How Did Crypto Exchange Security Systems Evolve?

Bitcoin was designed as a peer-to-peer cryptocurrency, but as the network expanded, there was no way to avoid the growing influence of centralized crypto exchanges. Soon after Bitcoin’s launch, more people wanted to enter the system. While mining was an affordable option at the time, buying crypto with fiat money was more convenient, especially for those who didn’t know how mining worked. The emergence of digital platforms that converted fiat to crypto and vice versa was a natural consequence.

In the first years, crypto exchanges represented an underground space, but one particular platform managed to monopolize the market — Tokyo-based Mt. Gox. In 2014, the service accounted for 70% of all Bitcoin transactions. Everyone knows what happened next — about 850,000 Bitcoin was stolen from Mt. Gox’s wallets, which were worth a total of $450 million at the time. This was when crypto exchange operators realized that security should be the highest priority in order to maintain client trust. As for Mt. Gox, it was forced to declare bankruptcy.

The gradual shift to a more secure ecosystem

Newer exchanges learned the lesson from Mt. Gox and started to implement a series of security measures meant to protect clients’ crypto funds while maintaining a high degree of liquidity and scalability.

The first thing they did was to move the greatest part of the client funds from hot wallets to cold wallets. The first category of storage option has ongoing access to the internet, making it prone to potential hacking attacks. Cold storage was preferred instead, as it keeps the private keys away from the internet.

Soon, third-party custodian services became widely solicited by crypto exchanges. Crypto vaults utilize multi-authorization wallet management systems, merging cryptographic, IT and physical security features.

Another security measure that has almost become mandatory with most crypto exchanges is two-factor authentication. This feature requires users to employ two different devices in order to sign in with the platform.

The evolution of security solutions went hand-in-hand with the development of Anti-Money Laundering and Countering the Financing of Terrorism measures. Also, many crypto exchanges have started to adhere to Know Your Customer practices by requiring clients to pass through a verification procedure that would confirm their identity. It was especially true for exchange services operating in jurisdictions with strict AML and CFT rules.

In the last few years, some crypto platforms introduced additional minor security measures, like withdrawal whitelists and anti-phishing codes. The former enable users to withdraw crypto funds to whitelisted wallets only. Potential hackers cannot move a client’s funds to unknown wallets while this feature is enabled. As for the anti-phishing code, it tells users if the email notifications are genuine and come from their registered exchange service. This option keeps fraudsters away.

So, are crypto hacks a thing of the past?

Not really. Despite the available security options, crypto exchanges continue to encounter serious troubles to this day. Last year, Japanese exchange Coincheck was deprived of over $530 million worth of Nem tokens.

Other crypto exchanges that were hacked in the last three years were Bithumb, Binance, OKEx, BitGrail, Coinrail and Zaif, among others.

Elsewhere, other exchanges can brag about their clean history. One such example is HitBTC, a crypto platform that was founded in 2013. HitBTC precedes the Mt. Gox hack, so it is one of the oldest exchanges in existence. It uses advanced encryption technology, cold storage and two-factor authentication to ensure the highest possible degree of security.

The safety measures helped HitBTC become the largest spot trading exchange out there, with more than 800 trading pairs and over 500 digital assets listed, including Bitcoin, Litecoin, Ether, EOS and others.

Decentralized and hybrid exchanges

Decentralized exchanges have recently become popular thanks to their status of the most secure version of a crypto exchange. They are the perfect solution because their services are noncustodian, meaning that users have to hold their private keys in their own digital wallets. Exchanges that enter this category only handle crypto conversions, allowing traders to take responsibility for storing their funds.

Decentralized exchanges use blockchains as the main layer to reside on. Thus, if their network of nodes is well distributed and relatively wide, these platforms are hack-resistant.

However, decentralized exchanges lose on the compliance part because there is no central authority to implement the required AML and KYC measures. Thus, many of these exchanges are not legal in certain jurisdictions.

Hybrid crypto exchanges address this issue by offering a certain degree of decentralization as well as centralized features. They allow users to have control over their private keys but require them to comply with the law by passing through a verification process. The goal of hybrid exchanges is to ensure both the security of decentralized exchanges and the flexibility of centralized ones.

While decentralized and hybrid exchanges implement the latest security architectures, this is surely not the end of crypto exchanges’ evolution. Some experts warn that blockchain networks might be threatened by advanced quantum computers in the future. Quantum computers are growing fast, with IBM and Google leading the quantum race. Many crypto traders are worried that these computers will be able to bypass the cryptographic barriers and even enable 51% attacks. If these threats become real, crypto exchanges will have to develop new security solutions.