Strengthening Crypto Security: CoinW’s Response to Recent Industry Breaches

In
recent
weeks,
the
crypto
industry
has
experienced
significant
security
breaches,
underscoring
the
need
for
enhanced
protection
measures
across
all
exchanges.
Two
notable
incidents
are:

1.
User
Accounts
Compromised
by
Malicious
Plugin:
Some
Binance
user
accounts
were
compromised
after
downloading
a
Google
Chrome
plugin,
Aggr,
promoted
by
one
crypto
influencer.
Hackers
hijacked
cookies
to
bypass
password
and
2FA
authentication,
gaining
direct
access
to
the
users’
Binance
accounts.
Though
2FA
prevented
immediate
withdrawals,
the
hackers
employed
wash
trading
to
transfer
the
funds.
This
plugin
was
their
key
to
circumventing
standard
login
verifications.

2.
AI
Threats:
Attackers
stole
user
information
from
OKX
and
used
AI-generated
deepfakes
to
deceive
their
customer
service
and
reset
account
passwords.
This
sophisticated
attack
highlights
the
increasing
complexity
of
threats
facing
crypto
exchanges.

Centralized
Exchanges
(CEX):
Crypto
Portfolio
Manager
of
Security

Centralized
exchanges
face
major
security
threats,
including
hacking,
exploitation
of
vulnerabilities,
and
money
laundering.
Historical
incidents,
such
as
the
suspected
Binance
hack
on
March
7,
2018,
which
caused
a
significant
drop
in
Bitcoin’s
market
value,
underline
the
risks.
In
2019
alone,
over
28
security
incidents
were
recorded,
with
more
than
70%
involving
the
theft
of
digital
assets,
leading
to
substantial
financial
losses.

Governments
and
regulatory
bodies
worldwide
are
responding
by
introducing
specific
regulations
and
measures.
For
example,
South
Korea’s
government
has
mandated
that
virtual
currency
exchanges
with
daily
sales
exceeding
10
billion
KRW
or
daily
visits
surpassing
1
million
must
obtain
an
Information
Security
Management
System
(ISMS)
certification.
In
China,
all
services
related
to
virtual
currency
settlements
and
trader
information
provision
are
banned.

To
address
these
threats,
exchanges
have
implemented
various
measures
to
enhance
security,
such
as:

On-Chain
Data
Solutions:
Managing
market
counterpart
risks
using
blockchain
data.

Multi-Factor
Authentication
(MFA):
Enhancing
user
security
through
biometric
verification,
one-time
passwords,
and
push
notifications.

SSL
Encryption
and
Cold
Storage:
Protecting
data
in
transit
and
storing
significant
assets
offline
to
prevent
unauthorized
access.

Regulatory
Compliance:
Adhering
to
the
requirements
of
different
jurisdictions
to
ensure
operations
within
legal
frameworks.

Effective
security
in
crypto
exchanges
is
multifaceted,
involving
coordinated
efforts
between
exchanges,
regulators,
and
users.

CoinW’s
Advanced
Security
and
Risk
Control
System

CoinW
is
committed
to
providing
a
secure
trading
environment
through
robust
security
measures
and
risk
control
systems.
According
to
CoinW’s
Head
of
Security:

‘A
centralized
exchange
operates
akin
to
a
bank’s
core
system.
Its
security
encompasses
frontend
and
backend
safety,
technical
solutions,
security
assessments,
data
storage,
and
communication
encryption.
Our
comprehensive
security
framework
integrates
these
elements
to
maintain
high
safety
standards.’

Unlike
traditional
banks,
CoinW
deals
with
on-chain
assets,
prioritizing
private
key
security.
They
use
multi-signature
(multi-sig)
technology
for
key
usage
and
traditional
sharding
methods
for
key
storage.
In
case
of
hot
wallet
issues,
they
have
backup
systems
for
recovery,
and
substantial
funds
are
stored
in
cold
wallets.

The
internal
mechanisms
are
crucial,
including
real-time
security
incident
monitoring
and
response.
The
system
swiftly
detects
and
addresses
suspicious
activities,
such
as
unusual
network
access
or
abnormal
login
attempts,
by
implementing
enhanced
verification
methods
for
long
inactivity
or
remote
logins.
CoinW
provides
instant
notifications
for
any
anomalous
transactions.

For
business
risk
control,
transactions
triggering
risk
conditions
undergo
secondary
manual
review,
ensuring
an
additional
layer
of
scrutiny
for
accounts
with
unusual
activity.

Meanwhile,
CoinW’s
wallet
security
is
fortified
through
Multi-Party
Computation
(MPC),
distributing
keys
across
four
systems,
requiring
unanimous
approval
for
any
transaction,
thereby
preventing
unauthorized
operations.

Additionally,
CoinW
has
integrated
Know
Your
Address
(KYA)
alongside
the
Know
Your
Transaction
(KYT)
system
to
elevate
security
standards.
KYA
analyzes
and
categorizes
blockchain
addresses,
enhancing
the
capability
to
identify
risks
and
protect
user
assets.
This
integration
solidifies
CoinW’s
position
as
a
leader
in
security
within
the
cryptocurrency
industry.

CoinW
has
also
achieved
compliance
milestones,
such
as
obtaining
the
digital
currency
trading
service
license
from
the
Australian
Transaction
Reports
and
Analysis
Centre
(AUSTRAC).
This
license
allows
them
to
conduct
spot
trading
and
fiat
currency
trading
in
digital
currencies,
ensuring
a
safer
and
more
reliable
trading
environment
for
our
customers.

‘In
summary,
the
security
level
of
a
centralized
exchange
is
determined
by
its
technical
measures,
business
operations,
internal
management,
and
its
response
to
security
incidents.
These
factors
collectively
ensure
the
robustness
and
reliability
of
the
exchange,
providing
users
with
a
safe
and
trustworthy
trading
environment.’
CoinW’s
Head
of
Security
commented.