HOW TO PICK A SAFE AND SECURE CRYPTO EXCHANGE 🔒
The cryptocurrency ecosystem is so intertwined that any developments in one component have a ripple effect to the others, whether positive or negative. Exchanges are one of the biggest players in cryptocurrency space and they have been one of the pain points of cryptocurrency sentiment and confidence since the early days of Bitcoin and other legacy coins. Exchanges are very important because they are the entry point of many investors to the world of cryptocurrency.
Today, centralized exchanges rule due to high liquidity, better user interface and first-mover advantage — all reasons which give them an edge over decentralized ones. However, the downside of centralized exchanges is their security vulnerabilities. Exchange security is important because today most of these entities fail to operate within regulatory framework, hence they can’t be faulted for lack of stringent security oversight protecting their users’ assets.
🔓❗️❗️ To date, over a million Bitcoins have been lost to security breaches on exchanges. To mention a few, the most famous is Mt.Gox in 2014 losing about 850, 000 BTC, Bitfinex in 2016 losing 120, 000 BTC, and recently, Zaif losing $59 million worth of cryptocurrencies in a hack last week.
Fast forward most of those cases and we see a narrative where investors are not compensated due to lack of proper measures covering this sort of eventualities. For all the champions of blockchain ideals it does not reassure at all to have common people like you and me bear the brunt of systemic risks posed by such a prominent component of the whole ecosystem.
As history has taught us, cryptocurrency security is best implemented in a preventive rather than a curative approach. Not surprising, efforts have been made on a multi-pronged solution involving cybersecurity and smart contract auditing, and this is informing more aggressive and responsive measures taken by exchanges to ensure custodial safety.
Huobi Pro is one of the long-standing exchanges, having been around since 2013, that has ensured bank-grade security for crypto-assets since inception. This is not a small feat considering today Huobi is among the top 5 exchanges in trading volume. Investors need to have confidence in the platforms that they use to transact in and Huobi prides itself in protecting clients’ assets and their confidence accordingly. According to Huobi Spokesperson Ethan Ng at the Vietnam Cryptocurrencies and Digital Assets Dialogue 2018 this weekend, Huobi stores 98% of its cryptoassets in cold storage where they are harder to hack than hot wallets. There is no silver bullet to making exchanges hack-proof however a combined effort of a number of these measures that Ethan highlighted will go a long way:
✅In case of the eventuality of hacking, exchanges need to have a selected reserve dedicated to insuring user assets in the event of hacking. Huobi has a 20, 000 BTC Huobi Security Reserve Fund and Huobi User Protection Fund which is funded by 20% of all HTs bought back by Huobi.
✅Vetting and filtering projects keenly to avoid listing fraudulent projects. Huobi’s in-house solution for this is known as the SMARTChain evaluation model. For instance, for lack of intense scrutiny exchanges might continue trading coins whose contracts have been updated making the original coins null and void.
✅A variety of measures to deter and prevent unauthorized users (who can exploit API trading for any attack vectors for example), including mandatory 2-factor authentication enabled for all clients. It only takes a minute to set this up. Currently, 2FA is mandatory for all Huobi users.
✅Robust cybersecurity units such as white hat hackers who can do third-party penetration testing as well as seek out smart contract vulnerabilities which can be exploited for ‘in-the-wild’ attack vectors. For instance, the batchOverflow bug in multiple ERC20 smart contracts affected a number of coins. Here, an attacker could exploit the programing flaw to create a large amount of coins for free and sell before the issue is diagnosed.
Huobi Pro already has these measures active in place, and was one of the exchanges that was pro-active in nullifying threat of batchOverflow bug through halting trading until the smoke cleared.
This might be a long to take in for a new investor. But for someone who knows his way around exchanges, these are some of the questions you can ask of your exchange before you decide to trade on it. Remember, most of the exchange balances you see on your account are somewhat ‘IOUs’ meaning they are not actual assets. This is why it is very important to only keep coins that you are trading on the exchange. And after you finish trading, transfer them to your personal wallet. Decentralized exchanges are the permanent solution for the security risks associated with centralized exchanges but they lag behind since they are still in construction. Currently they are associated with factors such as low liquidity, limited trading pairs and assets and generally lower adoption. In a few years’ time, the situation might be different, and Huobi has already made a big step into the future with the development of Huobi Chain which is meant to onramp decentralized functionality to Huobi’s current centralized operation model.