A recent report from blockchain security and analytics firm Chainalysis highlights the escalating threat of damaging cyberattacks in the web3 and cryptocurrency sector and offers an extensive blueprint for virtual currency exchanges to strengthen their defenses against these malicious activities.
The research report leverages insights from Chainalysis’ acquisition of Hexagate, a Web3 security firm, to identity industry best practices aimed at thwarting large-scale hacks.
With crypto thefts surging—$1.58 billion stolen in the first seven months of 2024 alone, per Chainalysis’ earlier findings—the stakes are higher than ever for exchanges to secure digital assets and maintain user trust.
Gaining the confidence of customers is particularly important in a nascent industry that has historically been plagued by various scams, fraudulent activities, and market manipulation.
The report identifies the persistent vulnerability of exchanges, often targeted due to their centralized control of vast sums of cryptocurrency.
High-profile breaches, like the $300 million hack of Japan’s DMM Bitcoin in 2024, illustrate the devastating potential of these attacks, which can force closures and erode confidence in the ecosystem.
Chainalysis attributes much of this risk to sophisticated actors, including North Korean operatives, who exploit both on-chain as well as off-chain weaknesses.
The report emphasizes that while web3’s transparency offers certain tracing advantages, proactive prevention is critical to outpace these threats.
For Web2 environments—traditional internet infrastructure—Chainalysis recommends several foundational security measures.
Endpoint Detection and Response (EDR) tools, such as SentinelOne or CrowdStrike, are highlighted for their ability to detect and neutralize threats on employee devices.
Segregating signing computers from the internet via air-gapped systems is another key suggestion, minimizing exposure during transaction approvals.
The report also advocates locking down hardware linked to cold storage with strict access controls and securing API keys using Hardware Security Modules (HSMs) to prevent unauthorized access.
These steps, drawn from conversations with industry CISOs, aim to fortify the off-chain perimeter where breaches often originate.
In the Web3 ecosystem—blockchain-based or DLT enabled systems—Chainalysis, bolstered by Hexagate’s technology, outlines more advanced tactics. Real-time on-chain monitoring stands out, with Hexagate’s machine learning models tracking fund movements to spot anomalies like unusual transaction sizes or suspicious addresses.
The report cites a case where Hexagate detected attackers siphoning cmETH from Mantle, enabling a timely pause of funds.
Cosigner / transaction validation, where Hexagate acts as an independent checker before transactions are signed, adds yet another layer of defense, automatically flagging or blocking risky operations.
Multi-party computation (MPC) wallets with strong quorum requirements and strict signer communication protocols are also recommended to distribute control and reduce single points of failure.
Beyond technical fixes, the report addresses off-chain threats like insider risks, spotlighting North Korean IT workers who infiltrate firms with fake identities.
A U.S. Department of Justice case from 2024, indicting 14 DPRK nationals for stealing $88 million via such schemes, underscores this danger.
Chainalysis urges exchanges to adopt rigorous background checks, monitor network activity, and train staff against social engineering—measures echoing FBI and CISA guidance.
While these strategies promise enhanced security, their effectiveness hinges on proper execution.
Still, Chainalysis’ blend of both Web2 and Web3 defenses offers a pragmatic starting point for cryptocurrency exchanges navigating an increasingly hostile landscape, where prevention may be the only viable shield against collapse.
It’s also worth noting that with the emergence of more sophisticated AI algorithms, scammers, fraudsters, and bad actors have even more advanced tools at their disposal. Unfortunately, these new tools are being used to target a number of unsuspecting individual users and crypto-focused organizations as well. The best of course action is to remain alert and vigilant while also not sharing too many personal details online.