Extra layers of security to prevent hacks on crypto transaction sites & exchange

[DubemIfedigbo001]

Having researched considerably about some hacks on exchanges and crypto enabled website, I learned that most of the hacks occurred as a result of some  loop holes either in their verification methods, transaction processes and in rare cases, unresolved and unterminated deprecated coins existence. One thing however was common in all the hacks, the funds were moved by the scammer initiating concurrent withdrawals involving large unusual  sums of money which was not checkmated nor did it prompt for further verifications before coins were  released.

I have a few suggestions I think can be of help

• concurrent withdrawals should have a 10 - 20 minutes interval. This will give the developers the time to check properly the transactions and authenticate it automatically of it passes security verification. The check can be automated to curb excess delay

• There should be an amount of withdrawal which should trigger strict security verification. The withdrawal  can be permitted when the check is complete. Users can be notified of its security importance

• primary login device can be initiated. This is an extra layer of security whereby a device is seen as the primary login device and the user uses this device only to login to his account. This device can also be used to grant another device access to login. The primary device can give permanent access to the secondary device, or a onetime access. Upon the primary device Loss or unavailability, if its lost, request can be made from the associated email address to change primary login device and a code will be sent to prompt login and change of the primary login device to the new one. Upon its unavailability, a request can also be made from the email for a one time access for another device

• The system should log out users after 5-10 minutes of inactivity or if focus is changed to another application. This will apply even to the primary login device.

• Now, if you're by any means held hostage and forced to enter login details, you can enter the password backwards e.g John as nhoJ. Authentication will granted and this will set the system on high alert and track the movement of funds alerting any other institution or wallet the Fund go into to continue the tracking, even down to mixers if their services are used. Upon your freedom, you'll send a testimonial email to the company and they'll initiate a fund it recovery process for you alerting other institutions which will  freeze the funds and return it to you and your abductors will have nothing for their stress.

These are just my security suggestions that I believe can help curb these hacks. All corrections and validations are welcome.

[1714625605]

1714625605

[bitmover]

The best suggestion of all is basically not to keep money in exchanges.

Make transfers when you want to sell or to buy. Do not keep your money in exchanges. They are not as safe as they look like

Exchanges are a big attack vector, many hackers will always be trying to log into them, and some always find out how to get some money

There are also other kinds of risks, such as exchanges going bankrupt such as ftx.
Also regulatory risks, which may force exchanges to frozen your funds due to your nationally or kyc requirements

[DubemIfedigbo001]

The best suggestion of all is basically not to keep money in exchanges.

Make transfers when you want to sell or to buy. Do not keep your money in exchanges. They are not as safe as they look like

Exchanges are a big attack vector, many hackers will always be trying to log into them, and some always find out how to get some money

There are also other kinds of risks, such as exchanges going bankrupt such as ftx.
Also regulatory risks, which may force exchanges to frozen your funds due to your nationally or kyc requirements

Yeah, definitely, its never safe to keep funds in exchanges cos of its centralized nature and all these risks rightly pointed out above. I'm only suggesting security measures they can take to secure their own businesses and websites that accept crypto for maybe purchases, gambling, e.t.c can employ to curb hacking into their sites and making heavy withdrawals that affect their portfolio significantly.

[philipma1957]

Having researched considerably about some hacks on exchanges and crypto enabled website, I learned that most of the hacks occurred as a result of some  loop holes either in their verification methods, transaction processes and in rare cases, unresolved and unterminated deprecated coins existence. One thing however was common in all the hacks, the funds were moved by the scammer initiating concurrent withdrawals involving large unusual  sums of money which was not checkmated nor did it prompt for further verifications before coins were  released.

I have a few suggestions I think can be of help

• concurrent withdrawals should have a 10 - 20 minutes interval. This will give the developers the time to check properly the transactions and authenticate it automatically of it passes security verification. The check can be automated to curb excess delay

• There should be an amount of withdrawal which should trigger strict security verification. The withdrawal  can be permitted when the check is complete. Users can be notified of its security importance

• primary login device can be initiated. This is an extra layer of security whereby a device is seen as the primary login device and the user uses this device only to login to his account. This device can also be used to grant another device access to login. The primary device can give permanent access to the secondary device, or a onetime access. Upon the primary device Loss or unavailability, if its lost, request can be made from the associated email address to change primary login device and a code will be sent to prompt login and change of the primary login device to the new one. Upon its unavailability, a request can also be made from the email for a one time access for another device

• The system should log out users after 5-10 minutes of inactivity or if focus is changed to another application. This will apply even to the primary login device.

