[2019-01-20]Turkish Crypto Exchange Sistemkoin’s Disturbing Security Flaw Reveal

[ppblockchain]

Turkish crypto exchange Sistemkoin had done $68 million in volume over the 24-hour period at time of writing. However, according to a report from a user and security researcher, there are significant security problems with the exchange.

Read more : https://paperblockchain.com/turkish-crypto-exchange-sistemkoins-disturbing-security-flaw-reveals-major-withdrawal-complaints/

[buwaytress]

There are serious security flaws with all the exchanges, as long as they're centralised, you don't know what security systems they use other than what's visible to your eyes. So we're seeing the standard IP detection, whitelisting and 2FA now all implemented but that protects the user's account from unauthorised access externally. If you can't see what's going on internally, and you can't, not even with say, custodial services like BitGo, then you can't know for sure you're protected.

Seems like this customer support exploit will be big, especially with so many exchanges coming up.

You use a service like an exchange to store coins, and it's Russian roulette. Even using any service temporarily exposes you to some risk, but at least you minimise exposure if you immediately withdraw once you're done using.

[1Referee]

You use a service like an exchange to store coins, and it's Russian roulette. Even using any service temporarily exposes you to some risk, but at least you minimise exposure if you immediately withdraw once you're done using.

In the end, most users are super ignorant, don't know what a good client is, don't know what private keys are, etc. If they stick to a reputable exchange, they are less subject to potential coin loss than if they decide to take care of their own storage and use malicious clients, because that's how quite a significant number of users lose all their coins.

It's even quite difficult for people like us to take care of cold storage, because we have to make sure we sign clients before installing them, have yourself or someone else you know audit the code, etc.

Seriously, the only thing you need to trap in users is a fancy looking client, and people install it just because it looks better than all the trustworthy clients combined. That's how far gone average joes are, and honestly speaking, crypto as it is isn't noob friendly, 'using' (more speculating) crypto through exchanges is, because someone else does everything for you.