What Crypto Exchanges Get Cybersecurity Right?
The 2020 twitter bitcoin hack or “Bit-Con” was a scary example of what a lack of cybersecurity can do. Lawmakers, who are by and large not big fans of cryptocurrency, blame Twitter for the hiccup. (Although, that isn’t surprising when you consider Washington’s antagonistic relationship with Twitter as of late.)
Regardless, it seems like every week, massive crypto exchange hacks are happening. Okay, maybe not every week. Though 2019 witnessed a record 12 crypto exchange hacks, some three times in the same month. Unfortunately, as a result, $292,665,886 worth of digital assets and 510,000 user logins were stolen this year.
As you can probably imagine (and presumably empathize with), this trend makes some crypto traders wary — of both centralized exchanges (CEXs) and decentralized exchanges (DEXs) alike.
Now, everyone has their own opinion of how these exchanges should address the issue. Some say that purely decentralized finance (DeFi) is the only way to ensure that everyone’s “funds are safu”. In this case, funds would be handled exclusively by code. Others think there needs to be a certain level of centralization, especially with so much money at stake. But if you want to get technical, Twitter’s hack was directly caused by the fact that they are a centralized server. In this case, at least. So, in actuality, the Twitter bitcoin hack may have inadvertently made a case for decentralization — particularly in the case of social media. So… there’s that.
The more immediate (relatively speaking) solution would be government interference of some ilk, which would give exchanges the tools they need to prevent hacks while allowing them the space they need to bring crypto to the mainstream. In theory, that is.
Nevertheless, every crypto trader must know what track record and security protocols their crypto exchange of choice utilizes.
So, with the aforementioned Twitter bitcoin hack still fresh in everyone’s mind, and in honor of #CyberSecurityMonth, we want to highlight the exchanges whose safety protocols are good––and those that are… not so good.
Centralized Exchanges (CEXs)
Centralized exchanges are currently the most popular choice for crypto traders. Statistically speaking, you have probably used one for an extended period of time. They’re user friendly, have an insane amount of liquidity and volume, and tout fast transaction speeds. Also, most major crypto exchanges do a solid job of keeping your funds secure through KYC protocols and 2FA. But because they’re a huge target, and because they hold literally an extremely large amount of user funds at once, a centralized exchange can’t slip up even once. Spoiler alert, this happens quite a bit.
In their defence, they really could do everything right code-wise and still get hacked. The reason for this is directly due to the fact that they are a centralized server, holding billions of digital assets in a few high value custodians that only the ones operating the exchange have control over via private keys. If those keys are compromised, it’s all over.
Though Binance has been hacked a few times, their record is relatively clean compared to their counterparts. They have the most up-to-date security protocol and have quite the means to address problems quickly and efficiently (although their customer service isn’t the best). This is part of the reason they are the most popular exchange.
The exchange architecture implements both the Cryptocurrency Security Standard (CCSS) and ISO/ICO_27001:2013 protocols. For account security, Google Authenticator and 2FA are both an option for end-users to verify withdrawals and security modifications. While it’s optional, the user must utilize at least one security feature to verify their account.
Was there ever really a Coinbase hack? Experts say there was a theft of some kind back in 2013/2014. However, it wasn’t a hack so much as it was a phishing scam.
Coinbase prides itself on its impeccable security protocol, claiming to have never been hacked. Ever. It’s even voted the best overall web-based wallet on The Balance. They’re able to achieve optimum security by storing most bitcoins on their network in encrypted offline storage. It’s even geographically separated for added protection. They also provide asset insurance in the event of a hack or scam. It’s great for beginners and offers cool incentive programs like Coinbase Earn, which rewards its users for watching ads and Coinbase related videos.
To learn more about Coinbase’s security practices, check out this review.
On that note, they and other exchanges were victims of “Bitcoin Hack 2020”, or the Bit-Con. Although, we should point out that this hack targeted bitcoin holders — not the exchanges themselves. Rather than hacking a specific exchange, the hackers gained access to the Twitter accounts of trusted celebrities and politicians.
While it wasn’t their fault, Coinbase was still a victim, and so was its traders. Luckily, the exchange caught on pretty fast and prevented about 1,100 customer transactions related to the hack, saving $280,000 worth of BTC for their users.
As one of the few exchanges that has stood the test of time, Kraken is both innovative and secure. They boast a “world-class security team,” who has decades of experience in both building security programs for the world’s top brands and discovering vulnerabilities through examining some of the largest consumer data breaches. They encrypt customer data, offer 2FA, keep most funds offline, and perform something called “penetration testing” on their own platform to ensure it has no vulnerabilities or infrastructure-related issues that would make them prone to an attack. To learn more about their security, check out their website.
Unsurprisingly, Kraken has never been hacked, so they certainly pass the cybersecurity test. They even implement a bug bounty program for researchers willing to delve into their platform to detect weak spots:
“Although our team of experts has made every effort to squash all the bugs in our systems, there’s always the chance that we might have missed one posing a significant vulnerability. If you discover a bug, we appreciate your cooperation in responsibly investigating and reporting it to us so that we can address it as soon as possible. For significant bugs, we offer reward and recognition on our Wall of Fame.”
