One of the most common hacks in cryptocurrency world is the hacks, which happens through exchanges. Many exchanges hacked so far and billions of cryptos stolen. The latest studies show that crypto exchanges hacks have three methods. In fact, hackers use three most common techniques in order to hack exchanges.
The latest studies show that hackers target open-source libraries in order to take advantage of inside job researchers.
During the Black Hat security conference, the researchers uncovered that crypto exchanges are vulnerable to hackers. In fact, researchers found three most common ways, which use by hackers. However, crypto exchanges use multiple layers of protections, still there are bugs. These bugs give the chance to hackers to get access to the private keys and steal people assets.
In this method the hackers broke the private keys into smaller pieces. It means that before the hacker could steal the funds, they have to find the pieces together.
Omer Shlomovits and Aumasson, the co-founder of the key-management firm KZen Network and cryptographer categorized the attacks. In fact, they provided three different categories for the crypto exchange attacks. These categories consist of: an insider attack, an attack, which make the use of the relationship between a customer and an exchange and an extraction of pieces of secret keys.
Crypto exchanges hacks have three methods; An Insider’s job
The Insider job is the first method, which hackers can use in order to attack an exchange. In this method, hackers usually leverage another unnamed key management from an open-source library. Then, they manipulates the relationship between customer and exchange with creating false validation statement. By applying this method, the hacker can slowly compute the private keys from exchange users by using multiple key refreshes. After that, they can begin to steal funds.
Another Method to hack exchanges
The other way that researchers found out occurs when crypto exchanges trusted customer to derive their pieces of the key. In fact, in this way the customer and exchange both generate a string of random numbers for public verification. For example, the researchers found out that Binance do not check these random values. However, Binance fixed the issue back in March.