Freelance Writer Specializing in Blockchain Technology
COVID-19 Exposes Shortcomings on Crypto Exchanges
With the pandemic-imposed lockdowns all over the world creating a state of fear and uncertainty amongst traders, the past month has seen the crypto markets hit with unprecedented fluctuations and price swings for BTC and other cryptocurrencies. Bitcoin, often seen as the barometer of all the other cryptos suffered its biggest drop in 7 years, to under $4K. Other leading cryptocurrencies such as ETH, XRP, and LTC experienced double-digit falls.
On March 12th, traders were unable to buy BTC or USDT with fiat on Huobi, Binance, and other exchanges due to excessive traffic. About two weeks ago on February 27th and 28th, both Bitfinex and OKEx also suffered DDoS (Distributed Denial of Service) attacks, with imposed downtimes due to excessive traffic forced on their servers.
“While there have certainly been quite a number of situations in the past where exchange platforms struggle to keep up with user demands and other technical difficulties, the unexpected price fluctuations this time has exacerbated the situation even more.
The overall performance of many exchanges has certainly not been satisfactory, thereby exposing the entire industry’s deficiencies in basic system architecture and a lack of cumulated technical experience and expertise.” observes ChainUP CEO Zhong Gengfa.
A leading blockchain technology services provider, ChainUP has served over 300 exchange clients as a one-stop Whitelabel exchange solutions provider, recently adding financial derivatives sub-brand EXUP that is currently serving 60+ clients.
The Co-founder of XinFin.org, Peter Yeo, agrees. XinFin is an open-source hybrid blockchain platform that combines the best attributes of both private and public blockchains.
“The original codebase for many exchanges such as Binance was inspired by high-frequency trading platforms for fx brokers, and hence not meant for trading digital securities and fundamentally not secured in the way it was designed to be,” says Yeo. “There is a lack of checks and balances as the system admin is overpowered.”
XinFin’s Yeo advocates that “to have the correct infrastructure solution, you would need to rework the design thinking from the ground up.”
Strong technical architecture is a must, according to ChainUP’s Zhong Gengfa:
“Scalable, extensible and efficient technology architecture. Needs to be able to achieve automatic horizontal expansion in line with business requirements, with highly configurable scalability to support secondary development of customers and lastly a highly efficient matching engine to ensure smooth transactions at enterprise levels and beyond with disaster recovery solutions that take seconds.”
Jack Chia, CEO of WenxPro exchange, previous CEO of Cryptology, notes that:
“As far as I know, for fiat to crypto services, exchanges are using third-party operators. These third-party services might not have load tests done, so when there is a surge in demand some problems might arise.”
What most exchanges will agree on is that “customers get very anxious if they cannot contact the exchange when something goes wrong”, according to Chia. Hence top exchanges should and do provide “very large and comprehensive customer service teams.”
So how ready are exchanges to guard against hacks and cyber-attacks? If history is anything to go by, not very.
According to leading web performance and security company Cloudflare, a successful DDoS attack can, on average, cost organizations $100K per every hour the attacks last.
Paul Kang, Co-founder of Entersoft Security and current Board Director of Fintech Australia, offers more insight. Global award-winning Entersoft delivers security solutions to over 300 global brands.
“The goal of a DDoS attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by exhausting resources of the target. Exchanges need to be able to detect, respond, route and adapt to DDoS Attacks. Basic steps that could be put in place by exchanges to stop such attacks would be developing a denial-of-service response plan, securing network infrastructure, practice basic network and application security, maintain strong network architecture and leverage the cloud.”
Kang adds that
“The key concern in mitigating a DDoS attack is differentiating between an attack (bad actors) and normal traffic.”
“This is where risk control and situational awareness systems come in,” agrees Zhong. “To conduct all-round risk management of the system and perform intelligent large-scale data analysis on user behavior, multi-dimensional monitoring, real-time risk, and threat detection and actively intercept and prevent high-risk behaviors.”
Entersoft’s Kang stresses that
“it is vital for crypto exchanges to be always prepared for DDoS attacks as they can lead to downtime, loss of data, customers and brand reputation…. Hence exchanges need to be willing to allocate sufficient capital and resources to improve the security measures of their exchanges.”
ChainUP’s Zhong concurs, adding that at the moment, on many exchanges,
“there is still a lot of room for improvement in the most basic areas of creating a favorable trading environment.”
With statements like these above, I believe there is a way forward, to rid the Blockchain Industry and Digital Asset Markets from being exploited by malicious attacks. Blockchain shortfalls like unforeseen high volume vulnerabilities can be dealt with and with proper due diligence and collaborative efforts amongst the broader market. The Digital Finance sector is set to continue growing if it can keep reliability and consumer stability intact.
Entersoft Security #entersoftsecurity