Bitcoin Forum

Decentralized Crypto Exchange is Solution to Hacks, Will They be Ready?

Not long after the successful hacking attempts on crypto exchanges Bithumb and Coincheck, Japan’s Zaif was hacked, losing $60 million in user funds. All three exchanges were found to have poor security measures.

Coincheck in particular, which lost more than $500 million in XEM, the native cryptocurrency of NEM, outraged investors in Japan after the company’s CEO Koichiro Wada admitted that the firm did not have enough security experts overseeing the exchange.

“We were aware we didn’t have enough people working on internal checks, management and system risk. We strived to expand using headhunters and agencies, but ended up in this situation,” said Wada.

The NEM team also stated in an official statement that while it has deployed an automatic tagging system to trace lost funds for the investors of Coincheck, the team emphasized that the exchange had extremely poor security systems in place.

Bithumb was similarly criticized by the government of South Korea and local security firms, which ultimately led the exchange to close down for over a month and overhaul its internal management systems.
...

read more : https://www.ccn.com/decentralized-crypto-exchange-is-solution-to-hacks-will-they-be-ready/

Coincheck left ALL of their money unprotected and ready to be drained. I have no idea why they're whining about recruitment when XEM has multisig actually built into its blockchain waiting to be used by anyone for free. If they couldn't be bothered to do that they could at least have spent $100 on a Trezor and saved themselves $500 million.

Time and again it's laziness and incompetence rather than hacking sophistication.

Until DNS and hosting is totally resistant to hacking I'm not going to be 100% convinced a dex is safe.

Decentralized exchanges are not immune to hacking, you probably won't be able to hack everyone at the same time, but there's always a possibility of bugs that will create vulnerabilities that will allow hackers to steal money from individual trades by not delivering on their part of the deal. Dcentralized exchanges are based on smart contracts or something similar to them, and we know many cases of smart contracts being exploited.


This sounds worrying, what if NEM team will quitely install some tagging system at the request from governments?

There was some discomfort expressed at the time. In the end it proved to be futile as the hacker was moving faster than they could be tagged anyway.

There was some talk too of a hard fork as that amount was probably over 10% of the circulating supply. That was nixed as soon as it was suggested.

Right on. This has been true in almost all the cases of hacks of exchanges, going all the way back to Mt Gox. Negligence, nothing more. Lack of training for employees, lack of the most basic security and accountability measures. Just plain absurd arrogance to think that you could handle that much amount of funds and leave them out in the open, basically an open invitation and a hack waiting to happen.

All these guys have been guilty of negligence and this should be pointed out.

I'm not convinced DEX is ever going to be 100% safe, I think there is no such thing. But for current popular deployments, except for funds locked in off-chain escrow, at least if a host or server of a DEX is down, all you lose is access, with funds still firmly in your control.