• Now, if you're by any means held hostage and forced to enter login details, you can enter the password backwards e.g John as nhoJ. Authentication will granted and this will set the system on high alert and track the movement of funds alerting any other institution or wallet the Fund go into to continue the tracking, even down to mixers if their services are used. Upon your freedom, you'll send a testimonial email to the company and they'll initiate a fund it recovery process for you alerting other institutions which will  freeze the funds and return it to you and your abductors will have nothing for their stress.

These are just my security suggestions that I believe can help curb these hacks. All corrections and validations are welcome.

many hacks are inside jobs.

I had a dead solid hack of my coinbase account. Because my cell phone company had a major inside job attack.

The people got into my account viewed the holdings in it and were attempting to pull out the btc in it.

They were stopped because my 2fa was not done via the cell phone that was hacked.

They still were able to put in six digit codes as a guess which gave them a one in one million shot at guessing the code. I was not able to shut them out for about three hours time then made 2 attempts every hour with random six digit codes, they got to make eight tries so 8/1000000 shot at my coin

If I did not have a really good 2fa with nothing to do with my cellphone that wasmhacked they would have grabbed my coin.

[pooya87]

Considering that the biggest scams were when the exchange itself gets hacked and everyone loses their money, the solution to that is not using CEX in first place and using DEX instead.

concurrent withdrawals should have a 10 - 20 minutes interval. This will give the developers the time to check properly the transactions and authenticate it automatically of it passes security verification. The check can be automated to curb excess delay

The only way to process withdrawals is automatic, it is impossible to do them by hand unless the exchange has a handful of users. Any delays added to withdrawals is only worsening user experience and pushes customers away.

There should be an amount of withdrawal which should trigger strict security verification. The withdrawal  can be permitted when the check is complete. Users can be notified of its security importance

Requiring 2FA on all withdrawals is enough security.

The system should log out users after 5-10 minutes of inactivity or if focus is changed to another application. This will apply even to the primary login device.

That is terrible for an exchange since users would leave the page open and idle at some point when trading.

[BlackHatCoiner]

These are just my security suggestions that I believe can help curb these hacks. All corrections and validations are welcome.

Or, you know: don't trust third parties with bitcoin when there are decentralized, more secure alternatives like Bisq.

Do not keep your money in exchanges.

Do not use these exchanges in the first place. You don't have to worry about them being target for attacks then. Switch to DEX. And security is just one of the many advantages you will gain. Then, there is lack of KYC, better privacy, nobody can censor you and the like.

[DaveF]

You are discussing 2 different types of hacks

One where the exchange is hacked. The other where the customer has some kind of hack / compromise.

For the client side there are a few methods that can be taken, but they all have their own issues.

I would like to see the option for having a 48 hour hold on withdraws over a certain amount.
Step 1 initiate the withdraw.
Step 2 at least 24 hours later you have to put in the address where you want the coins sent. (with some 2fa)
Step 3 at least 24 hours after that but no more then 48 hours you have to approve it. (with a different 2fa then from step 2)

For small amounts it's fine, whatever, but much like taking cash out of an ATM, you have limits and if you want more you have to go into the bank.


For the actual hacks on the exchange. It's really simple, all deposits go immediately into a 3 of 5 multisig wallet. Period.
The hot wallet for withdraw never has more then X hours on average of withdraws in it.
The cold wallets can ONLY fill 1 address for the hot wallet so even if you get 3 of the multisigs it's hard coded to only send the funds to hot wallet address so you would also have to get access to the hot wallet if you got access to the cold.

