A Brief Analysis of the Security Mechanism of Mainstream Bitcoin Exchanges


Hong Kong, China -- (ReleaseWire) -- 12/06/2020 --In fact, digital currency has always been a frequent occurrence of security incidents. In January 2018, Japan's Coincheck exchange was hacked and NEM was stolen and lost approximately US$534 million. In February 2018, the trading price of Ethereum-based XMRG tokens rose by 787% and then quickly plummeted to zero, causing a large number of users' economic losses. The reason behind it was that its smart contract code had integer overflow loopholes, and the over-minting caused hyperinflation. On the Binance exchange in March 2018, hackers used stolen user information to perform a large number of transactions and manipulated the market to make a profit of more than 100 million US dollars. In April 2018, BEC tokens and SMT tokens based on Ethereum were transferred out due to overflow loopholes in smart contracts, which triggered panic selling and caused the market value to almost return to zero. There are countless such cases.

The author discovered two phenomena through these observations. First, the frequency of incidents is very frequent. It should be understood that this is only a list of recent events with relatively large impacts. If the time range is expanded, or the possible small impacts and covered events are counted, the number will be more than this. Second, the loss of the platform or users is huge, tens of millions or even hundreds of millions of dollars.

In fact, through these event records, you can get more information, let's analyze it next.

At the beginning of March 2018, Binance, a well-known digital currency trading platform, experienced a large number of abnormal transactions on accounts, which in turn affected the trading conditions of the entire digital currency market. What I want to say here is that after the incident, someone posted an accusation that the incident was officially self-directed and performed by Binance. The co-founder of Binance responded with a subsequent post to refute this accusation. I do not intend to discuss the truth of the incident here. Here is a sentence from the palindrome of the co-founder of Binance. "This kind of security problem is almost inevitable. Exchanges of any kind are attacked every day. On the one hand, the narrow policy space makes it impossible for the currency circle to copy the traditional exchange system. On the other hand, virtual currency exchanges have only been available for a few years, and both risk control and technology accumulation require a growth process. "

In the forum on how CEX builds a safe haven for user assets held on November 4, Omar, CEO of ZB.com, revealed ZB.com's wallet security mechanism. Omar said that ZB.com's wallet uses a combination of cold storage and isolation from hot and cold. The vast majority of system funds are stored in offline cold wallets, and only about 0.5% of encrypted assets are stored in hot wallets for daily platform operation. To provide further protection, encrypted wallets cannot be accessed from the platform or platform servers. Among them, offline cold wallets are the top priority of each exchange's security. And ZB.com has a total of 7 senior managers (all outside mainland China) in control of the cold wallet private keys. Moreover, with the multi-signature mechanism, there is no single person who can control the private key and funds, which can greatly reduce the black swan incident that occurs in a certain exchange. In addition, the relevant person in charge of ZB.com once said that the ZB.com platform has built a list of black currency addresses, which is updated from time to time by special personnel. The system monitors that the black currency address is transferred to the platform and the account is immediately frozen. Advertisers in the legal currency trading zone can flexibly set the multi-dimensional conditions of the counterparty, such as trading T+1 days to withdraw coins, etc., to prevent black money and black money transfer. ZB.com has set up a "National One-click Report" button on its website and app, and users can quickly and conveniently report other customers they think are suspicious. ZB.com CEO Omar once gave a speech and mentioned the reasons for the steady development of China Currency: ZB.com transaction security settings have many strict risk control and security assistance functions. The core technology of wallet and custody service is also the core of ZB.com for 7 years, and our custody service also serves many leading exchanges. Almost none of ZB.com users before the end of 2017 did not make money. This is the consensus of many old coins. ZB.com made many star projects popular in the early days, such as ETH, ETC, HSR, Qtum, EOS, etc., which caused a large number of retail investors to flood in. At its peak, ZB.com accounted for more than 50% of global ETH transactions and more than 70% of ETC transactions.

The original intention of the birth of Bitcoin is to let everyone control the funds, and the emergence of exchanges is only to facilitate transactions, so it is necessary to assume the responsibility of fund security. In my opinion, ZB.com has been doing very well.