NEW ORLEANS — Cryptocurrency exchanges and apps aren’t just among the most valuable targets for hackers, they also remain among the most vulnerable.
That’s the warning Chris Wysopal, chief technology officer at the security-tools firmVeracode, offered duringa talk at theCollision conference here on May 1. It’s something that should be at the top of concerns for people looking to trade or invest in cryptocurrencies such as bitcoin, which are generated through increasingly complex mathematical “mining” and allow pseudonymous transactions online and across international borders — and have increased in value wildly, even after recent plunges.
“When we talk about cryptocurrency, we’re not talking about just stealing someone’s data that we then have to monetize,” he said. “We’re actually talking about stealing money. It’s a very, very attractive target for attackers.”
Mistakes were made
Wysopal recounted a series of embarrassing but preventable hacks of cryptocurrency exchanges and apps. A partial selection:
In August of 2016, the cryptocurrency exchange Bitfinex got hacked to the tune of $73 million. A key cause: That Hong Kong-based sitekept all of its security keys online instead of putting one in offline “cold storage.”
In January, attackers broke into another exchange, Coincheck, and stole $534 million in cryptocurrency. Their work was eased by that Tokyo-based firmkeeping all of its customers’ funds in a single “hot wallet.” Observed Wysopal: “That seems really, really dumb. This isn’t how banks work, right? They don’t have all the money in the tellers’ drawers all the time.”
TechDailyTimes is a web blog devoted to technology, science, research and development and everything related to new technological breakthroughs. Our aim is to cover technology news on a daily basis. Articles on technology contained in this blog may concern science news, tech news, applied technology, gadgets, devices etc. All blog entries are published 'as is'. TechDailyTimes waives any responsibility, expressed or implied, in regard to any material, published in the blog. Opinions expressed by our authors may contradict with the official standings of TechDailyTimes administration.