Cybersecurity threats have been in existence since the dawn of the Internet and attacks occur on a daily basis using increasingly sophisticated means. According to Cointelegraph, as of 28 October 2019, the amount of crypto stolen by hackers equates to the money Walt Disney Co spent on acquiring Star Wars, Marvel and Pixar: a not-so-cool US$15.6-billion. This harsh reality is not crypto-specific either. Traditional finance firms saw an average of $241-billion stolen as a result of cybercrime in 2018 alone.
Cointelegraph found that more than 48% of crypto-exchange hackers prefer to exploit fraudulent exchanges and those without verification requirements. This is the fastest and easiest way to cash out stolen money as it enables hackers to bypass two major obstacles — KYC (know your customer) procedures and withdrawal limits.
It is therefore recommended, as a starting point, to make use of legitimate exchanges that implement stringent KYC and AML (anti-money-laundering) protocols.
Verifying your cryptocurrency trading account on exchanges like OVEX may seem cumbersome – but it is huge red flag if your chosen exchange does not implement these procedures as a standard.
Beyond the exchange’s compliance with basic regulatory requirements, it is also imperative you research how your cryptocurrency is stored.
Your cryptocurrency is only as safe as the method you employ to store it. Therefore, it is also crucial you do your due diligence and find a “storage solution” you can trust and rely on — one that protects your private data and funds with the latest security standards and a professional security team.
When users store their cryptocurrencies on a platform like an exchange, that is considered custodial. Users hand over all security measures to the exchange – the custodian. But when a user holds their funds in a crypto wallet that only they can access, it is non-custodial and therefore free from platform risks. Why? Because here the user himself (or herself) is the custodian. This means they themselves hold the private keys to access their cryptocurrency and do not have to place their trust in a custodian to keep these private keys safe on their behalf.
People generally tend to hold their crypto on exchanges to generate yield from their otherwise idle digital assets. Cryptocurrency exchange OVEX, for example, offers crypto savings accounts where users can earn interest of up to 14%/year dependent on deposit size. But if you are going to use a custodial exchange, it is crucial you first ensure your funds remain in safe custody.
OVEX is a leading South African cryptocurrency exchange well known for its institutional-grade security standards
To verify the safety of your chosen custodian you must investigate both the user-facing and non-user-facing security measures. Some of the basic non-user-facing security features of your chosen exchange should include:
- XSS: Cross-site scripting (XSS) is the most popular vulnerability that allows attackers to use other users’ browsers as their own. OVEX implements a cross-site scripting prevention protocol that ensures this form of attack never materialises.
- Configuration vulnerabilities: Web terminals may be missing HTTP (hypertext transfer protocol) headers. This increases vulnerability to certain types of data-interception hacker attacks. HTTP is the primary protocol used to send data between a Web browser and a website. Even more crucial is to have the secured HTTP protocol. HTTPS is the secure version of HTTP. HTTPS encrypts data inputs, which means your private information remains protected. Look at the exchange’s full website address and take note of the protocol configuration. For example, https://www.ovex.io.
- Anti-DDoS module: A DDoS attack involves overflowing a targeted server or network by flooding it with fake Internet traffic to interrupt its normal functioning. OVEX has an array of measures in place to prevent DDoS attacks.
- reCapctha: Capctha stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” and the tech does pretty much exactly that. reCaptcha is a service offered by Google that prevents websites from spam and abuse by distinguishing human users from automated bots. This is important as it inhibits bots from coordinating a brute-force attack by spamming your login with multiple password attempts.
- Cold storage: A cold wallet means users funds are not available on the “cloud”. Instead, they remain secure on offline hardware. Stealing from a cold wallet requires physical possession of the cold wallet itself, as well as knowledge of associated Pins or passwords used to access the funds locked inside. This means even if an exchange were to be hacked, the assets stored in a cold wallet are invulnerable to theft. Popular exchanges like OVEX make use of cold storage for this exact reason.
- Multi-sig + MPC (multi-party computation): As the name clearly implies, multi-sig wallets are crypto wallets that need multiple signatures. What type of signatures are we talking about here? In simple words, you need two or more private keys for signing and sending a transaction with multi-sig wallets. This ensures there is no single point of failure. OVEX has taken this feature a step further with the MPC (multi-party computation) approach to securing users’ funds. This revolutionary feature was made possible through the exchange’s partnership with world-leading blockchain security service provider Fireblocks. With MPC, private keys and other forms of sensitive information no longer need to be stored in one single place. Okay, but how is MPC better than multi-sig? Multi-sig is not protocol-agnostic (meaning it’s not compatible with all blockchains), and lacks the operational flexibility to support growing teams. This can cause major issues down the line – especially as a business scales. With MPC, the private key is broken up into shares, encrypted, and divided among multiple parties. This means a potential hacker now has a much harder task ahead of them. To gain control over a user’s wallet, they now need to attack multiple parties across different operating platforms at different locations — simultaneously.
Crypto exchange OVEX’s user-facing security features are a prime example of what one should look for when evaluating their chosen exchange and these include:
- E-mail confirmations for withdrawals and deposits;
- Anti-phishing e-mail code to discern real e-mails from phishing e-mails;
- Account lock for incorrect password attempts;
- Sensitive data is fully encrypted at rest and in transit;
- Constant, real-time monitoring for suspicious activity;
- Configurable account timeout for another layer of protection; and
- Two-factor authentication integration to shield clients from password hacks.
Knowing what to look out for when charting your cryptocurrency journey is exceptionally important but is often overlooked. You are responsible for doing your own due diligence. Be thorough and you will avoid falling prey to malicious actors.
OVEX does not give any trading, market, investment, or financial advice in connection with the services, through any channel or means, including the helpdesk and the over-the-counter (OTC) facility. You make use of OVEX services strictly on an executionary basis, each time instructing OVEX to execute your transactions. OVEX is a Juristic Representative of OVEX FSP (Pty) Ltd, FSP No 50776. OVEX provides limited financial services on behalf of OVEX FSP (Pty) Ltd.
- This promoted content was paid for by the party concerned