Social Engineering Attacks
How An Exchange Protects Users' Digital Assets
By Xdite Cheng | Blockchain is one of the most popular topics in the tech community. Instead of opening a crypto exchange or issuing a digital coin, the most profitable business in the blockchain industry, in my opinion, is to hack it. Therefore, to run a blockchain exchange, besides being in the right place at the right time, one has to be technically savvy since exchanges often fall prey to cyber attackers.
Generally speaking, there are two types of cyber attacks. The first targets IT system flaws that have to do with the software. The second is social engineering attacks that involve the users.
Social engineering attacks are malicious activities accomplished through human interactions that use psychological manipulation to trick users into making security mistakes. According to Imperva’s Incapsula.com web app security site, these are some common mistakes:
Giving away the E-wallet password because the user wants to get an airdrop (free coin), or let others open their wallet.
Failing to keep track of one’s password and getting attacked by username enumeration. Hackers may try to access user information in Website A and manipulate it to log into Website B.
Accidentally logging into a scam website and revealing the password.
Downloading .pdf or .docx attachments from phishing emails that come with Trojan horses. These malicious computer programs will then access the users’ personal information such as banking information, passwords, or personal identity.
Users should do the following to enhance awareness and the skills to protect their information:
Use iPhone, Mac, and Chrome browsers.
Check if the website URL is correct, and make sure it begins with ‘https’. Use different passwords for different websites.
Be careful of emails, even from people you know well – do not open them rashly.
Enable 2-Step Verification (two-factor authentication) on email accounts.
Since not everyone has enough information about security awareness, defending against social media scams is always easier said than done.
As an operator of the exchange, the challenge we face is how to prevent hackers from further prevailing if our users have already been attacked. In addition to the mainstream safety measures deployed by most exchanges, OTCBTC has an internal control mechanism that detects suspicious events and actively blocks them.
For example, when a user transfers digital assets to a wallet address with high-risk, if it is found that an inactive user suddenly transfers a large amount of digital assets, he or she will be redirected to human customer service to confirm the withdrawal. If multiple users are logged in as a unified IP, we will quickly freeze all related accounts. There are many other security features on the exchange, including risk control, token listing, and employing the help of professional security companies.
In short, I hope this article encourages readers to improve their awareness of financial security. At the same time, the OTCBTC team will spare no effort to create a secure and reliable world-class cryptocurrency trading platform. Our next goal is to launch an enterprise-level OTC trading function – OTC Cloud Service – so that more companies can build OTC trading systems with our help. otcbtc.com
About The AuthorXdite Yi-Ting Cheng is the Founder and CEO of OTCBTC, an over-the-counter crypto exchange based in Taiwan. She is a veteran in the blockchain industry, a well-known growth hacker, and won the Facebook hacker marathon in 2012. Xdite has more than 10 years’ experience in technology development, and has served as technical director of medium and large-scale international development teams.