Author: Nobel Tan, Head of Security
Yet another exchange hack has happened.
The latest security breach occurred on September 14 on Zaif, a Japanese cryptocurrency exchange. Almost $60 million dollars USD in cryptocurrencies was stolen. Starting with the massive Mt. Gox hack in 2014, this seems to be a regular occurrence in the crypto space. Devastating losses continue to mount.
If blockchain is supposed to be secure, then why does this keep happening?
We should not be so quick to blame blockchain technology itself — many applications that run on blockchain are vulnerable to hackers. Poor security practices such as using easy-to-crack passwords, falling for email phishing scams, and exposing private keys to the Internet also leave many crypto users vulnerable to theft.
So what can we do about this?
Email Spear Phishing: The Most Successful Attack Vector
To prevent these hacks from happening, we need to first determine how they happen. They happen in several ways, but the most successful attack vector thus far is spear phishing using socially engineered emails.
Spear phishing is when hackers target specific individuals within specific organizations (usually crypto exchanges) with spoofed emails to gain unauthorized access within those organizations.
These phishing emails may appear genuine, particularly if a hacker used social engineering to make the email seem authentic. If the victim’s profile information is publicly available on social media including Facebook and Twitter, the hacker can use that information to customize phishing emails to that victim — a practice known as social engineering.
When a victim follows the instructions of a spoofed email, the hacker gains access to the exchange’s wallet and steals from it. Social engineering can also be used to hack individual wallets by obtaining a victim’s private key or passphrase.
What Crypto Service Providers Must Do to Protect Their Users
Exchanges have actually been doing a good job of defending against external threats, but not against threats coming from the inside . Besides tightening security around their web applications, all stakeholders must go through security awareness programs to prevent attacks coming from the inside as well as the outside.
They also need to prevent wash trading . Once hackers steal funds, they repeatedly buy and sell small amounts to their own orders, effectively disguising the origin of these stolen funds.
Wallet services also need to notify wallet owners of any suspicious activity, just like credit cards and banks do. For example, a wallet owner is located in Asia and most of his transactions are executed during Asian business hours. If a transaction occurs during odd hours while the owner should be sleeping, that transaction should be blocked, and the owner notified.
A Better Way: Being Proactive with Crowdsourced Attack Data
Cryptocurrency exchanges and wallet services have been reactionary to these attacks as long as Bitcoin has existed.
That has to change!
It’s not enough to just plug security holes as they appear, because hackers are constantly modifying their attack vectors. It is time for exchanges and wallet services to be proactive and stay ahead of hackers instead of always playing catch up.
Using a Decentralized Database to Track the Latest Cybersecurity Threats
Sentinel Protocol created the decentralized Threat Reputation Database (TRDB) to collect and store crowdsourced threat intelligence data from all over the world.
What’s special about the TRDB is that its data is crowdsourced, meaning anyone can report cyber-attacks and suspicious activity to a team of cybersecurity experts — also known as the Sentinels.
The Sentinels validate each case report and store new threat data in the TRDB for others to access. They also keep whitelists and blacklists up to date with safe and malicious domains, URLs, and wallet addresses, respectively.
New API Gives Crypto Service Providers Real-time Access to Threat Data
To help exchanges and wallet services tighten security, Sentinel Protocol will be launching a platform-agnostic Interactive Cooperation Framework API (ICF API).
Unlike the UPPward Chrome Extension product launched in August, the new ICF API will enable crypto service providers to query the TRDB plus its whitelists and blacklists — in real time.
Since preventing future attacks cannot solely depend on the TRDB, crypto service providers need to have the necessary cybersecurity expertise in order to use its data. Like PayPal, Facebook, and Citibank, crypto exchanges need their own Cybersecurity Operations Centers to continuously monitor for any suspicious activity and to prevent hacks.
Exchanges Can Now Catch Hackers and Block Stolen Funds
Using the ICF API, crypto service providers can not only better protect their users from losing funds, but also preserve their own reputations. They can instantly validate sender and receiver wallet addresses against the TRDB before allowing the transaction to proceed.
Not only would they be able to conduct these pre-transaction checks, but they can also do post-transaction checks to detect any malicious activity after the fact.
If a formerly “safe” wallet address begins behaving maliciously after a processed transaction, it would be reported, blacklisted, and quarantined against future transactions.
Finally, the new ICF API also paves the way for a Machine Learning module to be added in future updates. Machine learning will provide analytics on specific wallet addresses, enabling exchanges to catch hackers in the act and to