Ongoing Hacks Highlight Need for Better Security, Decentralized Exchanges, Says

July 26th, 2018 at 4:57 pm UTC · 4 min read represents a new breed of exchanges that fully utilize the power of blockchain tech. All trades and accounts are based on well-constructed Ethereum smart contracts, meaning users hold their own funds — no exchange wallets to hack.

Even that might not be enough. “Well constructed” contract code is the key, and all exchanges must focus on this in order to gain and keep users’ trust.

According to Zihan, exchanges should undergo rigorous testing, code audits and even formal verification or other means to ensure secure design has been implemented without bugs.

The Sad Story of Exchange Hacks Continues

Catastrophic hacks resulted in millions of dollars lost at early bitcoin exchanges like Mt. Gox and Bitcoinica. In the years since, financial and security professionals entered the space and commentators heralded a new era of professionalism.

It hasn’t always worked out that way, though. In the past two years we’ve seen massive breaches and thefts at some of the most popular exchanges — including Bitfinex, Coincheck and Coinrail. Hundreds of millions of dollars worth of digital assets were lost. Just last week, even decentralized trading platform Bancor had to suspend activity to investigate the loss of $23 million in tokens.

“What differentiates centralized and decentralized exchanges is very clear: can user assets be stolen if an exchange’s data and private keys are compromised by attackers? Another scenario is, can a malicious actor at the exchange itself steal or embezzle user assets? To achieve this is no easy task; exchanges that do not undergo a rigorous design process are susceptible to oversights concealed in the code.”

But as we’ve seen, even decentralization isn’t always enough. Zihan explained:

“For example, some decentralized exchanges only verify that orders have not expired when performing order matching on their servers, but their smart contracts do not perform an additional round of verification. If hackers can obtain old but unfilled orders, they will potentially be able to trade against these orders at back-then prices (e.g. a year ago) and inflict heavy losses on users.”

Ethereum Founder Vitalik Buterin: Centralized Exchanges ‘Can Go Burn in Hell’

The call for decentralized exchanges, where users maintain control of their own assets on-chain, is getting louder. Just before the Bancor hack, Ethereum co-founder Vitalik Buterin questioned why we even need centralized platforms. He said:

“I definitely hope centralized exchanges go burn in hell as much as possible.”

Blockchain technology allows for decentralized exchanges with greater security and privacy, and more freedom for projects to put their tokens on the market without paying exorbitant listing fees.

Why It’s Different for Crypto Exchanges

If a hacker gains access to a traditional bank account, the losses are covered by insurance and government guarantees. In the blockchain world, you’re usually on your own.

Cryptocurrency exchanges, especially those supporting dozens of different blockchains are a rich target for hackers. As a result, they’re constantly under attack and the tiniest slip can throw the gates open. All too often, the threat comes from malicious actors within the company — negating the effectiveness of even the most robust security.

Secure Contract Code Still Important

In Bancor’s case, the company’s admin private keys may still have been able to access funds in the contracts somehow. This creates a vulnerable single point of failure that ultimately lead to their loss.

One way to mitigate this vulnerability at decentralized exchanges is to limit the privileges of the administrator. At, even if its admin private key is stolen, hackers won’t have access to anything other than the exchange’s transaction fees. That shows why, even with decentralization, well-constructed code is vital.

Why just make it hard for hackers to steal funds, when blockchain technology can make it virtually impossible? recognizes this, and is one of the few rising to the challenge.


[email protected]