Since the dawn of cryptocurrency time, hackers and bad actors have found creative ways to steal or intercept cryptocurrency from its true owners. One of the most notable examples of this is the story of the now defunct bitcoin exchange company, Mt.Gox. The organization started in 2010 and quickly became one of the largest players in cryptocurrency exchanges. In 2011, hackers launched their first high profile attack on the company by using stolen credentials to transfer bitcoins illegally.
That same year, vulnerabilities in network protocols led to Mt Gox losing several thousand bitcoins. Finally, in 2014 Mt Gox was back in the news again as they lost 750,000 of its users’ bitcoins and 100,000 of the exchange’s own. This final disruption is what ultimately led to their demise, and Mt. Gox filed for bankruptcy in the same year.
The more value cryptocurrency has, the more bad actors want it, and the more sophisticated the hacking techniques will become. Unfortunately, as time has passed, our security measures haven’t improved by much, continuing to leave us vulnerable to attacks.
And it shows.
According to cybersecurity company, Carbon Black, over a billion dollars of cryptocurrency was stolen in the first half of 2018 alone.
Why is it so easy to steal cryptocurrency, and what can you do to protect yourselves and your assets?
Why cryptocurrency is easily stolen or lost
With that amount of money being lost or stolen in a mere six months, it’s safe to say exchanges of bitcoin and cryptocurrency could use some refining. According to CNBC, 27% of cryptocurrency attacks that took place in 2018 happened during the exchange process.
A recent report from ICO Rating explains why that might be the case:
- 46% of cryptocurrency exchanges meet the desired security parameters
- 54% cryptocurrency exchanges have subpar security measures in place
By adding the two stats together, you can see there ultimately no “strong” security in place, which leaves traders and investors exposed.
ICO breaks the specific security issues the following categories:
Console errors are coding problems that arise during an exchange but is not considered a malicious attack. According to ICO, 32% of exchanges have console errors that malfunction and interfere with a successful transfer of cryptocurrency.
Further, there is little room for error during an exchange. Traders are often required to type in a lengthy number (often around 30 digits) to identify the cryptocoin and the recipient’s address. If a trader makes any mistakes while punching in the 30-digit code, that cryptocurrency could be lost and never seen again.
User Account Security
The same study found that password requirements during exchanges are extremely lackluster. A whopping 41% of exchanges allow users to create passwords that are less than 8 characters long and 37% of exchanges don’t require users to include special characters in their password creation.
Registrar and Domain Security
Your transfer is only as secure as the security measures implemented on the exchange site. And analysts at ICO found that only 4% of exchanges were conducted using registrar and domain security best practices. According to security company CloudFlare, primary indicators of a proper protocol include:
- Registry lock
- Registrar lock
- 6-month expiration period for domains
- Presence of DNSSEC
Web Protocols Security
Beyond registrar and domain security, ICO found that web protocol security also needs improvement. Only 10% of exchanges used all five of the security measures recommended for a secure transfer, which are:
- HTTPS headers in URLs
- X-SXX- protection headers
- Content security policy headers
- X-frame-options headers
- X-content-type headers
What’s the solution?
Unsecured digital wallets are a primary target for bad actors. Cryptocurrency should be held with particular caution. As such, industry experts recommend the following techniques for improving security for cryptocurrency.
Hardware wallets are physical devices that store tokens and make the transaction process more secure. Hardware wallets should be password protected with a key only you have access to.
Password security protocol
Storing mechanisms are nothing without strategic password protection. In order to make a hardware wallet secure, it’s imperative a user practices intelligent password creation and protection habits. Software like EZPD can generate and regenerate complex passwords without storing your sensitive information in the cloud, or otherwise.
By using a password software like EZPD, your private information is virtually undetectable to bad actors, making you more confident about your cryptocurrencies protection.
Ready to protect your assets? Sign up for a free trial with EZPD today.