Posted 12 months ago | by Ben Armstrong
New Research Finds Security Flaws at Leading Exchanges
A recent interview with the co-founder of exchange security firm Taurus Group, Jean-Philippe Aumasson, uncovered some interesting information. Aumasson said he and his team, working with Omer Shlomovits of ZenGo, found serious flaws in how some major exchanges store cryptos.
One of the biggest issues is how multi-key security technology can be exploited, and also how some of the design assumptions that were made when building the system could lead to big problems later on.
Many crypto exchanges use multiple keys (or a single key that has been split among a few people) to ensure that when funds are moved, a group must approve the transfer. While this is a good idea, there are some issues with how it has been implemented by exchanges.
A big assumption that some crypto exchanges made when implementing a distributed key scheme is that none of the keyholders would be antagonistic to the group. This means that if the wrong person were to take control of one of the key components, they could effectively hold the exchange hostage, or force the group to payout a ransom.
Clearly, this is a serious design oversight, and it is something to be aware when trusting an exchange with tokens. One possible solution is to use a decentralized exchange that doesn't take possession of your tokens, or at least make sure that the exchange has dealt with this potential problem.
Is Decentralized Trading the Solution?
For people that just want to trade tokens on an unlevereged basis, a decentralized exchange would eliminate the custodial risks of dealing with an exchange that takes possession of private keys. For derivatives traders, it is probably important to make sure that the exchange's security protocols are well understood, as poor security could lead to large losses.
A Spanish crypto payments platform was recently hacked for around $1.4 million, which is a small amount of money in the financial markets. Despite this, the firm is having a hard time covering the losses, which may be passed on to the people that trusted the firm with their tokens.
With the rise of DeFi, and smart-contract based derivatives, the need for centralized exchanges may shift over the coming years. The idea of an exchange that acts as a custodian for client funds is undoubtedly a hangover from the established financial markets, and may not be needed in the future.
Articles on Bitboy may contain affiliate links that help us to remain profitable. It might come as a surprise, but all these great articles aren't cheap to produce. If you don't mind helping us out, please click on the links!