We must not forget why centralized exchanges and exchanges were created. Only for earnings owners.
You need to remember how many exchanges in history collapsed and what were the financial consequences.
Centralized exchanges cannot be secure by definition. Security only exists in decentralized systems.
To sum up, I want to say my opinion because I know it would be hard to believe but there is no absolute system that is totally safe. No matter if it is decentralized or not, the safety of the system is not only depending on the system itself, but how the users are using it. If you want to secure your funds, you have the right to choose which platform to use and you have the right to execute which decision you want or in simple terms, your security mainly depends on you especially on how you handle your accounts safety and security, and how responsible you are in keep your private and public keys safe from vulnerabilities.
--------------------------------
Yeah, there's no such thing as absolute safety.
But let me point out that the current security model is weak in itself. Regardless of the precautions you take, it is not capable of performing its functions, because vulnerabilities are inherent in its design.
Brief analysis:
1. Cryptography.
Asymmetric cryptography (private and public key cryptography) is based on unproven mathematical assumptions (complexity of factoring and discrete logging of large numbers in a short time). For this reason, it is not used in military affairs, important diplomatic and government dispatches, etc. Only symmetrical.
Some class of elliptical curves previously successfully standardized by NIST (USA) proved unsafe. The information is not much disclosed, but it can be checked.
Elliptical cryptography itself (abbreviated as ECC) is full of unexpected surprises, details are carefully concealed, but there are verifiable facts.
Detailed analytical material, with references to sources, here:
https://bitcointalk.org/index.php?topic=5204368.40- second post on the account of 04 December 19.
At first glance, it seems that these are sick fantasies, conspiracy theory, etc. Yes, you will have this impression until you read this analysis yourself.
Well, let me have a fantasy, then even more fantasy in the NSA and NIST (USA), the first refused the ECC categorically, and the second has nothing to do, actively looking for a replacement for all modern cryptographic systems with open and closed keys. The beginning of this story no later than 2012. Strange.
2. Key encryption systems and password (even worse biometric) authentication.
These are problematic methods if you look at the statistics of attacks using the data theft.
You hid the key in your hardware wallet, or you wrote it down on paper, protect it, don't lose it. Because they will not be stolen while lying in a stash, but when used for their intended purpose. Phishing. It grows faster than the most daring assumptions. Fraudsters need not the key itself, but its hash, the one that you will transfer to the server. You can store the key further.
Secure connection to the server? Go deep into the details of its start, read the facts, perhaps you are a free-thinking person...
06.12, 20:15] The University of New Mexico has released information about a vulnerability affecting Ubuntu, Fedora, Debian, FreeBSD, OpenBSD, macOS, iOS, Android, and other Unix-based operating systems. The problem allows you to listen and intercept VPN connections, as well as embed arbitrary data into IPv4 and IPv6 TCP streams.
The vulnerability identified by CVE-2019-14899 is related to Unix-based operating system network stacks, in particular how the OS responds to unexpected network packets.
https://seclists.org/oss-sec/2019/q4/122[15:14, 10.12.2019] A team of researchers from the Wooster Polytechnic Institute (USA), the University of Luebeck (Germany) and the University of California, San Diego (USA) found two vulnerabilities in TPM processors. The exploitation of the problems, which have become known as TPM-FAIL, allows an attacker to steal cryptographic keys stored in the processors.
This chip is used in a variety of devices (from network equipment to cloud servers) and is one of the few processors that have received the CommonCriteria (CC) EAL 4+ classification (comes with built-in protection against attacks through third-party channels).
And now our ESUs are under attack:
[15:14, 10.12.2019] Researchers have developed a series of attacks that they call "timing leakage". The technique consists in the fact that the attacker can determine the time difference when performing TPM repetitive operations, and "view" the data processed inside the protected processor. This technique can be used to retrieve 256-bit private keys in TPMs using specific digital signature schemes based on elliptical curve algorithms such as ECDSA and ECSchnorr. They are common digital signature schemes used in many modern cryptographically secure operations, such as establishing TLS connections, signing digital certificates, and authorizing logins.
"A local attacker can recover an ECDSA key from Intel fTPM in 4-20 minutes, depending on the level of access. Attacks can also be carried out remotely on networks by restoring the VPN server authentication key in 5 hours," the researchers note.
This applies to the question of both cryptography and keys. This is when you pass a hash key, it may not be on your server first.
The Turla cybercriminal grouping (also known as Venomous Bear or Waterbug) distributes new malware called Reductor to intercept encrypted TLS traffic and infect the target network.
For more information:
https://www.securitylab.ru/news/501571.php3. Phishing.
Why is it possible? Because the client has a permanent identifier, whose hash is the subject of hunting. The server checks you, and you are the server?
Do you know what recommendations to the user on phishing protection?
Carefully study all symbols of the name of all sites that you visit.
And do not let God miss the substitution of 1 character!
And this is in the 21st century?
We are led as a brainless herd...
Facts:
[10:27, 12/08/2019]
According to the annual Security Intelligence Report prepared by Microsoft, the number of phishing attacks in recent years has grown three and a half times.
What happened?
Are there more nonchalant people or are scammers working better?
Try to answer this question.
Customers of banks, payment systems and telecom operators are increasingly becoming victims of phishers. Internet fraudsters gain access to confidential user data (logins, passwords and plastic cards), directing potential victims to fake sites and services.
Check here:
https://www.microsoft.com/securityinsights/Obviously, if you have a key "from the safe where the money is", they will always hunt for this key.
4. The trust certificate system to confirm that the public key belongs to a specific person. You don't even want to write facts here. Just look at the name.
We are offered a game - "believe", "do not believe".
It came to the point that you can find software that automatically generates the necessary certificates of trust.
On the subject of concepts of modern security systems based on key cryptography and password authentication - I will soon open a separate topic, I wonder what others know about this pressing issue.
Blockchain, Bitcoin, is based on cryptography on elliptical curves (for signature), by the way.
Poll
