Blog Post: A New Way to Thwart Exchange Hack Attempts Before They Happen


History of Exchange Hacks and the Damages They Caused

Over 750,000 BTC ($350 million at the time) was stolen from Mt. Gox in 2014 during the most famous crypto exchange hack. At that time, Mt. Gox was handling over seventy percent (70%) of Bitcoin transactions. Mt. Gox went bankrupt as a result of the 2014 hack. Many investors lost their money and no refunds have been granted so far.

The second largest hack after Mt. Gox occurred in August 2016 when Bitfinexlost $72 million as a result of a multisig vulnerability in their exchange wallets.

Despite exchanges beefing up their security in recent years, there were more hacks in 2018 than any other year. In fact, eleven of the largest hacks in the past five years took place in 2018 alone. From January to October 2018, hackers stole at least $927 million from crypto exchanges, compared with $266 million in 2017.

Cybersecurity Practices to Stop Exchange Hacks

With exchange hacks accelerating year over year, exchanges need to do more to boost security and to protect their users from losing their digital assets. Unfortunately, conventional security practices are inherently reactive and thus play catch up to the hackers, who seem to be ahead in the game.

Part of the problem is that most of the crypto exchanges only recently originated, and as such, their systems are include minimum needed functionally and are thus unprepared to handle a sudden influx of deposits and withdrawals worth millions and lacked effective security systems and processes.

Given growing frequency of crypto hacking incidents and the large amount that has been lost, overall market confidence in the security of the crypto market has suffered tremendously. A study by the US based company named Foley & Lardner showed seventy one percent (71%) of large cryptocurrency traders and investors attribute theft of cryptocurrency to the strongest risk that negatively affects the market. There is now an ever-pressing need for proactive cyber security systems. Such systems could help to restore faith and confidence in the crypto market; otherwise, many exchanges may be forced out of business.

Strengthening the crypto security available to individuals and organizations is only the first step. It is strongly recommended that crypto exchanges and other organizations include the following security practices:

  • Retain trustworthy auditors with proven cyber security skills and knowledge
  • Deposit a large percentage of crypto coins in segregated cold wallets
  • Queue deposits and withdrawals to ensure that negative balances never occur
  • Utilize wallet multisignature (multisig) functionality for authorizing withdrawals and wallet address verification with payments
  • Clone the financial database and keep an up-to-date copy on an isolated server inaccessible to hackers
  • Regularly update your software version to minimize security vulnerabilities

However, it could turn out even the above listed recommendations are inadequate. In addition to the above recommendations, what is really needed is a decentralized solution that combines crowdsourced security data on the latest threats and shares that data with all crypto exchanges, custodians, and wallet services. This would help to ensure all exchanges are using the latest, up-to-date security data allowing organizations to detect the most recently developed attacks and protect their digital assets.

Using a Decentralized Threat Reputation Database

Traditional cybersecurity measures have fallen short of truly stopping hackers from compromising the security of personal and financial data of major organizations around the world. The 2015 Equifax hack exposed personal and financial details of 143 million Americans. Even Facebook got hacked, where confidential data of 30 million users were compromised.

These firms have huge budgets for enhancing their data security, but the true problem is that their security is only as good as what they know about the latest threats. In other words, they are always on the defensive because security information on the latest threat vectors are kept in “silos” since most organizations are very hesitant to share their security data with external organizations.

A more proactive solution lies in crowdsourcing security data identifying the latest threat vectors and tactics used by hackers, and making that data accessible to all external organizations and individuals. The Threat Intelligence Database (TRDB) developed by Sentinel Protocol, would enable the free exchange of crowdsourced security data detailing the latest hacking tactics and helping companies stay ahead of new emerging threats. Although the immediate goal is to prevent people from losing crypto assets to malware, phishing, and fraudulent transactions, its broader, overall mission is to help companies and organizations of any industry enhance capabilities for protecting all of their digital assets.

The TRDB maintains whitelists of safe wallet addresses and URLS along with the blacklists of those found to be associated with malicious activity. Cybersecurity experts, also known as “The Sentinels”, analyze, trace, and validate reported security incidents while maintaining up-to-date records of malicious threats stored on the TRDB. By using the TRDB, cryptocurrency exchanges, wallet services, custodians, and payment firms can prevent attackers from disguising a theft as a series of withdrawals by customers.

The Uppsala Foundation, a cybersecurity company, which manages the Sentinel Protocol project that developed and maintains the TRDB; using an API supplied by Sentinel Protocol, subscribing organizations can integrate the API into their software programs to instantly perform online queries of the whitelists and blacklists held within the TRDB.

Interactive Cooperation Framework API (ICF API)

The ICF API was designed to be integrated with software applications and to protect digital assets belonging to organizations and their end-users. The key feature of this API is that it enables a financial application to query the TRDB before completing a transaction, receive response, and then leverage that reponse to best resolve a planned transaction.

For example, within milliseconds, the TRDB sends a response that indicates whether it is safe to proceed with a transaction. There are three types of responses:

  • Rejection: Transaction is unsafe; thus, it should be immediately terminated
  • Warning: Transaction is suspicious; proceed with caution
  • Allowed: Transaction is safe and should be immediately completed

The key benefits of the ICF API are that it is platform agnostic, (any endpoint can query the TRDB); and it allows organizations and individuals around the world to have instantaneous, real-time access to the latest security data including both whitelists and blacklists of safe or dangerous URLs, wallet addresses, email addresses, domain names, and other identifying information.


The combined use of TRDB and its ICF API, both developed by Sentinel Protocol, can help make the crypto world safer and could the help the cybersecurity industry stays ahead of the latest attack vectors used by hackers to inflict damage on organizations and individuals.

Today most organizations and individuals depend on a reactive security approach; deploying security technologies that enable a proactive capability for security will be an important inflection point in the fight against hackers, identity theft, and financial losses suffered by government organizations, financial institutions, and individual crypto users.

For more information, please visit the Sentinel Protocol website,, or our Twitter for the latest news and highlights!