How Should Retail Users Mitigate Risks in the Face of Frequent Blockchain Security Incidents?
Everywhere there is a large commission, there is a high probability of a ripoff - Charlie Munger
By now, every crypto user has heard of the recent FTX collapse. Since CZ’s tweets stirred up the storm, the world’s second-largest crypto exchange by trading volume was forced to file for bankruptcy in less than one week.
Such a fast crypto freefall reminds people of the death spiral that destroyed LUNA-UST in May this year, which evaporated $40 billion worth of funds and hurt multiple distinguished institutions, including Three Arrows Capital and Celsius. Even Poolin, a mining pool that operates in the crypto upstream, was affected.
Poolin announced a partnership with Three Arrows Capital back in June 2020, and this connection might explain why Poolin suffered a liquidity crisis and cannot process withdrawal requests by miners. So far, 2022 has proven to be a troubled year for the crypto industry. That said, the security concerns revealed by the scandals are worth reflection.
According to the accident analysis reports released by SlowMist Technology, this year’s crypto scandals were mostly caused by
- The misuse of users’ funds and
- Malicious attacks.
Companies that failed due to the misuse of users’ funds do not deserve our sympathy, and sound regulation and the real-time disclosure of balance sheets could avoid such problems. With respect to malicious attacks, however, though attackers are condemnable, these attacks also indicate insufficiency on the part of the project team in terms of security technologies and audits.
In this regard, ViaBTC Group, a blockchain veteran that has stayed in the business for six years, has recorded decent performance.
CoinEx, a crypto exchange under ViaBTC Group, has maintained a zero-accident record amid the frequent crypto security scandals in the industry.
On CoinEx, all cryptos are 100% reserved, and the exchange promises not to misuse users’ assets for any reason whatsoever. Furthermore, CoinEx publishes monthly ecosystem reports to illustrate the operation status of CoinEx and CET, its platform-based token. Choosing such a transparent exchange allows users to minimize risks and potential losses.
ViaBTC Pool, currently one of the top 5 pools by BTC hashrates, has also made great progress in terms of security.
The pool set up an internal security committee, making sure that all technical upgrades and version updates are carried out in strict accordance with the relevant security procedures and criteria. The pool also regularly conducts comprehensive security audits and optimization of its codes, as well as stress tests, to identify security vulnerabilities.
Of course, some security risks could still go overlooked even if all these measures are adopted. As such, ViaBTC Pool has rolled out the ViaBTC Security Bounty to encourage users to find security vulnerabilities threatening the pool, with huge bounties to be collected.
The program divides security vulnerabilities into three threat levels: L1, L2, and L3, and participants could get 10,000 USDT as the reward for reporting an L3 vulnerability (the highest level).
Click on the link to find out more about the Program: https://support.viabtc.com/hc/en-us/articles/4411464259481-ViaBTC-Security-Bounty-Program
As mining pools protect themselves through comprehensive security measures, hackers have to turn to farms and miners. Here are some of the common tricks employed by hackers:
- Pose as official customer service employees in social media groups and DM you;
- Contact you through email, SMS, and phone posting as an official employee;
- Cloned websites;
- Fake events or investment projects;
Reference: https://support.viabtc.com/hc/en-us/articles/4751971581337-Common-Scammer-Cases
We must stay on alert to discern these tricks. A project’s official SNS accounts on platforms like Twitter are all certified. If you couldn’t determine whether or not an event or project is authentic, you can always look for help in official social media groups.
Sometimes, attackers would disrupt a user’s mining operations by occupying his/her network bandwidth and reducing the application performance through more advanced attacks, such as DDoS and CC attacks. In such cases, Hashrates Fluctuation Notification, a ViaBTC function tailored to the needs of miners, can periodically collect various mining machine data and monitor the operating status of mining machines.
Through the feature, when ViaBTC finds a mining machine to be abnormal, or if it believes that the mining machine has been attacked or tampered with, the user will be promptly reminded through email and SMS to avoid loss of revenue.
Additionally, ViaBTC Pool also features multiple log-in authentications, including alerts for any suspicious login activity. To log in to their accounts, users have to enter the correct verification codes from Google Authenticator and SMS.
Of course, Two-Factor Authentication (2FA) is not mandatory and could be deactivated after logging in. That said, for security concerns, I’d always recommend activating 2FA.
Finally, faced with blockchain security risks, most platforms are doing their best to keep our accounts safe and secure. Meanwhile, as users, we must also become more risk-aware to identify and eliminate potential security risks, which is the only way to avoid falling victim to hacks.