Watch this on YouTube: https://www.youtube.com/watch?v=vnIrgL0Xzpo Telegram group: t.me/cryptobayto Youtube:bit.ly/watchthatcrypto Meetup: bit.ly/ThatCrypto Get THAT Coins: bit.ly/THATbounty Attacks on Exchange Side DDoS - disrupting service (75% of exchanges). Can lead to a price drop. 2013 Mt.Gox. Bitcoin dropped from $100 to $55 2017 Bitfinex. NEO, OMG, ETP dropped by 90% Transaction Malleability Attacks. In bitcoin network, each transaction has a hash that is at the same time the ID of the corresponding transaction (TXID). If the attacker can change the transaction ID without invalidating it then they can broadcast a transaction with a changed hash to the network. And if it becomes confirmed before the original transaction, then the sender will think that their initial transaction has failed, while the funds still being withdrawn from their account. As a consequence, if the sender repeats the transaction, they’ll spend the same amount twice. 2014 Mt. Gox: attackers could take the hashes of recent trades and claim them as their own before they’d been committed to the bitcoin blockchain. It was discovered that hackers had stolen 850,000 Bitcoins over a period of three years resulting Bitcoin had lost 36 percent of its value. Phishing (Spear Phishing) Attacks directed to Exchange employees 2015 Bitstamp: an employee clicked on a link in an email, which downloaded a malware consequently stealing 19,000 BTC ($5M) Hot Wallet Attacks 2018 CoinCheck $500M in NEM 2019 Binance 7000 BTC ($40M) Bitmex Security Practices No Hot Wallets (Hot Wallets are convenient but don’t require human intervention to sign transactions and this is what hackers attack. Recent Binance attack emptied their hot wallet). SatoshiLabs claims that over 1 million Bitcoin have been stolen in hot wallet thefts, the largest being BFX & Mt. Gox. End To End Multi-Signature Wallets. At BitMEX, 2 of 3 partners must sign each withdrawal. If that condition isn’t met, then funds cannot be spent. All signing happens on offline machines. Withdrawals are done once a day. Continuous Audit in Trading Engine written in KDB+/q. (At every trade all user balances sum to zero. It prevents spoofing balances, which is what likely happened with Mt.Gox )

1. CRYPTO
EXCHANGE
HACKS

2. Exchange Side Attacks
● Hot Wallet
● Employee Spear Phishing
● DDoS
● Transaction Malleability

3. User Side Attacks
● Email Compromise and
Password Recovery
● Weak or reusable password
● Phishing
● Malware, Keylogger
● Website Spoofing
● No 2FA

4. Other Risks
● Exit Scams
● Regulatory Risks

5. Choosing Secure Exchange
● Location (Legally operates in your country)
● Reputation (Company, Address, Team, Regulated)
● Security (Hacks, hot/cold storage, enforcing 2FA
and other op-sec, KYC)
● SAFU / Insurance
● Volume and Liquidity
● Customer Support (Languages, Response time)
● Fees and Rates
● Usability, UI

6. BitMEX Security Practices
● No Hot Wallets
● 2-of-3 Multisig Wallets
● Continuous Audit in Trading Engine

7. General Cybersecurity
● Unique email only for the exchange
● Do not use your phone as recovery due to SIM-Swap
● Strong unique password (manager)
● 2FA
● VPN
● Regularly check your account activity
● Don’t store funds on exchanges
● Dont advertise your Bitcoin wealth

8. Move to DEX
Pros:
● No Honey Pots
● No Exit Scam
● No Regulatory Risk
Cons:
● Personal Responsibility
● High Price of Mistake
● Low Liquidity

9. Tips
● Backup your seed phrase
● Never Keep Coins on Exchanges
● Denis Serebryakov
twitter.com/ThatCryptoTO