Topic: Crypto exchanges have to learn and improve on their security - page 2. (Read 413 times)

Buy-sell is not the only thing you do in exchanges. It is a useful thing but most people use centralized exchanges in order to trade. As you might have already guessed, it takes time. One open trade could stay open for weeks to months. In this situation, centralized exchanges are needed. You are required to keep your assets in them if you wish to trade. So in some cases, we are bound to keep our assets in those platforms. But that's just it. You should never keep anything extra than what you need.

Other things could be done using a decentralized platform. And guess what, now decentralized platforms are available for future trades too. We should move to those platforms. But as everything is connected to the internet, nothing is safe. So we need to protect ourselves in our own ways.

I totally get your worries about crypto security? Totally get it. Its real, the fear. People, me too, are on edge. Scams? Hacks? Big, real threats. Just like that Houbi mess.

KYC? Its doing something, at least. Cutting down the bad stuff. But yeah, gotta jack up that security. Make it strong, unbreakable. People want to feel safe, right? If they do, boom! Everyone’s gonna want in. Cant just be tech-smart, gotta be safe-smart too.

KYC might be a pain, sure. But hey, its moving towards safer grounds. Time to shout out for tougher exchange security. No more waiting. No more Houbi-like wake-up calls. Time to move, and move now. For the sake of our assets, our peace. We need it, bad.

You know the hackers are also his enemies; they are also hackers. The only difference is that good hackers use their skills in the bad plans that hackers do. That's why, on the well-known CEX platforms, the ones they hire as protectors of their platforms are the people who have the ability to block or suppress bad hackers.

Now, the bad hackers are not only focused on the CEX platform but also on the DEX. As long as they have a chance to enter, they will attack it unexpectedly. So it can't really be said that KYC is an assurance that your assets are really safe on an exchange. But even so, that depends on the quality of security that an exchange still has.

Exchanges will always experience increased risks due to their type of activity, they will always have vulnerabilities and hackers will try to repeat their attacks. To some extent, along with the increase in security, the capabilities of hackers also increase and it is impossible to take everything into account, sometimes protection can only be strengthened when you see where the vulnerability was.

In fact, I don't know if there are any exchanges that have never been hacked. What is important here is how quickly the defense service can react so that losses are minimal.

They know how to secure their exchange its just hackers became more smarter than them that's why we see this hacking issues existing even if the exchange spend a lot of money for security measures. What's important matter there is we choose a big exchange when trading so that if this incident will happen to them they can give some assurance that no investors funds will get affected and all users can still access their funds without any issues.

Not only Houbi encounter such unfortunate attacks but rather also those top tier exchange like binance but what good happened there is they still standing strong and can able to operate even if issue like this happen to them. Its important for trader to be aware on this situation so that they may know on what to do next if situation like this might occur in future.

Before the attack on Houbi, many other exchanges have been hacked before even the biggest exchange binanace have faced some potential hack before last year. If Binance can face such attacks, then I see no exchange that can escape that. In light of all this hacks, it is important that the security of such exchanges be improved to avoid those hackers of escaping with this monies hacked from those exchanges. Depending on how your technical team and security system of your exchange is, funds can be frozen immediately as in the case of Binance when it happened last year.


Online exchanges are prone to attack at anytime that is why it is always advisable not to keep too much of your funds in those centralized exchanges. Only keep the little you want to use at that time in such exchange or don’t keep any there, but transfer there only when you want to exchange them.

We should learn one more thing, have you ever heard or read news about forex exchanges that got hacked to this much gravity? I hardly think so. May be couple of cases due to human negligence or internal corruptions bu that too traceable considering they are having trail of centralisation. So why this is happening to crypto exchanges only? May be its more easy to get hacked and as OP stated they have very weak security aspects all the time. They also have KYC but they don’t have that much safety of their sites.

May be they have chance to state that we got hacked and now the money is lost because it was transferred by unknown bitcoin address and now there is no way to reverse it.

