Custodian Attacks

Cryptocurrency custodians are businesses that hold and manage digital assets on behalf of their customers. They include crypto exchanges, hedge funds, hashing power marketplaces, and trading platforms, have emerged as vital players in the ecosystem. These entities hold large amounts of cryptocurrency on behalf of their users, making them attractive targets for attack.

Over the past few years, there have been a number of high-profile attacks on crypto-custodians. In 2014, Mt. Gox, one of the largest Bitcoin exchanges at the time, was hacked and lost $450 million worth of Bitcoin. In 2016, Bitfinex, another major Bitcoin exchange, was hacked and lost $72 million worth of Bitcoin. In 2018, Coinrail, a South Korean cryptocurrency exchange, was hacked and lost $40 million worth of cryptocurrency. And in 2021, Poly Network, a cross-chain protocol, was hacked and lost $600 million worth of cryptocurrency. These and other attacks have resulted in the loss of billions of dollars worth of cryptocurrency. They have also raised concerns about the security of crypto-custodians. In response to these concerns, many crypto-custodians have taken steps to improve their security. These steps include implementing multi-factor authentication, storing cryptocurrency offline, and conducting regular security audits.

Attack vectors #

Crypto-custodians face a range of attack vectors, including:

  • Hacking and unauthorized access: Cybercriminals exploit vulnerabilities in platforms’ security systems to gain unauthorized access to user accounts, wallets, and other sensitive information.
  • Phishing and social engineering: Attackers use deceitful tactics, such as impersonating employees or sending fraudulent emails, to trick users into revealing their credentials or private keys.
  • DDoS attacks: These attacks involve overwhelming a platform’s servers with fake traffic, rendering it unable to process legitimate requests and causing potential losses for users.
  • Insider threats: Dishonest employees or partners can misuse their access to critical systems to facilitate attacks or steal sensitive information.
  • Smart contract vulnerabilities: Flaws in the design or implementation of smart contracts on platforms can be exploited by attackers to manipulate transactions or steal funds.
  • Human error: Human error is a major factor in many attacks on crypto-custodians. This can include things like employees falling for phishing scams, making mistakes when processing transactions, and leaving security vulnerabilities unpatched.
  • Protocol vulnerabilities: Many blockchain protocol vulnerabilities can lead to chain reorgs and attackers being able to withdraw the funds from exchanges.
  • Money laundering: Willingly or not, many custodians are often involved in processing illicit funds.

Countermeasures #

Crypto-custodians must adopt various countermeasures to safeguard digital assets, maintain user trust, and mitigate cyberattack risks:

  • Implement robust security practices: Adopt strong measures like multi-factor authentication, encryption, and regular penetration testing.
  • Employee training and user education: Educate employees and users on security best practices and the risks of phishing and social engineering attacks.
  • Decentralization: Use decentralized platforms and services to reduce risks associated with centralized control.
  • Audits and regulatory compliance: Conduct regular third-party audits and adhere to regulatory guidelines to maintain high security standards.
  • Incident response planning: Develop clear plans to address security breaches, recover funds, notify affected users, and restore operations.
  • Hire security experts: Engage experts to identify and mitigate security risks, develop policies and procedures, and train employees.
  • Stay up-to-date on security threats: Monitor the latest threats by reading blogs, attending conferences, and subscribing to newsletters.
  • Adopt decentralized models: Use decentralized exchanges and custodians to enable users to retain control of their private keys.
  • Stronger KYC/AML checks: Implement extra KYC/AML procedures to combat money laundering and other attacks requiring user-level access.
  • Cyber insurance: Obtain insurance to cover potential losses from cyberattacks.

In addition to the security measures that crypto-custodians are taking, there are a number of things that users can do to protect their funds, including:

  • Choose reputable crypto-custodians: Research and select custodians with a good security track record.
  • Use a strong password and two-factor authentication: Create complex passwords and enable two-factor authentication for added security.
  • Be cautious with links: Avoid clicking on suspicious links, particularly in emails from unknown senders.
  • Keep software up to date: Regularly update software to protect against security vulnerabilities.
  • Consider self-custody: Use custodians only when necessary and maintain control of private keys by securely backing them up.