Get Trading Recommendations and Read Analysis on Hacked.com for just $39 per month.
Yesterday, on January 26, CoinCheck executives officially alleged in a press conference that $530 million worth of XEM, the native cryptocurrency of the NEM network, was pirated by an unknown group of hackers.
Poor Security Measures
During the demand conference, CoinCheck executives revealed several details about the slash and specifically the infrastructure of the CoinCheck cryptocurrency exchange. Yuji Nakamura, a technology cameraman based in Japan, reported that the CoinCheck trading platform had not fulfiled multi-signature technology, stored all of the hacked funds in a hot wallet, and that the developers of CoinCheck are calm not sure how the exchange was hacked.
Most major cryptocurrency exchanges such as Kraken, Coinbase, and Bitfinex be suffering with multi-signature security measures in place, which prevent funds from being modified on public blockchain networks until a third party security marines provider confirm the legitimacy of transactions.
For instance, Kraken and Bitstamp induce partnered with BitGo, the largest multi-signature technology and blockchain safe keeping firm in the industry, to ensure that hackers cannot withdraw stocks from their platforms.
The lack of a multi-signature service is a critical care flaw for any cryptocurrency exchange. If multi-signature technology was integrated, the $530 million guarding breach could have been prevented.
In addition to not having implemented multi-signature certainty measures, CoinCheck kept all of its funds in a hot wallet. In cryptocurrency, a hot wallet is clarified as a wallet that is connected to the Internet, while a cold wallet is represented as a wallet which is stored offline. For large sums of user funds, cryptocurrency traffics usually store cryptocurrencies in cold storage, to ensure that impartial in an event of a hacking attack, hackers cannot access user greens.
The malpractice of CoinCheck of storing funds in a hot wallet and not implementing a multi-signature practice ultimately led to the loss of $530 million in user funds.
Throughout the provoke conference, CoinCheck executives and its CEO refused to admit that the exchange was not anchored, despite the obvious weaknesses in its infrastructure. Nakamura noted:
- Only NEM was hit
- CoinCheck plans to continue operating
- Not decided on how to reimburse customers
- No Multi-Signature
- Would not confess security was weak
- Not sure how it was hacked
It was also revealed that CoinCheck had not lined with the Japanese Financial Services Agency (FSA) because it was confident in its safety measures. Yet, the CoinCheck development team is yet to understand how the trading platform was hacked.
If the method of a fastness breach cannot be unraveled, the exchanges cannot possibly add necessary change for the betters to prevent similar attacks from happening in the future.
Do Not Store Finances on Exchanges
Given the poor and weak infrastructure of CoinCheck, a large-scale destroying attack was inevitable. Developers of the company are likely relieved that other cryptocurrencies on the patronage platform such as Ripple or bitcoin were not affected.
As a general in the main of cryptocurrency investment, it is extremely insecure to leave funds on centralized podia. The most secure way of storing cryptocurrencies is to leave them on non-custodial principles, wherein users have absolute control over their secret keys.
Featured image from Shutterstock.
Follow us on Telegram.
Beating the drum