NewsBTC
No Result
View All Result
  • Cryptocurrency News
    • Bitcoin News (BTC)
    • Ethereum News (ETH)
    • Ripple News (XRP)
    • Shiba Inu News (SHIB)
    • Cardano News (ADA)
    • Dogecoin News (DOGE)
    • Solana News (SOL)
    • Litecoin News (LTC)
    • Avalanche News (AVAX)
    • Polygon News (MATIC)
  • Crypto Prices
    • Binance Coin (BNB) Price
    • Bitcoin (BTC) Price
    • Cardano (ADA) Price
    • Chainlink (LINK) Price
    • Dogecoin (DOGE) Price
    • Ethereum (ETH) Price
    • Litecoin (LTC) Price
    • Polkadot (DOT) Price
  • Crypto Resources & Directory
  • All Crypto
  • Play GamesTry
  • CasinosTry
Breaking News: Bitcoin Hits ATH Of $112,000, Expert Predicts Rally Is Just Beginning
  • Cryptocurrency News
    • Bitcoin News (BTC)
    • Ethereum News (ETH)
    • Ripple News (XRP)
    • Shiba Inu News (SHIB)
    • Cardano News (ADA)
    • Dogecoin News (DOGE)
    • Solana News (SOL)
    • Litecoin News (LTC)
    • Avalanche News (AVAX)
    • Polygon News (MATIC)
  • Crypto Prices
    • Binance Coin (BNB) Price
    • Bitcoin (BTC) Price
    • Cardano (ADA) Price
    • Chainlink (LINK) Price
    • Dogecoin (DOGE) Price
    • Ethereum (ETH) Price
    • Litecoin (LTC) Price
    • Polkadot (DOT) Price
  • Crypto Resources & Directory
  • All Crypto
  • Play GamesTry
  • CasinosTry
Bitcoin News
No Result
View All Result
Breaking News: Bitcoin Hits ATH Of $112,000, Expert Predicts Rally Is Just Beginning

The Ill Wind of Bitcoin Exchange Hackings

newsbtc
newsbtc
4 years ago
7 mins read
bitcoin schange security standards, bitcoin exchange hacked

Reason to trust

Strict editorial policy that focuses on accuracy, relevance, and impartiality
Created by industry experts and meticulously reviewed
The highest standards in reporting and publishing
How Our News is Made

Strict editorial policy that focuses on accuracy, relevance, and impartiality

Ad discliamer

Morbi pretium leo et nisl aliquam mollis. Quisque arcu lorem, ultricies quis pellentesque nec, ullamcorper eu odio.

The blockchain technology is now sitting at a stage of evolution that is somehow similar to the that of the internet in the 1990s; No one can overlook the millions of dollars invested, the hefty merchant adoption and the large number of businesses inspired by bitcoin and the blockchain technology. Nevertheless, the lack of standardized security models has rendered most of today’s bitcoin exchanges & businesses vulnerable to hack attacks, especially when basic security measures are overlooked.

The aftermath of this immature and inconsistent handling of security issues has unfolded many security breaches that struck a number of major bitcoin exchanges and businesses (see part 1 of this article). Accordingly, we will look through the most sophisticated security standards that should be adopted by exchanges and other forms of bitcoin online businesses to avoid hack attacks, theft, fraud and other forms of security breaches.

Cryptocurrency Security Standards

Every financial institution in the world has its specialized security standards to protect its physical and digital assets including banks, brokerages, payment processors and e-commerce businesses. Unfortunately, no formal security standards have ever been formulated for bitcoin exchanges and other forms of online businesses relying on the blockchain technology.

After doing some research, I have formulated a step-by-step guide that can represent a nucleus for future cryptocurrency standards that can immunize online cryptocurrency businesses against theft and fraud.

Cryptocurrency security standards can be collectively summarized into the following points:

1- SSL and DDoS protection

2- Securing key/seed generation

3- Securing key storage

4- Securing audit logs

5- Proof of storage

6- Cold storage

SSL Certificates and DDoS Protection:

SSL certificates and DDoS protection are indispensable basic security measures for online businesses, including cryptocurrency exchanges.

What are SSL Certificates?

Secure socket layers, or SSL, certificates are special forms of security protocols that are used to manage sensitive information including customer’s names, personal banking info, contact information (addresses, phone numbers…etc) and accounts’ passwords. SSL certificates create a secure encrypted connection between a customer’s internet browser and the servers of the online company he/she is interacting with. SSL certificates are crucial for a wide array of online business niches including cryptocurrency exchanges, e-commerce portals, Forex trading platforms, brokerages…etc.

A visitor of a website with an SSL certificate, will notice an “https” protocol on the browser’s address bar, instead of the usual “http” protocol, along with a “lock” image appearing beside the website’s favicon.

