Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
If you are a cryptocurrency exchange and you have been hacked or have suspicions, you can reach out to us at @ComaeIo - we will assist you with the investigation for free.
āāā@msuiche
function notifyResize(height) {height = height ? height : document.documentElement.offsetHeight; var resized = false; if (window.donkey && donkey.resize) {donkey.resize(height); resized = true;}if (parent && parent._resizeIframe) {var obj = {iframe: window.frameElement, height: height}; parent._resizeIframe(obj); resized = true;}if (window.location && window.location.hash === "#amp=1" && window.parent && window.parent.postMessage) {window.parent.postMessage({sentinel: "amp", type: "embed-size", height: height}, "*");}if (window.webkit && window.webkit.messageHandlers && window.webkit.messageHandlers.resize) {window.webkit.messageHandlers.resize.postMessage(height); resized = true;}return resized;}twttr.events.bind('rendered', function (event) {notifyResize();}); twttr.events.bind('resize', function (event) {notifyResize();});if (parent && parent._resizeIframe) {var maxWidth = parseInt(window.frameElement.getAttribute("width")); if ( 500 < maxWidth) {window.frameElement.setAttribute("width", "500");}}
Yesterday on twitter, I announced the formation of the Comae Cryptocurrency eXchange Taskforce (CCXT). As more and more news breaks about crypto-heists, itās becoming abundantly clear that cryptocurrency exchanges are not prepared to respond to theseĀ attacks.
As explained multiple times, cryptocurrency exchanges are prime targets for criminals for variousĀ reasons:
- They centralize a decentralized economy. There is a $ face-value with each credentials. Itās usually hard for attackers to go from bytes-to-dollars, cryptocurrencies are doing that for attackers.
- They are start-ups, and not nation statesāāāmeaning that the legal implications of hacking them is lower risks than attacking a Central Bank which belongs to a nation-state for attackers.
- Just like traditional exchanges, they often have poor security.
- Emerging technologies implies emerging risks. Often poorly understood.
- DLT/Blockchain technologies are misleadingly represented as secure, which created a fake sense of immunity for its users and made them even more vulnerable.
For a general point of view, any companies should have an incident response plan and invest in abilities to investigate their systemsāāāwhich is why at Comae we spent most of our time understanding attackers, and developing new detection techniques for our investigation platform Comae Stardust.
As new technologies emerges the technical debt accumulated by companies keeps increasing, making them less and less prepared to new risks, and often results in security needs so overwhelming that it becomes hard for defenders to know where to start. Iāll be in Bahrain on the 21st Feb to the GCC Financial Forum to speak about why technical debt ends up being a critical factor in why organizations are terrible at cyber-security.
Because of the above reasons, we decided to create a cybersecurity taskforce for crypto-exchanges (CCXT). If you are a crypto-exchange and need some free advising on cybersecurity or assistance on investigating a breachāāāfeel free to reach out to us at ccxt@comae.io.
So why is this free? In short, this is an opportunity for everyone to learn together and build a stronger defensive response network. Itās the continuation in a series of Comae initiatives, like the launch of our free open source security auditing tool Porosity for smart contracts, as well as the registration and management of the WannaCry killswitch. Unfortunately, Cyber-Security needs are still poorly understood by organizations, so even the extraordinarily well funded Democratic National Committee (DNC) disregarded the seriousness of cyber security and decided on a cheap volunteer based approach called āThe Hacker Houseā, as DNC strategist Donna Brazile bragged in her book. Hopefully, the real world fallout from the DNCās unwillingness to invest in cyber security spurs companies to design better budgets in the future, and helps innovative players defend the key infrastructure of the future, especially next generation financial services.
Announcing Comae Cryptocurrency eXchange Taskforce (CCXT) was originally published in Comae Technologies on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.