Beyond Blockchains: Security tips for startups and crypto exchanges

23 Jul 2019

Although blockchains themselves, if they are designed correctly, can be considered nearly infallible and immutable, the more typical internet architecture surrounding and supporting blockchain ventures and services is just as porous as anything else on the internet. And the flipside to these immutable quality is that, when crypto is stolen, there is a very small chance of getting it back.

So-called “legacy” internet security issues thus surround the emerging blockchain and crypto industry. Not only do blockchains, blockchain applications, and smart contracts need to be well built and secure in their own operations, but all of their connections to the internet and users must also be secure. After all, what good is immutability if the on- and off-ramps to and from it are not secure? 

Thus, there is a double requirement. Blockchain applications - most notably decentralized applications (dApps) - must be designed very well so that they do not cause losses of cryptocurrency as a result of errors.

At the same time, non-blockchain integration of blockchain elements on the internet must be extremely secure. Already-standing best practices for the present internet must surround any good crypto project as a first layer of security.

How can those in the crypto industry stay safe?

Entering the crypto business, whether for a developer or an exchange, involves embracing both newer and more classical security approaches. In both instances, security can make or break a project. 

No one in the space wants to face something like another DAO Hack. Resulting in Ethereum splitting into two different blockchains, the DAO hack came about because of an error in a ERC-20 smart contract code, which was exploited by an attacker. Millions of Ether were lost because of the bug, with the funds only restored by means of the deeply controversial hard whatfork.

It is advisable for IEO, ICO or STO startups to undergo an audit by an independent, reputable company. These kinds of audits, while not perfect, will go a long way in helping investors and feel more comfortable about the security of a project.

To this end, Kaspersky fully audits Ethereum ERC-20 smart contracts. They check for known vulnerabilities; for the possibility of “reentrance” attacks; they check to confirm that comments in the code correctly describe the code; and that the code actually does what the customer has stated it does in the whitepaper. 

This last feature is particularly important following the ICO rush of 2017 and 2018. Many projects had questionable, and even completely unworkable whitepapers, there were instances of plagiarism -  and the vast majority of token investors had no idea whether a smart contract’s code actually implemented the promises of the whitepaper.

Crypto Exchanges and Hacking: How can they protect funds?

Hacking is a universal problem with exchanges.

The Ledger company, who produce the Ledger hardware cryptoasset wallets, calculated last year that over $1.5 billion had been hacked from exchanges since Bitcoin’s advent in 2008. 

Even the biggest, most well funded, most prestigious exchanges can get hacked - with a perfect example being the recent Binance hack.

Exchanges are big business, and their number is on the rise. If the current bullish momentum in cryptoasset prices carries on, this trend will likely continue. This increase in the number of available exchanges will increase competition, and any edge an exchange can get over the competition will foster more trust, and have a better chance of attracting users awash in a sea both of choice and compromise.

Just in the first half of 2019, there have already been seven exchange hacks. Thus, for any exchange, there is a very good chance that it will eventually be hacked and users’ funds stolen.

Kaspersky also offers a service to comprehensively protect cryptoasset exchanges. The service is comprehensive in that it checks not only the coding and the exchange’s fortitude against outside attacks, but also checks for malicious insider attacks, as well as “social engineering” attacks. These categories of attacks are, respectively, black-box” testing, “white-box,” and “grey-box” testing.  

Kaspersky scrutinize all possible attack vectors to an exchange: its core infrastructure, its external resources, and exchange’s access points by its own employees. They will even train exchange employees in cybersecurity protocols so that they themselves don’t become the attack vectors.

Kaspersky serves to help the crypto economy be safer and protected. A storied company with a global presence, they take in nearly $700 million in revenues yearly. Kaspersky create enterprise and consumer grade cyber security solutions, and also have played a role in identifying and responding to huge, government-level attacks such as the infamous Stuxnet attack on Iranian nuclear facilities. With a huge accumulated expertise in cyber protection Kaspersky creates a stand out solution for the crypto world. 


Important information

This website is only provided for your general information and is not intended to be relied upon by you in making any investment decisions. You should always combine multiple sources of information and analysis before making an investment and seek independent expert financial advice.

Where we list or describe different products and services, we try to give you the information you need to help you compare them and choose the right product or service for you. We may also have tips and more information to help you compare providers.

Some providers pay us for advertisements or promotions on our website or in emails we may send you. Any commercial agreement we have in place with a provider does not affect how we describe them or their products and services. Sponsored companies are clearly labelled.

CryptoCompare needs a newer browser in order to work.
Please use one of the browsers below: