Posted on March 4, 2020 at 5:12 PM
Cybersecurity has always been a major challenge to the cryptocurrency industry, with some recorded DDoS attacks against top crypto firms in recent times.
The past few weeks have not been particularly rosy for a number of crypto exchanges, including Coinhako, Digitex, Bitfinex, and OKEx. The companies have experienced different levels of security breaches.
However, these attacks did not lead to loss of any funds, with all the affected exchanges reportedly back online in full operation.
Bitfinex and OKEx targeted in DDoS attacks
Last week, Bitfinex and OKEx, two major crypto exchanges, were hit by DDoS attacks. The OKEx exchange was the first to receive the onslaught. However, the exchange was quick to mitigate the attack and the actors could not cause much harm to its systems.
As the exchange was still trying to mitigate the attack, OKEx’s chief executive Jay Hao, on his Weibo page, blamed the incident on unspecified competitors.
The attack consumed about 200GB per second of traffic before increasing to 400 GB in the second wave, in a series of attacks that lasted for two days.
With the level of traffic consumed, the director of the financial markets at OKEx, Lennix Lai, concluded that the attack is a very sophisticated one that may involve state actors.
But OKEx was able to deal with the DDoS attack within a short period of time, although the second wave of attack was a little more difficult to handle.
After the OKEx security team carried out temporary maintenance on the systems, there was a second wave of DDoS attack. This time, it was more serious than the first wave. The second wave of attack disabled futures and options trading. According to OKEx’s spokesperson, the two attacks were different and completely not related to each other.
Coinhako also attacked
Another crypto exchange, Coinhako, also revealed that it was recently hit by a sophisticated DDoS attack, and the incident is unrelated to other hacking incidents.
According to the exchange, “unauthorized cryptocurrency transactions were found from Coinhako accounts and sent out.”
To prevent any damage or exposure to its data, Coinhako deactivated the “send” option. After patching up its systems and taking the necessary maintenance procedures, the company announced on February 29 that it is fully back online with more stringent security measures.
Attack on Bitfinex also sophisticated
As OKEx was still battling to mitigate the DDoS attack on its platform, the hackers turned their attention to Bitfinex. As the exchange’s status page revealed, the DDoS attack on its system lasted for about an hour. During that period, the exchange’s throughput fell close to Zero and the platform was not able to execute any trades at the time. It led to an upsurge in traffic on platforms of other competitors.
However, Paolo Ardoino, chief technology officer at Bitfinex, informed reporters that the company decided to go offline in order to deal with the situation speedily.
He said although DDoS attacks did not affect the exchange’s WebSockets and main services, it was important to react quickly to prevent any escalation of attack. He further said that the company’s decision to go offline and start maintenance immediately wasn’t because it cannot stop the attack while online. Bitfinex had to take the decision to use countermeasures and prevent any further attacks on the network.
Ardoino also pointed out that the DDoS attack on Bitfinex’s system is sophisticated and well-planned. The attackers wanted to exploit different platform features to increase the infrastructure load. He said the enhanced design of the request and the large numbers of different IP addresses utilized in the attack only shows how sophisticated that attack was.
The attackers tried to exploit the internal vulnerability of the exchange’s non-core process queues. He further explained that they were fully prepared with everything to cause severe disruption in Bitfinex’s portal. However, the exchange has enough security checks in place to reduce the extent of damage from the attack.
Cybersecurity always a challenge in the industry
The cryptocurrency market is still young, but it has already started facing a series of security challenges. This security challenge is one of the reasons why many people are still skeptical about the feasibility of investing in the industry. No one wants to lose his major investment to hackers neither do they want to invest in an insecure company.
According to a recent report from KPMG, the cryptocurrency industry has witnessed the theft of more than $9.8 billion since 2017. That’s frightening for a growing industry.
But security companies are coming up with innovative strategies to help companies prevent or mitigate these attacks. There is optimism in the industry that the extent of crypto theft will reduce drastically as the public becomes more aware of the technology and security outfits develop stricter security protocols.