-Dave

[NotATether]

• concurrent withdrawals should have a 10 - 20 minutes interval. This will give the developers the time to check properly the transactions and authenticate it automatically of it passes security verification. The check can be automated to curb excess delay

Why are developers entrusted to monitor transactions? Not all people who can code know how to administrate properly. You need to get a full compliance team for that, and equip them with (gasp!) blockchain analysis tools and hooks into the codebase for automatically halting suspicious activity and/or moving funds to a different address.

• primary login device can be initiated. This is an extra layer of security whereby a device is seen as the primary login device and the user uses this device only to login to his account. This device can also be used to grant another device access to login. The primary device can give permanent access to the secondary device, or a onetime access. Upon the primary device Loss or unavailability, if its lost, request can be made from the associated email address to change primary login device and a code will be sent to prompt login and change of the primary login device to the new one. Upon its unavailability, a request can also be made from the email for a one time access for another device

That sounds complicated. It would be much easier if you kept track of device sessions server-side and allow you to revoke i.e. sign-out any session/device at will (or all at once, if necessary).

• The system should log out users after 5-10 minutes of inactivity or if focus is changed to another application. This will apply even to the primary login device.

I think probably only the inactivity part is achievable as a browser tab has no way of knowing whether it is focused or not.

• Now, if you're by any means held hostage and forced to enter login details, you can enter the password backwards e.g John as nhoJ. Authentication will granted and this will set the system on high alert and track the movement of funds alerting any other institution or wallet the Fund go into to continue the tracking, even down to mixers if their services are used. Upon your freedom, you'll send a testimonial email to the company and they'll initiate a fund it recovery process for you alerting other institutions which will  freeze the funds and return it to you and your abductors will have nothing for their stress.

You're overthinking things, if you have a compliance team, they should already be monitoring who's logging in to your account and what addresses are being withdrawn to. A holding period like what Binance does would also solve this problem.

[Synchronice]

• concurrent withdrawals should have a 10 - 20 minutes interval. This will give the developers the time to check properly the transactions and authenticate it automatically of it passes security verification. The check can be automated to curb excess delay

If exchange's security is in question, then their 10-20 minutes withdrawal interval can be bypassed.

• There should be an amount of withdrawal which should trigger strict security verification. The withdrawal  can be permitted when the check is complete. Users can be notified of its security importance

Again, if exchange's security is hacked, the amount of withdrawal that should trigger strict security verification, doesn't matter because that can be bypassed too.

• primary login device can be initiated. This is an extra layer of security whereby a device is seen as the primary login device and the user uses this device only to login to his account. This device can also be used to grant another device access to login. The primary device can give permanent access to the secondary device, or a onetime access. Upon the primary device Loss or unavailability, if its lost, request can be made from the associated email address to change primary login device and a code will be sent to prompt login and change of the primary login device to the new one. Upon its unavailability, a request can also be made from the email for a one time access for another device

Mixin.network had tons of similar security options that you were forced to set but still, they were all bypassed and millions of dollars got stolen from them.

• The system should log out users after 5-10 minutes of inactivity or if focus is changed to another application. This will apply even to the primary login device.

Can you imagine how boring, bothersome and annoying is it to automatically log out every 5-10 minutes and log-in again? Sometimes seconds matter when you trade.

The best suggestion of all is basically not to keep money in exchanges.

This is simple and plain answer to all the problems and questions. Bitcoin was meant to be decentralized currency that would help people to get rid of 3rd parties instead of involving 3rd parties. It was created for you to be your own bank, not to rely on 3rd party to manage your wallet and coins. Just use it what it was created for.

[Myleschetty]

The best suggestion of all is basically not to keep money in exchanges.

Make transfers when you want to sell or to buy. Do not keep your money in exchanges. They are not as safe as they look like

Sadly. What you said is correct but people don't always listen until they lose their funds especially those that trusted Binance SAFU.

Considering that the biggest scams were when the exchange itself gets hacked and everyone loses their money, the solution to that is not using CEX in first place and using DEX instead.

However, using DEX is also not totally safe if the user does not disable the access or permission granted to the DEX when using it.
Another thing is smart contract vulnerabilities. Some DEX provides their service using smart contracts and if there's a vulnerability in the DEX smart contract bad actors can use it to steal crypto.

