Investigators from the Korean Ministry of Science, Technology and Information and the Korea Internet Development Agency (KISA) have found “weak” security at 31 0f approximately 38 crypto exchanges studied, ZDNet reports.
Investigators deployed an 85-point security checklist to participating exchanges and found that, “14 exchanges showed an average of 51 security items still insufficient and could be exposed to the risk of hacking attacks at all times.”
Items queried by the checklist include, “…operational security such as administrative security; network separation and account management; system security such as system, network, and database access control; backup and incident response; and virtual…(fire) wall management.”
Oh Young-soo, director of information security at the Ministry of Information and Communication commented on the results and emphasized the importance of amped security at crypto exchanges:
“Most of them except for the seven exchanges that satisfy all 85 inspection items are still at a low level of security…Cyber attacks are expected to continue this year, too.”
Upbit, Bitsum, Kofax, Covert, Coin One, and Pluto DS passed the security inspection with perfect scores, although three employees at Upbit were recently indicted for allegedly executing $226.2 billion in wash trades designed to inflate the values of cryptocurrencies last fall.
ZDNet reports that an additional 17 new crypto exchanges were approved to operate in South Korea since the initial security survey was performed showed, “…an average of 61 items…insufficient and the overall security level…weak.”
Poor security at those exchanges reportedly stems from, “insufficient establishment and management of security systems such as basic PC and network security as well as network separation and access control.”
Cryptocurrency exchanges across the globe have been hacked for over a billion dollars of cryptocurrency in recent years, including Coincheck ($534 million stolen) and Mt Gox ($473 million stolen).
To be hacked to such an extent, these crypto exchanges have to have been storing large pools of cryptocurrency in wallets connected to the Internet (hot wallets).
Inside jobs have also been alleged.
According to ZDNet, the Korean Ministry of Information and Communication says it will continue to monitor security at Korean crypto exchanges in order to reduce “user harm caused by hacking.”