“Hackers switched from exchanges to users” – CEO of EXMO


  • Hackers are increasingly hacking the wallets not of exchanges, but of users

  • Storing money on mobile wallets is not worth it

  • Exchanges are constantly improving wallet security mechanisms

International consortium of news organizations developing transparency standards.

Over the past six months, hackers have managed to make several major hacks at once and withdraw funds for millions of dollars. Some of the stolen cryptocurrencies were tracked and blocked by the exchanges themselves, some were lost forever. Why, in the age of high technologies, hackers easily break into wallets of exchanges and what measures cryptocurrency platforms are taking today to protect their own funds and those of users, BeInCrypto learned from Sergey Zhdanov, CEO of the EXMO cryptocurrency exchange.

– Recently, cases of hacking of exchange wallets have become more frequent. What is the reason for this? Exchanges still devote little time to security, or, on the contrary, scammers have become more professional?

S.Zh.: At the beginning of the pandemic, classical financial indices showed their instability (S&P 500 fell by 30%, and Nikkei 225 – by 20%), but despite the general panic of the classic and crypto markets, Bitcoin has established itself as an excellent alternative to diversify the investment portfolio.

Not surprisingly, under these circumstances, the cryptocurrency sector has attracted the attention of not only those who want to invest or diversify their portfolio, but also get cryptocurrency in an easy way. I believe that this is one of the factors of the increased interest of hackers in crypto exchanges. That is why exchanges are actively taking measures to prevent theft of user funds. So, today, many sites track transactions in more detail, change the percentage of funds stored in “cold” and “hot” wallets. In addition, many cryptocurrency exchanges today require more withdrawal permits. Another important factor is the consolidation of the crypto market, namely the coordinated action of exchanges during unforeseen situations. A good example of well-coordinated work is theft of funds from the Bithumb exchange in 2019. You probably remember the story where, after the hacking of the Korean platform, funds were transferred to a number of exchanges, including EXMO. But after taking all the necessary actions and consultations between EXMO and Bithumb, we managed to return all the funds that were blocked on time.

– Recently it became known that a 15-year-old fraudster hacked the phone of one of the top managers of a large company and thus withdrew almost $ 100 thousand of funds. How safe is it to use mobile wallets?

S.Zh.: On the one hand, mobile wallets are convenient. The cryptocurrency is always at hand: in the event of a rise or fall in the price of bitcoin, you can always quickly place or cancel an order. In addition, in the era of active development of the ecosystem of payments for services and goods, this convenience is doubly welcome. Thus, Forbes magazine reported that in the Salvadoran village of El Zonte, bitcoin is used as money for everyday transactions. This is just one example, in fact there are many more. But there is also a second side to the coin – the use of mobile wallets entails risks..

Of course, from the technical point of view, the developers try to protect their users as much as possible, but the reality is that encrypted keys are stored directly on the mobile device. Thus, the software can be compromised or contain bugs, which increases the likelihood of a malware attack and extraction of private keys. But apart from technical vulnerability, the human factor often prevails. For example, the loss or theft of a mobile device on which a crypto wallet is installed: if you have not set a PIN code for a mobile wallet, you can easily access your assets and your crypto savings will be lost. I also attribute the carelessness of the owners of mobile devices to the human factor. For example, when someone has access to your smartphone and knows the PIN code from it. In this case, I will not dwell on the consequences for a long time, they are obvious..

Using a mobile wallet is especially convenient today, but in order to secure your funds, you need to adhere to a few simple rules:

Exmo crypto exchange suffers hack halts all withdrawals

  • be careful;
  • “Hackers switched from exchanges to users” - CEO of EXMO
  • Protect your mobile wallet with a PIN code, and create a backup copy of private keys;
  • set up a fingerprint login to your mobile device;
  • do not store large amounts on a mobile crypto wallet.

Exmo hackers withdraw part of stolen funds via Poloniex exchange confirms

– It’s no secret that exchanges use two types of wallets: “cold” and “hot”. And if cold wallets are secure enough, how to protect hot wallets?

S.Zh.: The situation with “hot” wallets is more interesting than with “cold” ones. Hot wallets allow the exchange to maintain a certain amount of liquidity in case there is a massive flow of withdrawal requests. Those. thanks to hot wallets, the user can access their funds at any time. To protect user funds, as I said earlier, the practice of balancing assets between the two types of wallets is used. In addition, most cryptocurrency platforms do not handle large operations to withdraw Bitcoin or other cryptocurrency from their hot wallets, but rather transfer funds from cold storage to the intended recipient, which also strengthens security measures.

– How secure is your exchange against hacking and what protection technology do you use?

S.Zh.: One of the key priorities for us is the safety of user funds. I will not fully disclose our security system, but I can tell you about the most common principles used by crypto exchanges in general. One of them is a competent distribution between “hot” and “cold” wallets (as I said earlier), a multisignature should be integrated on the cold wallet, which is several keys held by different owners. An equally effective way is to use bitcoin valves. In this case, the assets are protected by a two-stage protective mechanism with two different keys, and you can get full access to the funds only after a day. Thus, during this time, a suspicious transaction can be blocked or canceled..

– Tell us about the most vulnerable places of crypto exchanges? How to improve their safety?

S.Zh.: According to a CipherTrace report, losses from cryptocurrency thefts, hacks, and fraud have grown to nearly $ 1.36 billion from the beginning of the year to the end of May 2020. But despite the high interest in the cryptoindustry from hackers, I would like to draw attention to fraudulent operations aimed at ordinary users by deceiving the latter. Often, carelessness leads to direct losses of cryptocurrency funds without complex hacker attacks on the site. The most popular cases of theft of funds are associated with the lack of enabled two-factor authentication, not only on the exchange, but also on the email linked to the exchange account; the user transfers his personal data to scammers through phishing sites; the use of fake exchangers, which are a script and several pages that give the impression of a working crypto-exchanger. With that said, I believe cryptocurrency exchanges should talk more about cybersecurity with their clients. In particular, explain in detail how you can secure personal accounts, why 2FA is important, etc..

– Thanks for the conversation!


All information contained on our website is published in good faith and objectivity, and for informational purposes only. The reader is solely responsible for any actions he takes based on the information received on our website..

Share Article

“Hackers switched from exchanges to users” - CEO of EXMO
“Hackers switched from exchanges to users” - CEO of EXMO

Hackers who hacked Exmo, took out the tool through Poloniex

“Hackers switched from exchanges to users” - CEO of EXMO

Similar articles