The cryptocurrency market is gaining traction in the financial industry as the price of Bitcoin goes through the roof and attracts more and more public interest. Now even institutional players have hopped on the bandwagon.
But there’s one facet of this industry that seems pushed to the sidelines – Blockchain cyber security. We all like to bury our heads in the sand and say if it ain’t broke don’t fix it. But the security problems of this cutting-edge technology remind us of their existence on an almost daily basis, with DDOS attacks, hacks, and cryptocurrency thefts sometimes reaching into the millions of dollars.
These dangerous occurrences not only affect the pockets of customers and the reputations of firms - they undermine the stability of the entire crypto market.
Therefore, we approached two leading cyber security specialists who have special expertise in the Blockchain industry. They provided us with the answers to all the questions that you didn’t know how to ask.
In the second of two interviews, Finance Magnates sat down with Alex Heid, white hat hacker and chief research officer at SecurityScorecard – a leading cybersecurity rating and monitoring platform.
What are the security measures that large crypto exchanges should undertake to prevent hacks / attacks and are they doing that?
A centralized repository of large volumes of BTC that belong to the platform users. Attacks against centralized repositories of Bitcoin storage have been commonplace as long as the concept of cryptocurrency has been around. Emerging technologies that handle data of significant value is likely to be targeted by malicious individuals seeking to take advantage of weaknesses in order to steal.
Most businesses that deal with large volumes of Cryptocurrencies are advised to hold the bulk of their reserves in offline 'cold storage,' which means to keep the wallet offline, encrypted, and out of public reach. In order to conduct business, only a small percentage of the reserves should be liquid and available for conducting transactions (for example, 2-5%). This way, if an attacker is successfully able to breach the system - their total takeaway would be the small fraction that is available.
It is recommended that companies retain some form of insurance coverage as well to cover any losses that may take place. Insurance providers will oftentimes require this cold wallet storage methodology as well, as a way to mitigate the risk of a catastrophic event that would requires an excessively large payout.
What should a company do when it finds that it has been hacked (both from the service provider side and the user side)?
It is important for a service provider to immediately notify users of the breach so that they can take basic precautions against followup attack - such as changing passwords and implementing 2 factor authentication controls. The service provider must also attempt to identify the indicator of compromise (IoC) that lead to the breach, remediate the vector and implement mitigating controls to prevent future similar incidents.”
Taking the NiceHash case as an example, is there any way to retrieve the money?
No. The nature of cryptocurrency means once coin is transferred into another wallet, it's gone. There is no way to retract a transaction on the Bitcoin network. Users who were affected by the Nicehash breach are still technically owed their pending payouts for mining efforts, and the Nicehash company is the one responsible to ensure all debts owed are paid in full despite the loss of their wallet.
What are DDOS attacks? How do they differ from other hacks? Are they typical of blockchain-based products?
DDoS attacks against Bitcoin exchanges have been a tactic used in previous years as a way to manipulate the marketplace to game favorable buying/selling conditions for the attackers. In the early days of Bitcoin, the now defunct Mt. Gox exchange would come under attack frequently as attackers would use DDoS as a way to 'freeze' market prices, either low or high depending on the motivation of buy or sell. In recent times, it has been reported that the majority of Bitcoin themed websites experience a DDoS attack of some sort. Motivations for the attacks are varied, but are still revolve around the primary original motivations of a standard DDoS: extortion, revenge, and/or market manipulation.
There is a claim that some exchanges are using hacks as an excuse to make up for infrastructure problems or other flaws in their systems. Is there any basis to those claims?
This idea has been floated in the past, both for exchanges that claim losses from a hack, as well as for illegal darknet marketplaces that suddenly disappear without warning. Users are oftentimes frustrated by their losses and this allows for unfounded speculation and paranoia run amok in the various comment threads of Twitter, Reddit, and similar social media outlets. While the scenario of a fake hack to provide a cover story for an 'inside job' heist of cryptocurrency is plausible as human nature does allow for 'cut and run' behavior - it has not been proven that this is the case with the Nicehash breach or similar exchange shut downs.”