|
March 18, 2014, 10:10:52 PM |
|
Hey all,
Just wondering about the security on most coin exchanges that are running today. Over the last few weeks / months a lot of exchanges have been hacked and basically emptied.
The part about that someone either hacked in and directly emptied the wallets or had some of the users login information and emptied those users balances I understand.
But why are the hackers getting into the wallets in the first place? The setup that the sites are using in regards to hot wallets and cold wallets must be either just wrong.. or non-existing.
I would imagine if I should set up a exchange that even the hot wallets would be nowhere near the server/servers that are running the front-end of the site.
Basically that setup is like: Front-end servers = online Hot wallet servers = semi-offline.. no incoming network access.. limited outgoing. Cold wallet servers = full-offline. no internet contact at all.
The contact between front-end and hot wallet would be through some custom way of the hot wallet checking for what to do.
I guess that is not the setup that these sites are using? Or am I wrong? Are some of them running the hot wallets on the same server / server network that the front-end servers are on?
Maybe I'm over-simplifying how this could be set up.
( hope this is the right thread to put this in )
|