Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Analysis » Is Any Crypto Exchange Truly Secure?

Is Any Crypto Exchange Truly Secure?

by

As the industry reels from news of the Binance hack, can any exchange be trusted to keep clients' funds safe?

Is any crypto exchange truly secure?

Share this article

In light of yesterday’s Binance hack, exchange security is back in the spotlight. Changpeng Zhao has reassured affected users they would be compensated for the loss of 7,000 bitcoins, and Binance has a reputation for excellence when it comes to security.

But as the latest hack has shown, even the best security may not be secure enough.

Not Your Keys, Not Your Bitcoin

The phrase “Not your keys, not your bitcoin” is a reminder to crypto hodlers to keep their funds offline, in cold wallets, and to employ sound security practices with respect to private keys. But the fact is that centralized exchanges remain crucial gateways between crypto and fiat, and offer important liquidity for crypto traders.

After the company’s security was breached, it became clearer than ever that even the best and most reputable exchanges are not 100% foolproof. There is a lot that the likes of Poloniex, Binance, and Kraken do right when it comes to security, but even that remains insufficient.

Can Multi-Factor Authentication Solve The Problem?

Most reputable exchanges require or recommend that users employ 2FA, whereby funds can only be withdrawn using something you know (email, password) and something you have (an authenticator account on a phone – or even a physical device – that generates a random number).

Multi-factor Authentication (MFA) calls for even further steps. 3FA, for example, requires you to add something you are to the things you have and know as an authentication factor. This factor requires additional authentication with a fingerprint, palm, retina, voice, or facial recognition.

Other factors may take into account location identification (somewhere you are) and gestures or actions (something you do) to allow you access.

But these come with their own problems. Location authentication measures are a nightmare to navigate for those who travel frequently.  Geolocation technology could be useful here, restricting services if something geographically infeasible occurs. This would happen if, for example, you log into an account on one continent and do the same on another a few minutes later.

Why Aren’t Exchanges Better Equipped To Deal With Cyber Threats?

Some exchanges use additional security measures, such as multi-step procedures, withdrawal maximums, and enforced withdrawal delays. And it is certainly true that some hacks, such as the January 2018 theft of $500 million worth of NEM from Japan’s Coincheck, was due to poor security protocols. In Coincheck’s case, all the NEM it held were stored in a hot wallet.

After the Coincheck hack, a report by Dashlane found that more than 70 percent of all crypto exchanges had “unsafe password practices” and were vulnerable to attack. As Crypto Briefing has previously reported, the cryptocurrency and blockchain industry is still under-prepared for digital thefts.

Can Cryptocurrency Exchanges Be Insured?

Gemini proudly promotes the fact that user funds held in their hot wallets are insured against theft. Coinbase and Circle also have coverage in place, as does Australia’s Independent Reserve.

Yet insurance is not an industry-wide solution and creates a moral hazard. Knowing that their losses will be covered by the exchange may encourage users to behave carelessly, rather than deploying all the security tools at their disposal.

Are Decentralized Exchanges The Answer?

Overly zealous exchanges have been known to impose security measures on users without warning, effectively holding their funds to ransom. And on the outer fringes of the industry, the BitGrails of crypto keep rearing their heads, with lax security and appalling attitudes towards their users.

The promise of decentralized exchanges could be cause for optimism. Binance, ironically, stoked that fire by announcing the launch of its DEX, based on the BNB blockchain.

But for all they offer in terms of genuine peer-to-peer transactions, DEXs are incredibly difficult to keep liquid and may not emerge until after the demise of many of today’s  altcoins. At that point, the crypto world is likely to need fewer exchanges, not more.

For all their flaws, the crypto industry is likely stuck with centralized exchanges, at least for the foreseeable future. Although markets like Binance and Gemini have done much to reassure frequent traders, for most of us, the best security is also the simplest: to store your own keys in an offline environment.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.