What are some exchanges and wallets doing right that others aren't?

[Jascrypt]

The recent WaziriX security hack got me thinking again: when will we have sanity in this industry?

While we are anticipating the ETH ETF and the potential price rally that could follow, another major security breach has hit us hard. $234.9 million may not be a market-moving amount, but it will affect people's perception of the industry, especially as crypto is becoming accepted as an asset class via spot ETFs.

More than $800 million has been drained since the beginning of this year, excluding some undisclosed figures, particularly from BlockTower Capital.

This is worrisome and makes me want to ask: what are the few exchanges and wallets that are getting it right doing differently from the rest?

[Potato Chips]

That's the thing with custodial wallets/services, you're pretty much trusting them to keep your crypto safe and they get targeted by hackers a lot esp the bigger the exchange becomes as that could mean bigger bags which is very attractive to hackers.

You're better off getting a non custodial and non hot wallet/s where you keep most of your coins and never use custodial services as a means of storage. If your situation allows, you could try to decrease your usage of custodial services as well.

[logfiles]

Some of those money heists are orchestrated by insiders, and then they blame it on the hackers. I refuse to believe that the most of the time, some lucky hacker just lands on some vulnerability and drains Millions worth of crypto. Lets been honest, How can over $100M get drained from an exchange without immediately raising flags or internal controls.
If any other ordinary user like me, or you even tried to withdraw $1M, I am p[pretty sure they would carry out an immediate manual verification before sending the fund to the external address.

[FinneysTrueVision]

WazirX was using a Gnosis Safe multisig wallet, which is supposed to be one of the most secure ways to store cryptocurrency. Even Vitalik has recommended it and said he holds more than 90% of his personal funds in this type of wallet. The attack they suffered was highly sophisticated. For the average user, who will likely never be targeted by something like this by nation-state level attackers, traditional cold storage is still a very good solution.

For exchanges and smart contracts they are always going to be targeted regardless of how many audits they’ve had and how many security measures they’ve taken to prevent hacks. They will never be entirely safe and it is best to limit your risk by not holding too much of your funds on them.

[Jascrypt]

Some of those money heists are orchestrated by insiders, and then they blame it on the hackers. I refuse to believe that the most of the time, some lucky hacker just lands on some vulnerability and drains Millions worth of crypto. Lets been honest, How can over $100M get drained from an exchange without immediately raising flags or internal controls.
If any other ordinary user like me, or you even tried to withdraw $1M, I am p[pretty sure they would carry out an immediate manual verification before sending the fund to the external address.

I agree cos we have a few exchange almost of the same age of those who had experienced security breach and haven't been hacked since inception. If it's not the inside job as you assumed, it could be poor investment in their security architecture.

The following CEXes seems to be free from hack incidence since inception;
Bitget
Bybit
MEXC
phamex

Don't know what they have been doing to make their platform a fortress but I feel learning from their success story would be helpful and particularly from those very few exchanges that had past experience and have fortified their security.

[Phoenixtrader]

Some of those money heists are orchestrated by insiders, and then they blame it on the hackers. I refuse to believe that the most of the time, some lucky hacker just lands on some vulnerability and drains Millions worth of crypto. Lets been honest, How can over $100M get drained from an exchange without immediately raising flags or internal controls.
If any other ordinary user like me, or you even tried to withdraw $1M, I am p[pretty sure they would carry out an immediate manual verification before sending the fund to the external address.

I agree cos we have a few exchange almost of the same age of those who had experienced security breach and haven't been hacked since inception. If it's not the inside job as you assumed, it could be poor investment in their security architecture.

The following CEXes seems to be free from hack incidence since inception;
Bitget
Bybit
MEXC
phamex

Don't know what they have been doing to make their platform a fortress but I feel learning from their success story would be helpful and particularly from those very few exchanges that had past experience and have fortified their security.

I primarily use the first two you listed, especially No1. I can say they try to protect their users by leveraging recent and best security practices, which is commendable. Regulatory compliance is key, and I believe they strive to be compliant in all aspects.

[tabas]

Just assume that in most of the exchanges whether they're doing good or not, the hackers are all eyes on them and they're like pots of gold in their sight. So, regarding keeping funds safe, you have to act on your own and use them the way they are created. While it will never stop people from using them as their wallets which they shouldn't be, do things that are right in your mind especially if you're planning to hold for so long. Never store your cryptos there if you don't intend to trade. As we always used to say "not your keys, not your coins" and it becomes theirs when you deposit.