Collectively, any website accepting payments, whether in the form of Fiat, cryptos, or any other digital currency, need to implement an SSL certificate. According to the standards of the Payment Card Industry (PCI), for a website to start accepting credit card payments it has to implement an SSL certificate with an encryption key size of at least 128 bits. Similarly, exchanges and other online businesses accepting cryptocurrency payments should also go along the same path (1).

How can SSL Certificates Boost the Security of Bitcoin Exchanges?:

An SSL certificate encrypts data so that it would be only read and stored solely by the intended parties. Data transmitted online often relays through a number of computers/servers before reaching its pre-planned destination. The greater the number of “relays”, the higher the probability that an unintended third party could access the transmitted data. SSL certificates encrypt data via insertion of random characters which renders the transmitted data impossible to comprehend without the proper encryption key. Accordingly, whenever the transmitted data is intercepted by an unintended party, it will never be readable or comprehensible.

What are DDoS Attacks?

DDoS stands for “disturbed denial of service attack”. It is a form of “denial of service” attacks that takes place when a group of compromised systems, usually infected by a Trojan, attempt to make a server, a machine or a website unavailable to its users.

Usually, hackers code a Trojan and spread it through forums, social media, spammy emails…etc. This Trojan will send large numbers of users to the target website of a “DDoS” attack. On the other hand, sometimes users intentionally participate in DDoS attacks against high-profile companies, especially when they think that these companies exercise actions that  they believe are illegal, unfair or repressing. This took place in 2010, when big companies such as Visa, Mastercard and Paypal were hit by DDoS attacks when these companies decided to cut off their services to Wikileaks (2).

Consequences of a DDoS Attack on a Bitcoin Exchange:

The cost of outages secondary to DDoS attacks on a bitcoin exchange can be drastic, especially that not only operational costs increase, but also revenue declines as a consequence to high-impact DDoS attacks. The following represents the financial impact of a DDoS attack on a cryptocurrency exchange:

– Cessation of trading which is usually followed by a chaotic market pattern  ignited by users’ panic.

– Increased flow of tickets received by “help desk” which can increase its expenses.

– Increased number of customers’ “drop outs” and refunds.

– Degradation of the exchange’s reputation which stunts the overall business growth.

DDoS Defenses:

Although DDoS defense systems can safeguard the trading operations that take place on a cryptocurrency exchange’s trading platform, the high cost of the most available DDoS defense systems implies that one should always weigh the cost of implementation of DDoS protection services against the return on investment (ROI).

Most of the defense tactics used today are centered on mitigation and assuring the continuity services offered by the website. Blackholing is a DDoS defensive tactic that involves blocking all web traffic to the attacked website via redirecting it to a “block hole” in an attempt to save the website and its customers. Routers utilize access control lists (ACLs) to sieve “undesirable traffic”, during a DDoS attack. Although routers can shield a website against simple DDoS attacks, such as ping attacks, they can’t protect a website against most of today’s more sophisticated forms of DDoS attacks (3).

 Securing Key/Seed Generation:

Creation of keys/seeds that are used within a cryptocurrency exchange should be an encrypted process to endorse the security of the trading platform. It is crucial to ensure that any newly generated keys cannot be phished by unintended parties. Privacy can be guaranteed when encrypted keys and seeds are only generated by the user who will use it. A Deterministic Random Bit Generator (DRBG) is a perfect algorithm to generate encrypted keys and seeds. Alternatively, a True Random Number Generator can also be used regarding that it is compliant with the current industry standards for statistical randomness.

Securing Key Storage:

The private keys of various cryptocurrency wallets on an exchange should be safely stored when the user is not actively using them on the trading platform. The confidentiality of private keys should be boosted via the utilization of encryption algorithms, physical locks and secret sharing whenever appropriate.

Stored private keys should be encrypted using an encryption algorithm that would render the key impossible to decipher, using the estimated global computing power x1000, within the expected period during which the key would be used. The AES-256 is an example of an encryption algorithm that can provide such level of security.

At least one backup of the generated cryptographic keys (paper, digital…etc) should be created. The backup should be protected against various environmental hazards including fire, floods and other forms natural disasters.

Proof of Reserve:

Proof of reserve refers to evidence of the ability of the exchange’s website script to handle 100% of the funds owned by all users across its trading platform. A proof of reserve assures all users that all their coins and Fiat money is available to the exchange’s system which minimizes fund loss risks. The proof of reserve should be supported by completion and publishing of regularly scheduled proof of reserve audits that are signed by an independent third party.

Security Audit Logs:

Audit logs provide a record of all informational changes and transactions taking place across the trading platform. Whenever a security breach is encountered, audit logs are indispensable tools that can aid investigators in diagnosing the cause and handling such incidents. This can be achieved via:

– Partial audit logs: which include records of all deposits and withdrawals taking place across the exchange’s trading platform.