Sometimes it’s more fishy and looks like they do it intentionally.

Yes, I agree with you OP. Exchanges should go the extra mile to protect users' funds. Like the article, I just came across and I am very impressed with what the exchange is doing. They are actually increasing the level of their security

The other side of the coin is - no matter how well crypto exchange improve their security, there is a chance that their CEO or other high management will perform exit scam. No matter how secured exchange is, your money still are not safe. Crypto exchange have to learn a lot, but users have to learn even more. Even if crypto exchange has most up-to-date security, user with one careless move would  throw that security to dumpyard.

There are many valid reasons why centralized exchanges are not the best to live your coins, in short, an exchange is not a place to keep your coins, as the name implies, "exchange" which means to trade and not custodial but people are so daft to believe usernames, emails, strong password and 2FA is enough to give them high-level security, only a newbie that understands nothing about security and centralized exchanges will believe such cooked lies, your coins are not stored on exchanges but their own personal wallets while they only control the front end to have data of what is really going on in the exchange.

There is no security that is more secure than personalized one, centralized exchanges will remain the same because they have junks of money across different chain which always raises eyebrows from hackers, even if there is a high level of security, their privacy are low which make them vulnerable to attacks, people will always want to know where there coins and tokens are kept, this alone zero the level of privacy and the teams knowing much about the security details also makes them vulnerable to attack even if there is high level of security.


Do you know the advantage of entrusting private keys to yourself, its because when you did the back and storage offline, nobody in this life except you alone knows how and where you kept and that makes you safe(if you did it professionally) but when two or more people do that, even with multi-sig, it gives room for suspicious of others, anyone can pull tricks just to outsmart the other person, and that is the problem of centralized exchanges, there is always backstabbing.

You see that Houbi hacked that just happened, it is not the first and neither will it be the last because centralized exchanges will always be open to mistakes as far as its organogram is concerned. Not your keys, not your coins.

KYC can't reduce fraud activities on crypto exchanges because they are automatically centralized, whatever is going om in any centralized exchange are not hidden, they can be traced, ok why hasn't KYC helped with the FTX case? The only thing that KYC does better is prevention from criminal activities by the exchange users, maybe laundering money using the platform?

The Huobi attack is not a direct attack, because I have some money on the exchange when the hack happened, not a single cent of money was removed from my balance, as I went deep into more research, I came to understand that the hacker deceived the exchange users by pretending like the real huobi services.

CZ vows to get to the bottom of the this and he is starting to use his own security teams on this attack already, lets see how this will turn out, nothing in the crypto space is completely impenetrable, we only have to keep our heads up and prevent stupid mistakes from our sides.

As they say, there's no perfect system. When security is enhanced or improved, hackers and scammers also find ways to bypass it, so they evolve as well. There's another point to consider – those who create anti-virus are the ones who make viruses, does that make sense?

What's more concerning than stolen assets is our data, our personal details, and our bank accounts. Because we can become victims of identity theft. If only coins/tokens are stolen from exchanges, they can possibly be recovered and compensated. But the KYC information we've submitted is now in their hands, and that's a different story.

The cryptocurrency financial sector is in its developmental stage so issues like hacks and scam projects will always occur. As old as the fiat banking system they still suffer from security breaches and scams. In 2022 banks in the US paid close to $1.2 billion ransomware payments. So these attacks are not limited to the crypto industry but as the sector grows, it's security will improve.

I don't think that the majority of people are comfortable with KYC because it is an arbitration of the concept of bitcoin. The only reason why people give out their KYC is because they have few options. In my country, centralized exchanges are the major means of dealing with Bitcoin this is due to the fact that we have limited P2p platforms.  It would not be a bad idea for exchanges to adopt current security measures to curb these attacks but some of them went bankrupt not because of attacks but mismanagement.

