Opinions expressed by Digital Journal contributors are their own.
Security concerns around cryptocurrency are long-lived but the recent news of Deribit’s hacking has added a meaningful slug of fuel to the fire.
The leading derivatives exchange was revealed to have lost $28 million in a hot wallet hack earlier this week, with losses centered on Bitcoin, Ether, and USDC.
The following (seemingly rushed) company statement followed soon after:
“Deribit hot wallet compromised, but client funds are safe and loss is covered by company reserves…Our hot wallet was hacked for USD 28m earlier this evening just before midnight UTC on 1 November 2022“
Withdrawals have now been halted due to ongoing security checks and users have taken to social media to voice their frustration and concern – seemingly unconvinced by Deribit’s promise of insurance.
Whilst the exchange continues to manage the fallout, the spotlight on the crypto industry is intensifying once again.
A consensus has emerged that exchanges must double down on due diligence to identify systemic weaknesses, whilst maintaining a cast iron grip on user protections.
On the system side of the ledger, weaknesses largely rest on withdrawals from user wallets. Large exchanges, in response, would be wise to focus on withdrawal frequency control and logging IP and transaction anomalies.
Know Your Transaction (KYT) is likewise essential and anti-money laundering detection should be central to any KYT protocol.
Regarding user protections, exchanges that have ramped up their monitoring of large withdrawals are seen to be better placed to counter criminal activity. Password change protections are also viewed to be an important part of the user mix.
The final layer of security worthy of attention, perhaps even the most important, is custody.
Custodian services, like those offered by Cactus Custody, Fireblocks and even Coinbase, bolster withdrawal security by screening out illegal signature requests. They also offer private key protections – a boon for security-conscious investors.
This is not an area where exchanges can continue to cut corners. Custody services are an expensive, but unavoidable innovation and any sensible exchange should swallow the cost.
On the subject of cutting corners, it’s clear that a number of exchanges need to wake up to the mounting threat to their models and therefore users from cybercrime. This is a phenomenon that is only going to get worse, rather than better, as technology progresses.
As set out above, the focus of pragmatic exchanges should be threefold, doubling down on systemic protections, specific user protections, and best-in-class custody solutions.
The stakes could not be much higher and there will be rewards for those that demonstrate that they are the exchange where users can rest easy.
