The exchange server caught fire and then lost the private keys. Exchange security has a long way to go! Not only fire prevention, theft prevention and hacker prevention, but also "inner ghosts".

Late last month, Bithumb, a well-known South Korean cryptocurrency exchange, announced that $19 million worth of cryptocurrencies on its platform had been hacked. Subsequently, the transaction sent an email to the customer, asking the user to suspend deposits until further notice. Immediately afterwards, Bithumb Exchange changed its words and said that this was an accident involving internal personnel, and no external intrusion has been found.

Bithumb Exchange stated in the announcement that the coin loss incident was committed by insiders, and in order to cooperate with external agencies in the investigation and confirmation, it will suspend the customer's cryptocurrency remittance service. In order to confirm this fact to all users, Bithumb Exchange will plan to conduct a fair and objective investigation of all assets owned by a reliable external agency (accounting firm). At present, KISA and the police have been asked to conduct direct investigations, and it is necessary to temporarily suspend the deposit and withdrawal accounts of cryptocurrency to determine assets.

Since the stolen encrypted assets involved a huge amount of EOS, it also caused a sensation in the entire EOS community, and there were heated discussions in the Telegram group. The founder of EOS, Block.one BM also participated in the discussion, and expressed the opinion that "Bithumb exchange needs to take responsibility for the huge amount of EOS stolen".

In fact, from Xiaoku’s point of view, whether it is caused by hackers or insiders of the exchange, the responsibility of the exchange cannot escape! But 19 million US dollars is not a small amount for the exchange. With the 19 million US dollars of lost coins, the theft of Bithumb exchange has become the eighth largest coin loss in the history of cryptocurrency. But whether it was caused by hackers or "inner ghosts" requires further investigation.

In addition to the "guarding and stealing" of exchange insiders, hackers are also staring at the exchange's insider groups. The recent theft of Dragon Net Exchange was not caused by insiders, but the process of losing coins did not involve the "assistance" of insiders. Before losing the coin, Longwang customer service once obtained and installed a "trading software" installation package WbBot.dmg from a stranger. After analysis, this installation package has a binding back door, through which hackers obtained internal personnel permissions, and then obtained The private key of the asset.

Brian Armstrong, CEO of the Coinbase exchange, expressed the view that human error is always more likely than hacking. He said: "Can all the details be right? Yes, and I'm happy to store a reasonable amount of cryptocurrency in a hot wallet (insurance for extra protection). I want to bet my entire business on Up here? Probably not."

Brian Armstrong believes that most errors in the cryptocurrency space are due to human error. A typical example is social engineering attacks, which have cost BitPay nearly $2 million over the past few years. He admitted that Coinbase has also suffered similar attacks.

In any case, choose a method that you can control to ensure safe deposit. The view that "without a private key, there is no currency" is the best way to express it.

In the live broadcast event of Coin World not long ago, Kushen CTO Ye Fei also expressed a similar view. Ye Fei believed that the early cryptocurrency exchanges may have technical deficiencies, and the theft at that time was mainly due to technical defects. With the development of the industry and the maturity of technology, the theft of cryptocurrency exchanges is largely due to poor management of private keys and problems in the risk control system, which in turn led to huge asset losses.

If the technology of some teams cannot meet the safety requirements, it must rely on the system to make up for it. The exchange must firmly control the asset storage and private key management, recharge, and coin withdrawals, and use the system to avoid the risk of human error. Often some The regulation of the system can reduce the risk of transactions.