[bitmover]

Considering that the biggest scams were when the exchange itself gets hacked and everyone loses their money, the solution to that is not using CEX in first place and using DEX instead.

However, using DEX is also not totally safe if the user does not disable the access or permission granted to the DEX when using it.
Another thing is smart contract vulnerabilities. Some DEX provides their service using smart contracts and if there's a vulnerability in the DEX smart contract bad actors can use it to steal crypto.

Those problems are usually related to liquidity providers, i.e., investors who lend money to the DEX smartcontract to receive some money from their coins, which usually have high APR.

People who just make trades in DEX are in a safer side, usually.

[BlackHatCoiner]

I think probably only the inactivity part is achievable as a browser tab has no way of knowing whether it is focused or not.

There is this: https://developer.mozilla.org/en-US/docs/Web/API/Page_Visibility_API.

I just thought of it this way: When a YouTube video plays in a focused tab, once it ends it stays there and waits for you to make another request. When the same happens but the page is not focused, it automatically plays the next video.

Those problems are usually related to liquidity providers, i.e., investors who lend money to the DEX smartcontract to receive some money from their coins, which usually have high APR.

I don't get that. If there isn't a lot of liquidity, then there is less competition waiting to be exploited. In Bisq for instance, there aren't investors. People just create buy and sell orders. What's wrong with that?

[bitmover]

Those problems are usually related to liquidity providers, i.e., investors who lend money to the DEX smartcontract to receive some money from their coins, which usually have high APR.

I don't get that. If there isn't a lot of liquidity, then there is less competition waiting to be exploited. In Bisq for instance, there aren't investors. People just create buy and sell orders. What's wrong with that?

There is nothing wrong with Bisq

Myleschetty was talking about smartcontracts vulnerabilities.

He is probably talking about millions of funds who were stolen in the past years in the dex ecosystem,  most of them stolen from liquidity providers
 They are people who lend money to dex protocols (altcoin related, mostly, as dex have far more volume in altcoins).

Without liquidity providers, the spread (difference of price between cex and dex) would be enormous and nobody would use those dex

[pooya87]

Considering that the biggest scams were when the exchange itself gets hacked and everyone loses their money, the solution to that is not using CEX in first place and using DEX instead.

However, using DEX is also not totally safe if the user does not disable the access or permission granted to the DEX when using it.

There is no perfect system so you are right, there will always be vulnerabilities that the users must be aware of. But generally speaking about security, using DEX eliminates a lot of the vulnerabilities that exist in CEX successfully.

Another thing is smart contract vulnerabilities. Some DEX provides their service using smart contracts and if there's a vulnerability in the DEX smart contract bad actors can use it to steal crypto.

I wouldn't call what you have in mind DEX. These are basically "token swap platforms" where you can only swap different shittokens with each other. They have much worse vulnerabilities than what is inherited from the token's contract, since they are sometimes written by incompetent developers and are not popular enough to attract any kind of contributor to help improve the tool.

[Myleschetty]

Considering that the biggest scams were when the exchange itself gets hacked and everyone loses their money, the solution to that is not using CEX in first place and using DEX instead.

However, using DEX is also not totally safe if the user does not disable the access or permission granted to the DEX when using it.
Another thing is smart contract vulnerabilities. Some DEX provides their service using smart contracts and if there's a vulnerability in the DEX smart contract bad actors can use it to steal crypto.

Those problems are usually related to liquidity providers, i.e., investors who lend money to the DEX smartcontract to receive some money from their coins, which usually have high APR.

People who just make trades in DEX are in a safer side, usually.

That's part of the issue of DEX but for DEX that relies on smart contracts, the problem is more than just liquidity.
There are some DEX that have smart contract vulnerabilities.

Considering that the biggest scams were when the exchange itself gets hacked and everyone loses their money, the solution to that is not using CEX in first place and using DEX instead.

However, using DEX is also not totally safe if the user does not disable the access or permission granted to the DEX when using it.

There is no perfect system so you are right, there will always be vulnerabilities that the users must be aware of. But generally speaking about security, using DEX eliminates a lot of the vulnerabilities that exist in CEX successfully.

