In cryptocurrency, the cat-and-mouse game of cybersecurity plays out at breakneck pace.
With their eyes set on the private keys that control crypto assets, the mice—the cybercriminals of the cryptocurrency world, are relentless in their efforts to defeat the latest security mechanisms of the cats—the cryptocurrency exchanges which must constantly be on guard.
Blockchains, collectively secured by thousands of network participants, have been lauded as a cybersecurity breakthrough, but they don’t offer any advantage in this game. Cryptocurrency exchanges typically rely on secondary software, and have historically suffered from what security expert McAfee calls a “start-up mentality” in which security “takes a backseat to growth.”
As a result, the cryptocurrency market has seen all manner of heists—from corrupt custodians making off with customer funds, to phishing scams, technical failings, and losses from human error.
To secure the future of cryptocurrency, eToroX’s cybersecurity strategy rests on the three established pillars of people, process and technology.
People
90% of cloud data breaches are caused by human error, according to research from Kaspersky Lab. Both employees and customers can create vulnerabilities, but this source of insecurity is often overlooked by organizations.
Cryptocurrency exchange employees can be targeted with social engineering attacks, and inadvertently open security loopholes with simple mistakes like downloading malicious files. Traders meanwhile, can fall prey to phishing emails from criminals masquerading as official communication channels.
The Binance hack, in which cybercriminals stole $40M worth of bitcoin, is thought to have relied on both internal and external vulnerabilities. The hackers convinced high-net-worth exchange users to click a disguised link, and then used this security hole to plant malware within the exchange.
eToroX minimizes human error with cybersecurity awareness training, identity management, and access control. Risk is managed by a dedicated team including a Chief Information Security Officer (CISO) and a security trustee on each site. Traders are encouraged to protect their accounts with 2FA.
Process
Operational security incidents account for two thirds of publicly disclosed security breaches, according to blockchain researchers from The Netherlands and Singapore. Managing the risk of organizational processes requires exchanges to view operations from the perspective of an adversary, and patch security holes accordingly.
Operations at eToroX are underpinned by detailed documentation and constantly under review. Information management processes are certified by international standards, and critical custodial processes like withdrawals are protected by strict user verification, including passwords, biometrics, pattern recognition, geo location and video call authentications.
As eToroX is regulated under Gibraltar’s DLT license, the security of all processes is verified independently through regular audits from the Gibraltar Financial Services Commission (GFSC).
eToroX contributes to the protection of the cryptocurrency community as a whole through the Cyber Defense Alliance—a collective of cryptocurrency companies which all face similar cybersecurity threats.
Technology
As the first form of money based on public-key cryptography, cryptocurrency has been stored using several different innovative custody methods—including the most popular option of hot and cold wallets.
Hot wallets are the cryptocurrency equivalent of a pocket wallet. These typically hold only a small amount of funds, and are connected to the internet making them more vulnerable to theft.
Cold storage on the other hand is like locking funds away in a home vault, where they are less likely to be hacked but also less accessible because they are offline.
eToroX has partnered with the same experts responsible for defending the strategic assets of several countries to create a cold storage custody solution that combines the accessibility of a hot wallet with the security of a cold wallet. This unique mechanism has been battle-tested with a $250,000 bounty program.
Along with custodial infrastructure, defensive technology plays a key role in the prevention of cyber attacks—detecting intrusions, data breaches, unauthorized access to systems or information, malware, etc, and immediately responding to mitigate any negative effects.
eToroX has partnered with leading forensic blockchain firm Chainalysis to monitor suspicious activity. Chainalysis’ “know your transaction” technology peers into the blockchain to monitor cryptocurrency transactions in real-time, helping eToroX defend against threats and meet anti-money laundering requirements with ease.
eToroX’s cybersecurity prowess is proven by more than 12 years of experience protecting over $1bn worth of clients’ assets from cybersecurity threats. In the unlikely event that security is compromised, all customer assets are insured by Aon against internal and external theft, loss, damage, or destruction.