If you are so confident why don't you offer a bounty for hackers?
No, I am not over-confident, only stupid people would be so. But speaking about the bounty offered to hackers, you would be amazed that we did it, via a shared testing of the platform. We learned then the weakness (very few though) and then took measures to fill gaps.
As I explained on a different topic, at this point not the code itself might be faulty for most of online exchanges, but their architecture. You cannot expect a poorly written php code running on a VPS to withstand a serious attack. Same if the host machine can communicate directly to the blockchain, then any insider can run code from that instance on shell do things.
So, basically, hacking a server is a complex orchestred attack on several (sometimes one major) vulnerabilities. This is why as hacker techniques evolve so must the security do, to keep up with latest realities.
I am giving you a simple example: let's assume (though, as I have said, it is basically imposible seeing how paranoid AWS engineers are) a hacker gets access to the main instance: looks for wallets (without them cannot steal coins) and find them encrupted. Let's say he finds the key and decrypt them and start sending cURL commainds to the API that processes the requests. All requests are manually appoved by 2 admins at API level. The hackers must take small amounts in order to not withdraw attention. But within a day somebody should see that the account has been hacked (as the API post back the transactions so the amounts are deducted from users accounts) and the damage is limited. But again assuming that a hacker gets access to the server is a very extreme scenario.
Is good to see someone with technical knowledge backing up their product. I hope it will be a successful exchange
Show Posts
