Opinions about crypto markets are generally polar: some consider them an effective financial instrument, while others consider them an unstable asset with high activity. However, there is no denying that cryptocurrencies are firmly established in the world and Russian practice. Both as an investment product and as an operational product-for one-time or periodic purchases, for example, of goods abroad, where the capabilities of traditional financial institutions are limited due to the geopolitical crisis and sanctions.
The growing interest of Russian society in cryptocurrencies is also indirectly indicated by the increase in the number of cryptomats through which you can physically replenish electronic wallets. However, along with increasing public involvement in the crypto markets, cybersecurity risks associated with the main elements of such infrastructure – exchanges and wallets-are also growing.
This article will analyze the features of the crypto industry from the point of view of information security, issues of anonymity of cryptocurrency exchanges, and other risks that are characteristic of this area.
The lack of uniform rules and standards in the field of cybersecurity of crypto exchanges and crypto exchanges creates a situation in which the level of trust in cybersecurity of almost any organization will be near zero – since there are no guarantees of the presence of protective mechanisms, except for the assurances of the administration of the exchange itself.
The only measure of security is the number of known incidents that have occurred with a particular project. It is important to note here that many crypto startups do not initially assume a "long-term viability" and, by analogy with a soap bubble, they die out before the attackers have time to draw attention to themselves.
There are also problems of insider activity, dumping, analogues of financial pyramids and other projects that are more likely to relate to financial risks than to cybersecurity risks.
It is important to note the prerequisites that state policy regarding cryptocurrencies is gradually changing. With regard to Russia, there is every reason to believe that the regulation of cryptocurrencies will follow the path of regulating the activities of traditional financial institutions. However, to achieve results, this approach should become a global trend.
At the same time, increasing the attention of state institutions to crypto exchanges is fraught with leveling the main advantage – the anonymity of cryptocurrencies.
For example, it is common practice to freeze compromised wallets. One example is the Huobi crypto exchange, which froze stolen EOS42 assets in February of this year.
The possibility of blocking the wallet from the exchange has led to the emergence of entire services for analyzing the risks of such an outcome. The most well – known of these tools is AML.
But the software-technical and procedural levels are characterized by "classic sores" of cybersecurity, which include::
There are also side effects that do not directly affect the functioning of the crypto market, but are caused by it and relate to information security. For example, these include the appearance of mining bots and their distribution using HPE distribution technologies. They do not have a direct task to damage the "victim", but they negatively affect the performance of the device and its service life.
It is important to understand the fact that cryptocurrencies have ceased to be a narrow sector of activity where industry specialists rotate. Due to the popularization through various areas (from media projects like STEPN to the activities of "coaches" and crypto investors), many people who can be identified as "unqualified investors"have come to the industry.
They are much more vulnerable from the point of view of phishing, social engineering, and other tools for obtaining passwords from wallets. It is important to remember that if the hack occurred through the theft of a user's password – even the best and most anonymous cryptocurrency exchange will simply refuse to cover the damage.
Most likely, in the medium term, we will see how the most centralized and large projects will move towards standardization and regulation of activities by state institutions in different countries, and small projects, on the contrary, will try to attract an audience for which a high level of anonymity of ownership and transactions remains a priority.
The growing interest of Russian society in cryptocurrencies is also indirectly indicated by the increase in the number of cryptomats through which you can physically replenish electronic wallets. However, along with increasing public involvement in the crypto markets, cybersecurity risks associated with the main elements of such infrastructure – exchanges and wallets-are also growing.
This article will analyze the features of the crypto industry from the point of view of information security, issues of anonymity of cryptocurrency exchanges, and other risks that are characteristic of this area.
Crypto Exchange as a financial institution
The first problems of cryptocurrencies lie at the basic level of information security-legislative. If the activities of banks, "traditional" exchanges and other financial institutions are sufficiently regulated in terms of information security and rules for working with finances and client data, then crypto exchanges in this regard are not regulated almost anywhere.The lack of uniform rules and standards in the field of cybersecurity of crypto exchanges and crypto exchanges creates a situation in which the level of trust in cybersecurity of almost any organization will be near zero – since there are no guarantees of the presence of protective mechanisms, except for the assurances of the administration of the exchange itself.
The only measure of security is the number of known incidents that have occurred with a particular project. It is important to note here that many crypto startups do not initially assume a "long-term viability" and, by analogy with a soap bubble, they die out before the attackers have time to draw attention to themselves.
There are also problems of insider activity, dumping, analogues of financial pyramids and other projects that are more likely to relate to financial risks than to cybersecurity risks.
It is important to note the prerequisites that state policy regarding cryptocurrencies is gradually changing. With regard to Russia, there is every reason to believe that the regulation of cryptocurrencies will follow the path of regulating the activities of traditional financial institutions. However, to achieve results, this approach should become a global trend.
At the same time, increasing the attention of state institutions to crypto exchanges is fraught with leveling the main advantage – the anonymity of cryptocurrencies.
Problems at other security levels
The administrative level of security of cryptocurrencies is the most dualistic, since, on the one hand, all managers have a natural desire to protect their infrastructure, but their views on how to protect and "best practices" are very different.For example, it is common practice to freeze compromised wallets. One example is the Huobi crypto exchange, which froze stolen EOS42 assets in February of this year.
The possibility of blocking the wallet from the exchange has led to the emergence of entire services for analyzing the risks of such an outcome. The most well – known of these tools is AML.
But the software-technical and procedural levels are characterized by "classic sores" of cybersecurity, which include::
- lack of clear incident response regulations;
- insufficient level of technical protection equipment;
- lack or absence of specialized specialists in the project team.
There are also side effects that do not directly affect the functioning of the crypto market, but are caused by it and relate to information security. For example, these include the appearance of mining bots and their distribution using HPE distribution technologies. They do not have a direct task to damage the "victim", but they negatively affect the performance of the device and its service life.
Security of crypto wallets
Most end users are most attentive to the security of crypto wallets, since they consider it identical to the security of their personal account. In practice, this is not entirely true, since the" entry point " for hackers can be not only a login-password pair, but also vulnerabilities in the infrastructure of the exchange itself, the crypto project.It is important to understand the fact that cryptocurrencies have ceased to be a narrow sector of activity where industry specialists rotate. Due to the popularization through various areas (from media projects like STEPN to the activities of "coaches" and crypto investors), many people who can be identified as "unqualified investors"have come to the industry.
They are much more vulnerable from the point of view of phishing, social engineering, and other tools for obtaining passwords from wallets. It is important to remember that if the hack occurred through the theft of a user's password – even the best and most anonymous cryptocurrency exchange will simply refuse to cover the damage.
Results
The crypto industry now has two development vectors:- In which anonymity remains a priority, but a high level of cybersecurity is not guaranteed by anything, and there is always a risk that the exchange will be critically damaged during hacking and will be forced, at least, to suspend its activities, like Deribit.
- In which the role of state regulation in the field of cryptocurrencies is gradually growing, and in all leading states. This will inevitably affect the level of anonymity of crypto exchanges, but it can serve as a driver for the growth of their information security level.
Most likely, in the medium term, we will see how the most centralized and large projects will move towards standardization and regulation of activities by state institutions in different countries, and small projects, on the contrary, will try to attract an audience for which a high level of anonymity of ownership and transactions remains a priority.