Yes, DEX provides the solution to the existing problem in CEX and I pointed out the fact that DEX is also not totally secure cause some users may develop the belief that once they use DEX they are all safe.

Another thing is smart contract vulnerabilities. Some DEX provides their service using smart contracts and if there's a vulnerability in the DEX smart contract bad actors can use it to steal crypto.

I wouldn't call what you have in mind DEX. These are basically "token swap platforms" where you can only swap different shittokens with each other. They have much worse vulnerabilities than what is inherited from the token's contract, since they are sometimes written by incompetent developers and are not popular enough to attract any kind of contributor to help improve the tool.

Bisq is the only secure DEX for Bitcoin but that doesnt mean the DEX for altcoins are not DEX.

[pooya87]

Bisq is the only secure DEX for Bitcoin but that doesnt mean the DEX for altcoins are not DEX.

That's true, technically if they are decentralized they can be categorized as DEX but my point is that they are very limited in sense of what an exchange has to be offering. Usually in such platforms you can only swap tokens from a single token-platform like only be able to swap Ethereum tokens with other Ethereum tokens and there is no option to "exchange" them for bitcoin, litecoin, etc. That is why I prefer the term "token swap platforms" for these things instead of DEX.

[BlackBoss_]

concurrent withdrawals should have a 10 - 20 minutes interval. This will give the developers the time to check properly the transactions and authenticate it automatically of it passes security verification. The check can be automated to curb excess delay

Exchanges always check your account activities, log in, what address you are submitting to withdraw your coin to and more like geolocation of your IP address, before approve your Withdrawal request.

About the interval of 10 or 20 minutes, do you mean it is for withdrawal through Bitcoin blockchain?

Centralized exchanges have to use high fee rates that are at tip of mempools to make sure their on-chain transaction proceeded for user withdrawals will be confirmed in a next block. Sometimes, it does not work if mempools suddenly become overloaded or congested but usually their high fee rates are enough to get a confirmation within next one block.

Your suggestion is not make sense, about waiting time for an on-chain confirmation. If the suggestion is for exchange approval on user withdrawal request only, not yet to a next step: proceeding a batch transaction for many users,  it does not make sense too.

Taking 10 minutes to 20 minutes, just to approve a withdrawal request is terrible as a service. Exchanges do have their automatic mechanisms to check those request, then approve or disapprove it.

I guess only suspicious cases will  have to go through manual process.

[NotATether]

I think probably only the inactivity part is achievable as a browser tab has no way of knowing whether it is focused or not.

There is this: https://developer.mozilla.org/en-US/docs/Web/API/Page_Visibility_API.

I just thought of it this way: When a YouTube video plays in a focused tab, once it ends it stays there and waits for you to make another request. When the same happens but the page is not focused, it automatically plays the next video.

OK, but nobody uses that for authentication. That will just annoy the user. What if while they are using the site they get a push notification from their email tab, and then they switch tabs to read the email for a few minutes? Or if they are on a mobile device and briefly switch apps?

When you also take into account that there are likely captchas and 2FA on the login page, it starts to get cumbersome for people to use the site.

[Agbe]

• The system should log out users after 5-10 minutes of inactivity or if focus is changed to another application. This will apply even to the primary login device.

This is what one of my tradition banking app does in every second. Once I navigate away from the app it would log me out from app that can't change anything from the hacker. If the hacker has hacked into the website then all those your suggestions are nullified because in that process they are fully in charge of the website so they can do anything. The withdrawal limit can only occurred when the company set that feature for his customers and that will not accepted by many users. Cryptocurrency has unlimited withdrawal system so if an exchange company use that feature then it might loss customers. And the best suggestion so far is the one you only deposit coins to the exchange whenever you want to sell and not to keep your coins the exchange. As it is those who are using Binance is shaking because of what happened, and most of them have transferred their coins out to non custodial wallets. But why some people like keep bitcoin in the centralized exchange platforms is because of the transaction fee that is high. But if it is in exchange they don't have to pay for the tx fee and whenever they want to sell coin, they would only hit the sell button and sell it off. Though you make some points but once hackers penetrate to the website or the account, they would control everything until the whole funds are transfered.