Singapore-based cryptocurrency exchange KuCoin disclosed today a mega hack. In a statement posted on its website, the company confirmed that a threat actor breached its systems and emptied its hot wallets of all funds. The estimated loss is $150 million.
Hot wallets are cryptocurrency management apps that are connected to the internet. Cold wallets are stored offline.
Unfortunately, the only thing holding cryptocurrency acceptance back is the lack of data, wallet and exchange security. Everyday we hear about currency thefts, exchange hacks and currency thefts. The entire sector has to take the issue much more fanatically.
The real problem is that most crypto websites don’t use very sophisticated anti-hacking systems. The most common is two-factor authentication: for each transaction you need to enter a one-time password, which is sent to the client’s phone or e-mail.
With this in mind, two-factor authentication is not the most secure way of protection. A more advanced option for two factor authentication is special applications like Authy and Google Authenticator. They block access to the system if the login and password are compromised by asking for additional code.
The second most popular method of protection is multi-signature: when several keys to Bitcoin wallet are kept by different owners, and access to the funds can be obtained only by collecting all electronic signatures. However, this system can also fail. Experts note that multisignature works only when all key owners are independent from each other.
One of the most reliable ways of protection against hacker attacks remains distribution of funds between hot and cold wallets. In addition to physical protection (video cameras, armed guards, retinal scanner, etc.), a cold wallet can be equipped with a multi-signature system. The bigger the share in the cold storage, the safer it is. Ideally, cryptocurrency should only get online at the time of the transaction. But, as the KuCoin example demonstrates, hot wallets are easy targets.
Another way are the so-called Bitcoin “valves” — special Bitcoin addresses, where coins are locked by a two-stage security mechanism with two different keys. To unlock funds, you need a regular digital key, but full access to the money is only possible after 24 hours. Within those 24 hours, any transaction can be cancelled by entering the second key. There is another degree of protection: if a hacker has both keys, the exchange can burn the funds stored in the wallet.
Regular audits by independent experts and hacking tests have become a good tone among crypto exchange operators. The latter is done by so-called white hackers. Their goal is to hack into security systems to find potential vulnerabilities that can be exploited by attackers.
One way or another, a complex approach is important in the question of cryptocurrency exchanges security: security of code in combination with security of development environment and third-party libraries used in the product creation. It is also impossible to exclude human factor, which often contributes to hacker attacks.
Unfortunately, very few methods are working.
The problem with all these methods, is that once they are defeated and breached, the funds are in the clear and easily stolen.
The founders at BLAKFX, originated their current data security product (Helix22) as a cyber currency, exchange, wallet and blockchain. Therefore our data security product, the Helix22 is fully designed and functioning to facilitate the cyber currency sector.
In Math We Trust
Fortunately, a perfect data security solution is available.
The Helix22 data security SDK does the following:
- Makes any cryptocurrency theft proof
- Protects all wallets, exchanges, transactions
- Protects all your firms data at rest, in use and in transit
- Renders ransomware threats obsolete
- Eliminates human error
- Eliminates all malicious or interior attacks
- Reduces latency
- Installs with 5 lines of code
- Runs on any platform
- Provides perfect future/forward secrecy
- Delivers “zero-knowledge” encryption
- Compatible with all cloud, 3rd party and vendor services
- Is quantum ready – so there’s no need to upgrade when the time comes
- Requires no employee training
- Exceeds all gov’t and banking standards
- Meets compliance regulations
Helix22 delivers all this security assurance due to our genius engineering team that has invented a new model for data security that required an innovative look at the problem. The approach we took was to protect the data itself. Almost all other security products try to build a perimeter or being fanatic on user credentials. However, once the product is breached or a password is stolen, even if it is 2FA or encrypted, your firms data is in the clear.
You see, the Helix22 cryptography is embedded with the data itself through our inventive and patented process of DNA BindingTM. Therefore, even if a cryptocurrency is stolen the data cannot be exfiltrated. This means that all currencies are 100% protected regardless of the type of attack.
Another substantial advantage of Helix22, is that it protects all data whether at rest, in use or in transit. All communication apps for example, only encrypt data while in transit. Therefore, that encryption become useless for internal IT security or Artificial Intelligence or Machine Learning experimentation. All data generated during these massive computing exercises is equally protected in real time. Plus, the latency period for the Helix22 is exponentially less than any other security product, so it actually contributes to faster processing times.
The tech engineers at BLAKFX invented and patented a genuine user2user (U2U) encryption. We manage data security and transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when an app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data.
In this protocol, we are truly a “zero-knowledge” server so your private communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity ever for any data leak.
This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all your partner firms be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.
Let’s take it a step further. Even if your organization were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.
Our founders also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. Helix22 is several generations enhanced since then.
Finally, the Helix22 encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.
Helix22 installs with just 5 lines of code.
We have developed our data security products for the future in all of our engineering.
We like to refer to Helix22 as “22nd Century Data Security.”
To read the statement from KuCoin, click here