Every month Zebpay, one of the country’s oldest and largest cryptocurrency exchanges, experiences about two Distributed Denial of Service (DDoS) attacks when cyber criminals overload the exchange’s systems to disrupt service or snoop for a vulnerability in the platform’s defences.
That’s the simple part. Zebpay and other prominent exchanges have discovered that the most serious security threat they face daily is sophisticated criminal frauds that combine social engineering with computer intrusion.
Criminals are impersonating or spoofing social media identities in order to deceive consumers into giving them access to their cryptocurrency wallets.
Not only investors, but also cyber criminals appear to be flocking to cryptocurrency exchanges, which have experienced a twofold increase in the number of attacks in recent months as crypto currencies have touched alltime highs multiple times.
Fearing that the upcoming cryptocurrency regulation could hold them accountable for investor losses, some of the world’s major exchanges are rushing to put in place a framework and robust systems and protocols to protect themselves from cyber attacks.
“ZebPay is constantly under attack. Whether it’s from white-hat hackers trying to find issues they can submit to our bug-bounty programme or nefarious black-hat hackers trying to overload our systems to cause disruption and find holes in our defences. As cryptocurrency becomes more mainstream, the frequency of these attacks is increasing, meaning we must develop more sophisticated methods to quickly identify and neutralise them, “said Sam Noble, chief technology officer, ZebPay.
Some exchanges have also reached out to their legal experts to figure out their liability in the event of investor losses through cyber attacks.
Even in cases where cyber criminals can hack into the crypto wallets of customers.
“Presently, many crypto operating exchanges are vulnerable to cyber attacks as, in most cases, the crypto assets sit in wallets that do not have a robust security and password mechanism. It is only a matter of time, before we witness large-scale, targeted cyber attacks on exchanges and various platforms, and it will become crucial not just to keep a security framework in place, but even to ascertain liability in such cases, “said Siddharth Keskar, CEO of MZM Analytics, a legal-forensic firm.
According to sources, all big exchanges have experienced at least two to three large attacks in the previous month, and many investors have lost their crypto holdings when their wallets were hacked into.
Take Srikrishna Ramesh, alias Sriki, for example. As per media reports, Karnataka police detained a 26-year-old man last week for reportedly hacking into Indian exchanges and stealing bitcoins by “exploiting a bug.” Sriki informed the police that he spent all his earnings—roughly Rs 3 lakh per day—on alcohol and stayed in posh hotels.
According to industry sources, as the number of cryptocurrency exchanges in the country grow, most of them are vulnerable to cyber attacks. This comes at a time when cryptocurrency valuations in India have touched new highs.
Cryptocurrencies hit the $10 billion mark, ET reported on November 1. Currently, around 10.5 crore, or 7.9% of Indians, have invested in cryptocurrencies through Indian exchanges, as per the data compiled by CREBACO, a research firm.
Earlier too, Coinsecure, a cryptocurrency exchange, had filed an FIR with the cyber police after more than 400 bitcoins were stolen.
“Security is an important aspect of our industry as we deal with user assets,” said Shashi Prakash Jha, head of Legal and Compliance at WazirX, a cryptocurrency exchange.
Many exchanges are now trying to even ringfence their systems. Most of our funds are stored in cold storage to prevent hacking, ” said Sharan Nair, chief business officer, CoinSwitch, a cryptocurrency exchange.
Exchanges have scaled up their cyber protocols and systems to counter the most common attack methods, but vulnerabilities remain, and hackers find new ways to target exchanges and investors.
“All wallets sit on the mobile phones of customers who do not have even basic password protection. So, imagine if someone just hacked into the phone, or if the user lost the phone. All the cryptocurrencies bought will be lost forever too, “he said.
All cryptocurrency exchanges are operating in a regulatory vacuum currently. A parliamentary standing committee on finance headed by Jayant Sinha is examining a legal framework around cryptocurrency to regulate its trade.
Many CEOs of cryptocurrency exchanges are meeting the government on Monday and Tuesday to discuss the regulations.