Each exchange performs excellently in cybersecurity reviews, although not necessarily in the order listed above. But the fact remains: the number one problem facing centralized exchanges is security and hackings. Because they are a third party who is holding all your money, they’re all the more susceptible to hackers, fraud, etc. Unfortunately, it’s the traders who ultimately suffer.
Decentralized Exchanges (DEXs)
Cryptobriefing put it best: “Every time an exchange is hacked, it seems a DEX springs up.” Decentralized exchanges have a lot going for them. They’re an answer to the current problems facing centralized exchanges, and they also solve some prevalent problems facing decentralized exchanges. Many DeFi protocols piggyback off each other, patching each other’s barriers through modifications of their approach.
Still, the existing impediments surely get in the way of a DEX’s success. Some of those problems include a lack of liquidity, fake token listings, slow transaction speeds, and expensive fees.
It’d be wrong of us not to include the most popular DEX of 2020, having held its position on defipulse at #1 for quite some time now. UniSwap’s volumes rival major CEXs, making them a cornerstone of the DeFi summer craze.
Still, innovation, decentralization, and autonomy are not enough to prevent a theft. The amount taken when hacked in April 2020 is speculated to be between $300,000 and $1.1 million imBTC tokens. However, it wasn’t a problem with UniSwap, but rather with ERC777 tokens and the ethereum blockchain.
Like Kraken and Coinbase, they also offer a bug bounty program. Also, like Kraken, they’ve implemented a team of security professionals to “audit” their program from January to April of this year. They performed a formal verification of their core smart contracts and a code review of their platform. To learn more about the steps UniSwap has taken to up security, check out their doc.
All in all, Uniswap offers a decentralized approach to existing financial and fintech systems. Uni V2 provides improved security, flash loans, ERC20 to ERC20 token swaps, flash swaps, and more.
While Maker has never technically been hacked, they’ve certainly had their fair share of “problems”. Freelance developer Micah Zoltu called them out on their apparent lack of security, accusing them of “poor infrastructure” and calling a potential hack an easy attack that even a “good script kiddie” could perform.
Still, Maker was quick to listen to its critics, swiftly enacting an updated security proposal to make right their apparent shortcomings.
Like Coinbase, Maker also provides a Bug Bounty program. They also perform formal verifications, security audits, and more on their platform to ensure its security. To read more about steps MakerDao has enacted to ensure user’s safety, click here.
Another yield farming-centric automated market maker (AMM)-DEX, is Curve Finance. They focus mainly on stablecoin swaps, and by utilizing bonding curves, their platform allows for minimum price slippage and low-risk returns overall for “farmers”. They’re related somewhat to Compound and iEarn, so liquidity providers can leverage interest to increase yield.
Having launched in January 2020, Curve Finance is a relatively new player in the DeFi arena. Despite this, they’ve consistently placed 2nd on defipulse.
While their CRV token reward mechanism, as well as CurveDAO, has been audited by Quantstamp, there isn’t much information on their program in regards to safety. This is most likely because they are new to the DeFi space. But, to err on the side of caution, expect some kinks as they get going in the months to come. To read more about their audit, click here.
Balancer Labs is tricky because even though they don’t have the best track record, they truly do seem genuine. There has, of course, been a few hacks. It’s been suggested (and proven) that the Balancer hack(s) resulted from a weakness in the protocol. A weakness that they were well aware of. While they did take some precautions after learning of the defect, unfortunately, they weren’t the right precautions.
On a slightly unrelated note, they also caught some heat for blacklisting $20 million worth of funds in a pool without using their governance feature and token, BAL. What’s worse, to patch up the problem, they instead decided to bring governance to their Discord channel — encouraging users to vote on protocol changes there instead. Obviously, doing this completely negated the use case for their governance token.
We don’t want to rag on them too hard, because all-in-all, they are still a pretty remarkable project with quite a bright future ahead. Balancer is also a relatively new project, and growing pains are sometimes just part of the process.
It’s hard to say which is better than the other. As DeFi grows, I think we’ll start to see more innovation regarding user safety and cybersecurity. In fact, with a truly decentralized exchange, the security problems CEXs face really can become a thing of the past. The issues with Balancer, and other exchanges for that matter, bring up a quandary that is ever-present in DeFi: is decentralized finance really decentralized, and if it’s not now, will it ever be?
Some DEXs appear to have it down, while others certainly need work. But I think we often leave out an important piece of the puzzle when discussing DeFi’s future. We fail to consider that most of these DEXs are new, whereas CEX goliaths have been around the block (no pun intended) a few times. We haven’t really seen where DeFi can take us yet. Either way, DeFi indeed has a long road ahead.
But we think that it’s here to stay. After all, problem-solving and innovation is what DeFi is all about. If there’s a new obstacle to overcome, there will always be some project out there trying to fix it. That much, we think, is certain.
— — — — — —
SwanFinance provides a bridge between centralized and decentralized platforms. With an easy to use platform where registered users can lock up their crypto deposits and earn high interest on our SwanFinance platform, while lending to others on the SwanCredit platform, you can earn interest both ways at the same time!
The SWAN token can be staked to trigger higher interest rates for SWAN and other cryptocurrencies and stablecoins. By staking SWAN, it triggers lower fees on the other financial services we are working on, such as SwanCredit, Swan.Exchange, SwanTrade, SwanPay, and SwanInvestments.
For more info, please check our website
Follow us on Twitter and Telegram for updates on our platform!