– “All users’ actions” audits: which include a record of all login and logout attempt with a record of all the IP addresses used to access users’ accounts.

– Full audit backup: all audits should be backed up regularly to a server other than that hosting the exchange (4).

 Cold Storage:

Cold storage refers to the process of storing the private keys of bitcoin, or any other cruptocurrency, offline using a paper wallet, physical hard drive…etc. Although cold storage can undermine an exchange’s “proof of reserve”, it can be used in instances when users would use their exchange’s wallets for long term savings. Also, cold storage should be used during non-trading hours and server maintenance periods.

Securing a cryptocurrency exchange is a challenging task that should be continuously reviewed and assessed. Regular penetration testing should be part of the continuous assessment process of the security of any online business involving cryptocurrency. Recruitment of ethical hackers whom are enthusiastic about bitcoin can serve as a valuable tool in the inventory of a secure bitcoin exchange.

Conclusion:

The ‪blockchain technology is by far the most innovative financial creation in the past 500 years. It is like a genetic mutation that will survive despite how hard all the world’s big “Central Banks” would try to destroy it. However, security breaches and hacking attacks represent an eminent danger that can threaten the future of the “bitcoin economy”. Internet security protocols, top notch encryption algorithms, regular penetration testing and adopting bitcoin enthusiastic, ethical hackers can help secure the world’s favorite non-decentralized digital currency.

References:

1- PCI Security Standards Council’s resources for merchants. https://www.pcisecuritystandards.org/merchants/index.php

2- MasterCard, Visa others hit by DDoS attack over Wikileaks. COMPUTERWORLD. By Jaikumar Vijaya http://www.computerworld.com/article/2514804/cybercrime-hacking/update–mastercard–visa-others-hit-by-ddos-attacks-over-wikileaks.html

3- White Paper: Defeating DDoS Attacks. Cisco Guard DDoS Mitigation Appliances. http://www.cisco.com/c/en/us/products/collateral/security/traffic-anomaly-detector-xt-5600a/prod_white_paper0900aecd8011e927.html

4- Cryptocurrency Security Standards http://www.scribd.com/doc/256083263/CCSS-Draft-Proposal

 

Tweet123Share196ShareSend
newsbtc
newsbtc

newsbtc

Comments 2

  1. thirdalbum says:
    10 years ago

    You missed out human security factors. No one employee should have the technical power to move more than a handful of coins. Movement of significant amounts of money should be done only by two employees in concert and this should be enforced by multi-sig.

    The corporate culture should be one of caution and precision, with employees actively encouraged to double-check orders and seek face-to-face confirmation if being asked to move money. Large movements should automatically send a notification to the CFO.

    Your premises should also be secured and staff once again being encouraged to properly check security badges of anybody they have not met before. Staff should be trained on social engineering attacks in particular.

    I’m no security expert but those are a few important measures of security I would implement.

    Reply
    • Tamer Sameeh says:
      10 years ago

      Yes, I agree with you. I might have overlooked the human factor intentionally, but it goes without saying that no employee should have the authority to move large number of coins without proper confirmation of the transaction order; however, the circumstances and the circle of trust of different exchanges can vary dramatically, so I don’t think that any sort of “Universal” rules can fit all exchanges.

      I am afraid I don’t understand what you mean by “face-to-face” confirmation, I mean I understand that this happens on the trading floor of the stock market, but how can this be executed in a cryptocurrency exchange?

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Comments 2

  1. thirdalbum says:
    10 years ago

    You missed out human security factors. No one employee should have the technical power to move more than a handful of coins. Movement of significant amounts of money should be done only by two employees in concert and this should be enforced by multi-sig.

    The corporate culture should be one of caution and precision, with employees actively encouraged to double-check orders and seek face-to-face confirmation if being asked to move money. Large movements should automatically send a notification to the CFO.

    Your premises should also be secured and staff once again being encouraged to properly check security badges of anybody they have not met before. Staff should be trained on social engineering attacks in particular.

    I’m no security expert but those are a few important measures of security I would implement.

    Reply
    • Tamer Sameeh says:
      10 years ago

      Yes, I agree with you. I might have overlooked the human factor intentionally, but it goes without saying that no employee should have the authority to move large number of coins without proper confirmation of the transaction order; however, the circumstances and the circle of trust of different exchanges can vary dramatically, so I don’t think that any sort of “Universal” rules can fit all exchanges.

      I am afraid I don’t understand what you mean by “face-to-face” confirmation, I mean I understand that this happens on the trading floor of the stock market, but how can this be executed in a cryptocurrency exchange?

