Not all trading platforms pay due attention to security issues. As usual, hackers use three different approaches to hacking digital asset exchanges in their work. Such conclusions have reached the researchers of KZen project during a speech at the Black Hat conference.
Experts believe that most hacking episodes of trading crypto platforms can be divided into three categories – depending on the method chosen by hackers.
Hackers get the tools they need through proxies or project insiders. Also, scammers often use data from open sources – for example, project libraries. The vulnerability allows attackers to use the key update mechanism. This way you can deny the user access to their account.
They can get the information necessary for hacking, including pretending to be representatives of the exchange. To do this, hackers on behalf of the trading platform ask the user to confirm or update certain information. Having gained access to information, scammers can subsequently break through the site’s security system.
Another way to hack trading platforms is based on obtaining parts of the key from trusted parties. Access is built on the formation of random combinations of numbers. The latter must go through a public review and be passed on to proxies. Otherwise, fraudsters can gain access to all parts of the key through the substitution of values.
Researchers believe that not all trading platforms pay due attention to the process. As an example, the specialists cited the popular Binance exchange, whose team has not been checking values for a long period of time. According to Omer Shlomovitz and Jean-Philippe Omasson, the exchange only fixed this problem in the spring of 2020.
While researchers warn market participants about the risks of hacking, Bitfinex continues to grapple with the consequences of a security breach. Against the background of more frequent episodes of transfer of funds stolen from the platform in 2016, the project representatives announced an award for the search for hackers.