Crucial Privacy & Security Concerns on Crypto Exchanges
This article provides a broader view of currently emerging privacy and security concerns relating to cryptocurrency exchanges. I analyse them from the user point of view, what are the main principles everyone should follow, what you should ask of exchange when it comes to being secured as for your identity and funds also.
Hopefully, in a clear, understandable way, it is more like an informational user-friendly approach than a technical review. I do not discuss the technical requirements of the exchanges here.
Everything can Easily be Lost
So what do you risk after deciding on trading cryptocoins on an exchange?
Exchanges are quite vulnerable but despite this fact, they store funds and identity. All of your details (PII personally identifiable information) eg. email address, birth date, real address, etc. and of course coins and fiat deposit are subject to theft.
Losing any of them can cause you serious problems even with law enforcement since stolen identities often sold on the darknet.
Last year was the “year of the hacks” it has been reported that more than 1400 million dollars were stolen from cryptoexchanges in 2018. We could see a 500 million hack standing out from them against Coincheck[1], Japan.
At this breached crypto exchanges massive amount of funds were kept in simple wallets instead of transferring them to a more secure type of so-called cold wallets.
This way, hackers could do a smooth job. Probably lifetime savings, family incomes have evaporated into the open air in a matter of second.
It is clear that we should be not only cautious with our own storage of cryptofunds but we also have to be provident in asking direct and special questions of crypto exchanges before opening an account there.
Different exchanges use different protection methods. Never mind they will treat you as an irritating person just for insisting on answering your questions. Try to determine yourself how risk-taker you are and then decide whether the answers to their level of security are satisfactory for you. If yes, you can go on with registering.
A Few Steps to Secure Yourself
Until last year, cryptocurrency exchanges were only centralized marketplaces(CEX). Thanks to the development of decentralized exchanges (DEX), we can now rely on them as an entirely new form of trading places. While centralized exchanges are nothing more than a 3rd party middlemen between buyers and sellers, decentralized exchanges are more secure by its nature.
The most important difference is that you have the private keys when you use decentralized exchanges, and you do not have them when using centralized exchanges, actually you do not own your transferred funds. Decentralized exchanges are exchange markets that do not use third party services; trades happen directly between users, they are connected in a peer-to-peer style. Currently, most exchanges work with centralized methods with a 3rd party provider with the I-owe-you (IOU) trading model.
At the beginning of registration or when trying to log in phishing scams often occur. Phishers are making counterfeit copies of legal websites and try to steal credentials. Always type URLs rather than clicking on easy-to-spoof links and keep a check on websites and emails that look legitimate.
You should ask of them where funds are held: Do they have offline vaulted storage or cold wallets? They are a secure wallet system without an online internet connection where thefts are almost impossible.
Are they using a multi-signature transaction to withdraw or transfer fund out from offline storage or cold wallets? Recently died crypto exchange CEO[2] and Founder took the passwords into grave and coins now are totally inaccessible despite this would have been an avoidable scheme if the exchange had used multisig transactions where multiple parties have to sign it.
Exchanges should use a complete withdrawal protection system that includes monitoring IP addresses during withdrawals and unusual user behavior. Advisable to set up a whitelist of IP addresses and various devices and in line with this limit your amount of withdrawals to reduce the chance of hacking your account with more massive amounts. Most of the exchanges provide API functions, make sure of its advanced read/write and adjustable permissions.
The registration process is what you should take most seriously. Hopefully, the cryptoexchange enforces strong password; it must be a minimum 8 letters with symbol and digits. All passwords ought to be cryptographically hashed using proven standards. Do not use passwords that easily can be linked to your personal life or passions since bitchy familiars may exploit it. ( a close friend of mine was a widely known big fan of Metallica and it had not taken a long time his email account was compromised.) Change your password on a regular base.
As an additional layer of security I suggest setting up a 2FA (two-factor authentication) process, you can use a simple Google Auth application or more advanced physical secondary factor key. It makes it extremely harder for malicious attackers to acquire one’s account.
Email verification is necessary and possible SMS verification gives you relief until you will lose your cellphone.
OTP (one-time-password) creation is also a popular method, it is wise to use it. Prior to any transactions, it is proof of the trading exchange asks to access the account to make a move on it. In case of lost or forgotten passwords, a predefined memorable question will be asked so wisely choose one that you will remember. Also, remember backing up your backup!
There is a step that is frequently forgotten. Be sure to put the memorable words (24 or 12 words mnemonic phrase) down as you are registering to a decentralized exchange otherwise your savings could be gone forever without them since this allows you to recover any crypto wallet when you forget your password. Please keep it in a safe place.
For a user looking to apply secure network infrastructure, there is VPN Technology[3] which is known to establish a safe and encrypted connection.
The primary function of any VPN is making user invisible for anyone else in the network thus you protect your crypto funds. VPN adds a surplus to the level of privacy and security but please do not fall into a false sense of security. VPN does not solve the problem of malicious downloads or scam websites. It is your own discretion what actions you take.
Happy Days Have Gone by
Know-Your-Customer (KYC) and Anti-Money-Laundering (AML) compliances have arrived, happy days have gone, but this regulatory process is a positive one. These processes try to determine the true identity of a customer and describe the legal controls to avoid, perceive and report money laundering activities.
You can put your own Know-Your-Exchange rule into force by researching and asking your exchange whether they are officially registered in jurisdictions! Do they have registry lock? It is a process in which malicious or unauthorized changes in the registry of the domain name are forbidden.
Digital Assets Risk Insurance
Do they have it at all? Most do not.
New insurance brokers have popped-up recently that offer various cryptocurrency exchange insurance, which opens the door for exchange users to cover up a predefined amount of BTC (the “reserve currency” of most exchanges) with of their funds held in their accounts. The extent is predetermined depending on the level of privacy and security of the exchanges.
Moreover, do not worry! If you prefer the original vision of Bitcoin then you have the opportunity to trade cryptocurrency without KYC[4].
Read Next: Crypto Tightens up Its Anti-Money Laundering Efforts; Bank Suffer the Weight of Fines
Final Thoughts:
The cryptoindustry needs more user-friendly security and privacy-focused tools to all people, let there be experienced or a complete noob. Always remember that crypto-investment is very risky. Do not invest more than you can afford to lose any time. Do your own research and never rely on gossips. Diversify your investments, spread your funds across multiple crypto locations.
References
[2] https://www.investinblockchain.com/is-quadriga-ceo-actually-dead-or-140-million-exit-scam/
[3] https://www.youtube.com/watch?v=rFg7TSwVcL4
[4] https://medium.com/@retprogramisto/how-to-buy-and-sell-bitcoin-without-kyc-without-id-passport-in-2019-4789539352ac
Disclaimer
The writer’s views are expressed as a personal opinion and are for information purposes only. It is not intended to be investment advice. Seek a duly licensed professional for investment advice.More Posts
Reasons Cryptocurrencies Are Becoming Increasing Popular
To this day, many experts continue to warn traders and investors against crypto trading for several reasons. But despite...
How to Avoid Losing In Cryptocurrency Trading Business
The rise of cryptocurrency since 2009 has come with many positive and negative opportunities. The value of many cryptocu...
Challenges Facing Crypto Exchanges & How to Solve Them
The major challenges cryptocurrency exchanges face. shutterstock.com Following the advent of Bitcoin in 2009, the probl...
Trading Overbought and Oversold Market Conditions Properly
Trading Overbought and Oversold Market Conditions. Shutterstock Images The class of indicators that can be used to trad...