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Disclaimer: The information found on NewsBTC is for educational purposes only. It does not represent the opinions of NewsBTC on whether to buy, sell or hold any investments and naturally investing carries risks. You are advised to conduct your own research before making any investment decisions. Use information provided on this website entirely at your own risk.

Related News

Ethereum Targets Liquidity Above $3,000 – Price Magnet Forming

Ethereum Targets Liquidity Above $3,000 – Price Magnet Forming

Ethereum just broke above the critical $3,000 level, marking a major technical milestone after surging over 20% since Tuesday. This...

Sebastian Villafuerte 8 hours ago
99Bitcoins Q2 Report Unveils What’s Powering the 2025 Crypto Boom

99Bitcoins Q2 Report Unveils What’s Powering the 2025 Crypto Boom

The crypto market has been on a tear in 2025, and the latest 99Bitcoins Q2 State of Crypto Market Report,...

Aaron Walker 12 hours ago
Bitcoin

Bitcoin Dominance Falls: 9 Factors To Watch For That Says The Altcoin Season Has Begun

Bitcoin’s price is holding firm despite growing chatter about the end of its market dominance. However, analysts are turning their...

Scott Matherson 12 hours ago
Load More

Reason to trust

Strict editorial policy that focuses on accuracy, relevance, and impartiality
Created by industry experts and meticulously reviewed
The highest standards in reporting and publishing
How Our News is Made

Strict editorial policy that focuses on accuracy, relevance, and impartiality

Ad discliamer

Morbi pretium leo et nisl aliquam mollis. Quisque arcu lorem, ultricies quis pellentesque nec, ullamcorper eu odio.

Related News

迷馬斯克發言引爆PNUT價格爆漲20% 迷因幣火熱本周末不能錯過的1000倍幣!

Mark Mak 2 hours ago

比特幣強勢爆發 標普創歷史新高 SPX6900與T6900代幣蓄勢待發 即將引爆新一輪行情

estherw 3 hours ago
Ethereum

Ethereum Price Breaks Through 50EMA After Rejection, ETH Dominance Sees Resurgence

Scott Matherson 4 hours ago

Premium Sponsors

Press Releases

  • 4 kryptomeny, vďaka ktorým toto leto zmeníš 1000 € na...

    8 hours ago
  • 3 altcoiny do obserwacji w drugim tygodniu lipca 2025 roku

    3 altcoiny do obserwacji w drugim tygodniu lipca 2025 roku

    9 hours ago
  • 4 kryptowaluty, dzięki którym tego lata zamienisz 1000 zł w miliony

    4 kryptowaluty, dzięki którym tego lata zamienisz 1000...

    9 hours ago
  • 4 criptomonede cu care poți transforma 1000 de lei în milioane vara aceasta

    4 criptomonede cu care poți transforma 1000 de lei în...

    12 hours ago
  • 3 altcoinuri de urmărit în a doua săptămână a lunii iulie 2025

    3 altcoinuri de urmărit în a doua săptămână a lunii...

    12 hours ago

Newsletter

Be the first to get the latest important crypto news & events to your inbox.

  • This field is for validation purposes and should be left unchanged.

About Us

NewsBTC is a cryptocurrency news service that covers bitcoin news today, technical analysis & forecasts for bitcoin price and other altcoins. Here at NewsBTC, we are dedicated to enlightening everyone about bitcoin and other cryptocurrencies.

We cover BTC news related to bitcoin exchanges, bitcoin mining and price forecasts for various cryptocurrencies.

Disclaimer: The information found on NewsBTC is for educational purposes only. It does not represent the opinions of NewsBTC on whether to buy, sell or hold any investments and naturally investing carries risks. You are advised to conduct your own research before making any investment decisions. Use information provided on this website entirely at your own risk.

Company

  • About Us
  • Advertising
  • Contact Us
  • Privacy Center

Social

© 2025 NewsBTC. All Rights Reserved.

  • Cryptocurrency News
    • Bitcoin News (BTC)
    • Ethereum News (ETH)
    • Ripple News (XRP)
    • Shiba Inu News (SHIB)
    • Cardano News (ADA)
    • Dogecoin News (DOGE)
    • Solana News (SOL)
    • Litecoin News (LTC)
    • Avalanche News (AVAX)
    • Polygon News (MATIC)
  • Crypto Prices
    • Binance Coin (BNB) Price
    • Bitcoin (BTC) Price
    • Cardano (ADA) Price
    • Chainlink (LINK) Price
    • Dogecoin (DOGE) Price
    • Ethereum (ETH) Price
    • Litecoin (LTC) Price
    • Polkadot (DOT) Price
  • Crypto Resources & Directory
  • All Crypto
  • Play Games
  • Casinos
Advertise

© 2025 NewsBTC. All Rights Reserved.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Center or Cookie Policy.