These attacks will not end automatically, in fact, they might always be a problem in the crypto sector. Adoption should be promoted using the right information. People should be aware that they can keep their money in a safe non-custodian wallet and be their bank. They should be taught how to protect their coins against hacks. We should let them know that keeping money in centralized platforms is riskier.

Exchanges are just a huge target for hackers, scammers and even governments, so anyone that wants to use them should do so with a very clear intent, which is to buy and sell whatever they need and then send their coins out of the exchange.

Such a thing should take just a few minutes and this will reduce the chances of losing your coins dramatically, however very few people do this as they prefer to save themselves a few dollars and keep their coins in their favorite exchange, not understanding the massive risk they are taking by doing this.

It's not only scams, hacks, or other data leaks, you should also be concerned about the platform itself. There are platforms popping out every now and then. They all require KYC or they will offer you this and that for successfully completing KYC verification. Some of them will collect the data and sell it to people for money.
Enhancing security means nothing. What I believe is that, if the right person chooses, then that person can hack it no matter what the security measures are. It's all about time. Once a person finds a loophole then they can hack it.

Now to keep ourselves safe, we need to do it personally. Our privacy is ours to keep. Centralized exchanges are required to some extent but it's not something that we can't live without. There are some other alternative decentralized platforms in existence. Maybe trying some from that list might help. But they are not immune to hacking or scams either. So my suggestion is, to only deposit what you need to work with. Otherwise, keep everything in a private wallet. Not your key, not your coin.

Exchanges are meant for trading, and likewise, wallet for hodling coins, but just that most times people mistake what is meant to be done on an wallet on an exchange because of the presence of the wallet feature, which is why I think majority keep falling victims whenever there is a hack or security breach, which is ought not to be that way. So in regards to this, I think while we keep letting exchange know the importance while it's good to have an improved security, let's not forget to educate people also on the reason why it's very much important not to hold much funds on an exchange but a very secured non-custodial wallet where they can have access to the private key to their funds.

Bisq is a p2p exchange, no kyc and no data required to trade on bisq, yet it is so difficult to scam your trading partner in the bisq network, except they do not know what they are doing. Bisq is so secure because funds are locked in a 2-of-2 multisig wallet, and the two traders control the keys during the trade. This is more effective to mitigate scam as you control your funds as you trade, you don't lose control of it like you do in Binance or Coinbase.

Nothing can be 100% sure, there is always some way to get into anything unfortunately.

But seriously though, companies, sites and so handling other people's money should always have the highest priority to keep the costumers funds save. It is a real shame that sometimes, when big hacks or whatever occur these companies leave their costumers in the dark without any info or reimbursement.
Basically they say, bad timing, better luck next time.

There have been several gib hack in the past and it seems nothing has be learned from them. There is always a next one exploiting already knows leaks of security. Why that is even possible, I can't wrap my head around it.

Nothing can be perfect, many platforms have back doors that can lead hackers straight into the exchange, and hackers are now smarter than before. I am really amazed to see their hard work and how they proceed to make attempts. You are right; the KYC was made so that fraudulent activity would be reduced and people could not scam others in p2p trades, etc.

Still, KYC does not make any exchange vulnerable to hacks, but the back doors and out-of-date infrastructure of the platform and the lack of enthusiasm of the team make the platform vulnerable to hacks. And the Houbi exchange had some issues with liquidation, which was also discussed here.

I wanted to know which exchanges have not been hacked yet; you should write some examples. It would be helpful.

With the high number of users who have registered on centralized exchanges and custodial services, you are right if you say majority of BTC users have undergone kyc, if they agree with it or welcome it? I do not know about that, but i know most BTC users choose centralized services over decentralized solutions like p2p exchanges, because they think it is more 'convenient'.

It goes without saying that you should not store your BTC's in a centralized exchange, they bite the dust too often and they use your money to make more money for themselves through fractional reserve scam. If you use p2p exchanges and self custodial wallets, you don't have to worry about what happens to centralized exchanges.