GET IN TOUCH

DO YOU HAVE ANY QUESTIONS?

LET'S DISCUSS! BOOK A CONSULTATION WITH OUR SPECIALIST

qr-img

Scan the QR Code to add me on WeChat

Find me on WeChat

To give you the best possible experience, this site uses cookies. Using this site means you agree to our use of cookies. More information is available in the INN4SCIENCE LLC Privacy Policy. Learn More

I AGREE

Blockchain, Guide

Security vulnerabilities | Professional ways to secure wallets | Inn4Science Blog

It’s still early to summarize funds loss in 2020, but 2019 has shown us a great problem in wallets’ security at cryptocurrency exchange platforms. Comparing to 2018 where the whole year’s loss was around $2 billion, the same sum was recorded already after the first 2 quarters of 2019. So let’s talk today about crypto wallets, exchanges, and security. What do we call a cryptocurrency wallet and what are the security problems for exchanges, whose wallets fall victims of hackers more and more often.

Wallets

What is a cryptocurrency wallet?

A cryptocurrency wallet is a software, device, physical environment, or service which stores the public and/or private keys and can be used to track ownership, receive or transfer crypto assets. So in short, it’s a program that you can use to operate with cryptocurrencies.

Cryptocurrency wallets types

Types of crypto wallets

You may not realize, but actually there are many different kinds of digital wallets. Cryptocurrency wallets are not only divided by the currencies they support. And it’s only up to you, which wallet to choose for storing your assets. 

  1. Web Wallets 

    Web wallets are always connected to the Internet. They can be accessed with any internet browser like Google Chrome, Opera, and etc.

  2. Mobile Wallets

    Mobile wallets are applications created for mobile devices. You can find dozens of applications both for Android and iOS-based phones.

  3. Hardware Wallets 

    Hardware wallets are USB-like devices that designed specifically for storing access data to your wallet. Basically, it’s battery-less devices, that you can insert into your PC via USB.

  4. Paper Wallets

    Paper wallet is a print of your private keys and public addresses on a piece of paper. Sure as it keeps your private keys offline, it may be the most secure way of storing your wallet, though not all cryptocurrencies support paper wallets.

  5. Desktop Wallets

Desktop wallets are software packs that you can install directly on your PC. Usually, they are available for any operating system like Mac, Windows, Linux.

What wallets are used in crypto exchanges

So what is the difference between common types of crypto wallets and wallets used on crypto exchanges? While a person chooses a wallet that can meet all his needs, the exchange platform needs to think not only about usability but also security. Moreover, when a person may need a wallet for a single currency like Bitcoin, exchanges operate with many cryptos at the same time.

So how do the wallets created on an exchange? Usually, wallets are divided into 3 entities:

  • Deposit wallets
  • Withdrawal wallets
  • Internal “orders” wallets

Deposit and withdrawal wallets are usually automatically generated or pool generated hot wallets. They are only used to conduct transactions of money input and output but do not take part in other operations on the exchange platform.

Internal wallets are not only wallets but at the same time are user accounts. Though, users do not possess the private keys of these wallets. Keys are stored internally within the system, or in another way. But the most important that a crypto exchange is solely responsible in providing the appropriate level of security.

Risks and how to mitigate them

So when we are talking about risks and security it’s worth mentioning that the wallets are the most sensitive part. But they itself usually are not a loophole used for hacking. As the security of a trading platform is mostly based on three key layers like security protocol, exchange system and wallets.

How to secure a cryptocurrency exchange? Below we will provide a specific list with a lot of technical terms.

If you are not sure you can understand everything

“be free to contact our team for a free consultation via [email protected]

If you are not sure you can understand everything

“be free to contact our team for a free consultation via [email protected]

  • A popular threat is poisoning the DNS cache by authenticating DNS inquiries with a cryptographic signature. DNS (Domain Name System) is the Internet’s system for converting alphabetic names into numeric IP addresses. You can use DNSSEC (Domain Name System Security Extensions) to secure information provided by DNS.
  • An often-used trick by hackers is clickjacking. A hacker may replace a website page with an iframe. Therefore a user will do action in one place when in reality it will be another website. To prevent the occurrence of this problem it’s possible to use a simple script (should be inserted inside <script> </script>) like: 

  • if(top != self) {
    top.location = self.location;
    }

    Though it’s not the best choice. A bit more sophisticated but more reliable way is to use the X-Frame-Options. It defines whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>.

  • POODLE attack, which stands for Padding Oracle On Downgraded Legacy Encryption is a vulnerability when an attacker downgrades the TLS connection to SSLv3. And therefore, he can get partial bytes of encrypted text and later obtain full plain text. Unfortunately, the only solution is not to use SSLv3 inside the server application.
  • Robot vulnerability affects web servers that are configured to use RSA encryption key exchange. To prevent this vulnerability, be sure to have SSL/TLS server up-to-date and do not use RSA ciphersuites.
  • The Heartbleed Bug or Heartbleed Attack. This is a quite serious weakness, as it helps to steal the information protected by the common SSL/TLS encryption. To eliminate this vulnerability, first, fix vulnerable servers, and second, replace SSL key pairs.
  • Protocol downgrade attacks and cookie hijacking can also be prevented by using HTTP Strict Transport Security (HSTS).

    Though Crypto exchanges are working with decentralized technologies, their core is still centralized. Thus, due to this nature, hot wallets are becoming victims of hacking. For securing hot wallets of your crypto exchange the good choice will be to use Vault by HashiCorp. It uses UI, CLI, or HTTP API to secure, store, and control access to tokens, passwords, certificates, encryption keys, and other sensitive data.

Crypto wallet and its features

There are so many aspects that we can go on and on. So in order to somehow summarize all the security tips for a cryptocurrency trading platform. Let’s define the most common aspects you should have within the system:

  • KYC (Know Your Customer). It’s not only will help you to prevent scammer but to comply with the latest regulations.
  • Data encryption. Do not send any data openly. Secure all sensitive data, first of all, personal information of users.
  • Real-time monitoring. Have a security feature, that prevents or acts under suspicious behavior. 
  • 2FA (Two Factor Authentication). This will help to secure users’ accounts even if hackers possess their credentials.
  • IP or Devices Whitelisting. By limiting access to your platform via specific IP or Device you help to protect the account from third-party access.

Those were just a brief glimpse of the most common risk, vulnerabilities, and issues of cryptocurrency exchange. But a trading platform may face even more issues and challenges. If you want to be sure your product is secure and friendly to users, get a security assessment today. Inn4Science – we are a team where your ideas become solutions.

DO YOU HAVE ANY QUESTIONS?

LET'S DISCUSS! BOOK A CONSULTATION WITH OUR SPECIALIST


was this article helpful?

(No Ratings Yet)

Add Comment

Leave a Reply

0 COMMENTS