In recent weeks, the cryptocurrency industry has experienced major security incidents, bringing the security of centralized exchanges back into the public spotlight. Below are the causes of two recent typical cases:
User account intrusion caused by malicious plugins: Some Binance users had their accounts attacked after downloading the Google Chrome plugin "Aggr" promoted by a KOL. Hackers bypassed passwords and two-factor authentication (2FA) by obtaining cookies, directly accessing users' accounts. Although 2FA prevented immediate withdrawals, hackers indirectly transferred funds through trading.
AI threats: Hackers stole user information from OKX and used AI deepfake technology to deceive customer service and reset account passwords.
Centralized Exchange (CEX): Security Management of Cryptocurrencies
Major security threats faced by centralized exchanges include hacker attacks, exploitation of smart contract vulnerabilities, weak account protection systems, phishing, and physical security issues. The suspected hacking incident of Binance on March 7, 2018, led to a significant drop in the market value of Bitcoin. In 2019, over 28 security incidents were recorded, with over 70% involving the theft of digital assets, resulting in significant financial losses.
Governments and regulatory agencies around the world are addressing these threats by introducing specific regulations and measures. For example, the South Korean government requires virtual currency exchanges with daily sales exceeding 10 billion Korean won or daily visits exceeding 1 million to obtain Information Security Management System (ISMS) certification. In China, all services related to virtual currency settlement and trader information provision are prohibited.
To address these threats, the industry has taken various measures to enhance security, such as:
On-chain data solutions: Using blockchain data to manage counterparty risk.
Multi-factor authentication (MFA): Enhancing user security through biometrics, one-time passwords, and push notifications.
SSL encryption and cold storage: Protecting data transmission and storing important assets offline to prevent unauthorized access.
Compliance with regulations: Complying with requirements in different jurisdictions to ensure operations within the legal framework.
Effective security measures for cryptocurrency exchanges involve coordinated efforts among the exchanges, regulatory agencies, and users.
CoinW's Advanced Security and Risk Control System
CoinW is committed to providing a secure trading environment through robust security measures and risk control systems. CoinW's security officer stated, "The core system of a centralized exchange is similar to a bank. Its security includes both front-end and back-end security, as well as whether the technical solutions have undergone security assessments, and the encryption mechanism for data storage and communication."
Unlike traditional banks, exchanges deal with on-chain assets and must prioritize the security of private keys. CoinW uses multi-signature technology (multi-sig) and traditional sharding methods to store keys. In the event of issues with hot wallets, CoinW has backup systems for recovery and stores large funds in cold wallets.
Internal mechanisms are also crucial, including real-time security event monitoring and response. The system can quickly detect and address suspicious activities, such as abnormal network access or remote logins. CoinW handles long periods of inactivity or remote logins through multi-factor verification and provides immediate notifications for any abnormal transactions, including via email and internal messages. In terms of business risk control, transactions triggering risk conditions require secondary manual review to ensure additional scrutiny of accounts with abnormal activities.
Furthermore, CoinW strengthens wallet security through Multi-Party Computation (MPC) technology, distributing keys across four systems, requiring consistent approval from all four systems for any transaction to prevent unauthorized operations.
CoinW also integrates Know Your Address (KYA) into its existing Know Your Transaction (KYT) system to enhance security standards. KYA analyzes and categorizes on-chain addresses, enhancing the ability to identify risks and protect user assets. This integration further solidifies CoinW's leading position in security within the cryptocurrency industry.
CoinW has also achieved significant compliance milestones, such as obtaining the Digital Currency Exchange License from the Australian Transaction Reports and Analysis Centre (AUSTRAC). This enables us to legally conduct spot trading and fiat currency trading, providing customers with a more secure and reliable trading environment.
CoinW's security officer concluded, "Overall, the security level of a centralized exchange is determined by its technical measures, business operations, internal management, and response capabilities to security events. These factors collectively ensure the security and reliability of the exchange, providing users with a safe and trustworthy trading environment."
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
