The Future of Crypto Exchange Security
Crypto exchanges are more secure than ever, and CredoEx is leading the pack
Cryptocurrency exchange security is one of the most hotly debated topics among crypto users and investors alike. According to Group-IB, an international company specializing in preventing cyber-attacks, at least 13 crypto exchanges have been hacked over the past two years, leading to losses worth an estimated $877 million. In this post, we’ll review the current state of crypto exchange security and show how BitBounce’s exchange, CredoEx, is driving change by consistently outperforming top industry security standards.
Current best practices for front-end crypto exchange security
On the front-end, today’s most trusted and secure cryptocurrency exchanges offer a raft of security precautions designed to help keep their users’ data and digital assets safe. Group-IB recently partnered with Swiss insurance broker ASPIS SA (the owners of CryptoIns) to develop the world’s first scoring model for assessing the cybersecurity of cryptocurrency exchanges. According to their 2018 Hi-Tech Crime Trends report, the most secure exchanges – such as CredoEx – offer their users the following front-end security precautions:
- Two Factor Authentication (2FA)
All top-rated exchanges require users to set up Two Factor Authentication before they can trade. This eliminates the possibility of someone being able to access a users’ account unless they also have their mobile phone. In line with top industry standards, CredoEx encourages its users to make use of the Google Authenticator app to secure their exchange accounts.
- SSL-encrypted website traffic
The most secure exchanges run all website traffic entirely over encrypted SSL (https). Here at BitBounce, we frequently warn our users to navigate directly to CredoEx and avoid clicking on hyperlinks.
Top exchanges use tracking cookies to recognize the IP address of the device that their users log in from. If a user logs in via a new device, they are prompted to authorize the device before being able to access an account.
Current best practices for back-end crypto exchange security
Group-IB’s 2018 report showed that exchanges offer a diverse range of security precautions on the back-end. Here’s an overview of the best practices currently used by top exchanges, including CredoEx:
- Offline storage
The most secure exchanges combat the threat of hacks by storing the vast majority of their digital assets in secure, offline storage. For instance, Coinbase stores 98 percent of its customer’s deposits offline on FIPS-140 drives and paper backups. Similarly, CredoEx offers its users a consummate level of protection.
- Geographic distribution
The safest crypto exchanges, including CredoEx, geographically distribute their cold storage drives and paper backups in vaults and safe deposit boxes around the world. Another example of geographic distribution is Robinhood’s use of offline multi-signature vaults. These vaults require five out of eight geo-distributed hardware security modules to sync before they can be accessed.
- Bug bounty programs
All leading crypto exchanges reward security researchers who identify software vulnerabilities. This is one area that CredoEx pays close attention to, offering some of the best rewards in the industry to help protect its back-end security infrastructure.
- Insurance policies
The top exchanges offer FDIC-insurance on the USD wallets of US customers up to a maximum of $250,000. As cryptocurrencies are not legal tender and therefore not subject to the FDIC, most exchanges also provide insurance to cover their customer’s digital assets. However, these policies only cover breaches of the exchange’s cybersecurity or employee theft. They do not cover losses resulting from accounts being compromised due to user error or theft of passwords.
Crypto insurance products for individuals
A definite trend we’ve seen throughout 2018 has been the move towards crypto insurance products for individuals. For example, Group-IB and ASPIS SA recently analyzed over 20 cryptocurrency exchanges and wallet providers and created a system for calculating the insurance premiums for digital assets over a set time period. In partnership with Reinsurance and Selecta Insurance, Cryptoins.io now offers Crypto Insurance for anyone wanting to buy insurance for their digital assets. We can expect to see similar insurance products enter the market in the near future.
How CredoEx is changing the game for crypto security
The idea behind BitBounce is simple: we let our users put a paywall on their email inboxes. Our users get paid in our cryptocurrency, Credo, to receive emails from people they don’t know. After a successful ICO in 2017, we’ve added millions of satisfied users. Yet despite this success, something was missing. We needed to give our users a better way to convert the Credo they earned into other currencies. We looked at existing exchanges and saw a tremendous opportunity for improvement. That’s why we built our own cryptocurrency exchange – CredoEx – especially for our users.
We focus intensely on security and in many areas are exceeding top industry security standards. Our users benefit from the tireless work of our entire team and have access to world-class 24/7 maintenance and support. We believe that CredoEx is helping to reshape the future of crypto exchange security. Here’s a flavor of what we offer:
- Transparent reporting to users
We work to empower our users and keep them abreast of the latest security threats and potential dangers. We regularly email our customers with news, tips, and updates that help them stay informed.
- User education
Our platform is fast and elegant, with an intuitive interface that lets our users convert the Credo they earn into other currencies. We created a Knowledge Center for learning the complexities of trading but we also educate our users about current security best practices. For example, to ensure that all of our users know exactly how to set up and use 2FA on their CredoEx accounts, we made an easy-to-understand instructional video. This fun, simple video shows anyone exactly how to get started and helps make our platform as secure as possible.
- Dedicated bug bounty program
When designing CredoEx, our primary goal was to provide a superior user experience. As many other exchanges were plagued by technical and security issues, we built CredoEx from the ground up using the highly scalable Elixir programming language. To date, CredoEx has never suffered from a major security breach and we’ve invested heavily to keep things that way. Our dedicated bug bounty program has paid out over 100,000 Credo in bounties to security researchers who have helped us identify potential security flaws and vulnerabilities.
- Secure cold storage for customer assets
Mirroring current security best practices, we store the majority of our assets in highly secure cold storage wallets. This helps us protect our customer’s assets while minimizing the potential impact that any potential hack could have. Our hot wallet contains only a nominal amount of assets for operational purposes.
- Penetration testing with top cyber security firms
One area where we are significantly exceeding top industry standards is in penetration testing. We have carried out intensive testing with leading cybersecurity firms to help us pinpoint weaknesses and potential issues with both our front-end and back-end infrastructure.
- Dedicated compliance and data protection officer
As you might expect from a company that helps its users protect their privacy by blocking spam email, we abide by the highest compliance and data protection standards. Our dedicated compliance and data protection officer continuously evaluates our security practices and conducts regular audits. This puts us at the very forefront of crypto exchange security standards.
- Cooperation with law enforcement
Our engineers take security extremely seriously and constantly review all features to ensure that they meet our rigorous security and legal standards. As per our policy, we report all threats immediately to law enforcement or the relevant authorities for further action. We are helping to usher in a new era of transparency among cryptocurrency exchanges.
A new paradigm for crypto exchange security
Here at BitBounce, we are confident that CredoEx offers our customers the very best in exchange security and, in many areas, we believe that we exceed the standards attained by the leading exchanges. But we realize that CredoEx’s reliable architecture must be constantly optimized for availability and to avoid downtime. Security and compliance matter to us; our customers trust us with their emails and with their money. That’s why we continue to follow best-in-class security and compliance procedures to protect our customers and their trust.
We believe that exchanges are foundational for a healthy blockchain ecosystem. They help facilitate the everyday use of cryptocurrencies. CredoEx is destined to become an important part of this ecosystem while we grow to cover the 4.3 billion email users around the world, and the companies who want to reach them. We are helping to revolutionize crypto exchange security standards and aim to usher in a new era of transparency, trust, and protection.