risky and much more profitable to hack an exchange rather than a bank vault. Exchanges are usually fintechs first and not cyber security companies. They have demonstrated in the past that their security culture and awareness wasn’t always up the the level of the assets they’ve had to secure.
Hacks are becoming more sophisticated – As cryptocurrency becomes more mainstream, so do its hackers. With so much value at stake, more hackers have dedicated their time to stealing from these exchanges. 2018 saw hackers deploy state-of-the-art attacks, such as social engineering, where they stole identities and pretended to be other people to successfully steal investor’s crypto assets. To combat the smartest hackers in the world, crypto asset owners need the most sophisticated security technology available.
Each day $2.7 million is stolen from exchanges – The amount of stolen cryptocurrency from exchanges in 2018 has increased 13 times compared to last year. This amounts to $2.7 million in crypto assets being stolen every day, or $1,860 each minute.
With a record number of hacks in 2018, the need for security is clearer than ever before – As we look to 2019, we can expect more enterprise security solutions to come to market. In addition to more money being invested in security, 2019 will see individual investors become more aware of the need to protect their critical digital assets. With increased digitalization, individual data and security will only increase in importance.
Solutions for Today
Exchanges are prone to hacks, because they centralize the risk and must keep part of their private keys online to allow real-time withdrawals. Moreover, crypto investor credentials on exchanges are also a massive security threats.
If your email gets compromised, you can usually kiss any crypto wallets you have on exchanges goodbye. Ensuring the security of your crypto assets yourself, through the use hardware wallets gives you the highest protection level.
Hardware wallets empower you with the ownership and control of your crypto assets. But with great powers comes great responsibilities: being your own bank is certainly not trivial and requires discipline. Using a hardware wallet doesn’t make you invincible against social engineering, physical threats or human error.
Use common sense, and apply basic security principles.
Don’t use a cryptocurrency exchange for long-term storage.
If you do, use two-factor authentication, preferably one that is not limited to devices connected to the internet.
For your hardware wallet, choose a PIN code that you can remember, but is secure and not easy to guess.
Keep your 24-word recovery sheet well secured and never enter it on any device that is connected to the internet.
Only trust what you can see on your hardware wallet screen. Verify your reception address and payment information on device.
Always treat with caution information shown on your computer or smartphone screen. Assume software can get compromised anytime.
Crypto hackers are getting more sophisticated, but by following these rules and storing your cryptocurrency on a hardware wallet, you will ensure your assets stay protected.
Have an opinionated take on 2018? CoinDesk is seeking submissions for our 2018 in Review. Email news [at] coindesk.com to learn how to get involved.