The security situation in the cryptocurrency field in 2016

Rage Comment : In 2016, blockchain technology research and development continued to make breakthroughs, and hackers became more sophisticated. This led to major hacker attacks such as The DAO, which brought great losses and warnings to the cryptocurrency field. Of course, we should look at these human errors objectively. The most important thing is not to criticize, but to reflect deeply and take better security measures to prevent hackers from starting in 2017.

Translation: Annie_Xu

Bitfinex, The DAO, Gatecoin, etc., all reflect the security vulnerabilities in the field of Bitcoin and cryptocurrency. In 2016, industry enterprises were also frequently attacked by malicious attacks.

This year we’ve seen multiple hacks of large enterprises, proving that malicious actors may still threaten cryptocurrency startups, leaving users and investors in the blockchain industry at risk.

As startups and investors prepare for 2017, we look back at some of the biggest incidents this year, hoping that hackers will have less luck in 2017.

2016 1st half: Centralized service attacks

Centralized services (large amounts of cryptocurrency) always attract hackers to attack.

And it is important to note that the three cryptocurrency exchanges were attacked in completely different ways during this period. Some consumers hope to be protected against the risks of centralized digital currency storage, but the actual situation puts them in a difficult situation.

For example, ShapeShift suffered an insider attack and lost a lot of money; while Gatecoin and Bitfinex lost funds due to external attacks (they are currently working to return consumer funds).

There is also the biggest hacking incident this year, The DAO.

In March, decentralized venture capital fund The DAO raised approximately $150 million from global digital currency investors.

Unfortunately, hackers used The DAO code to extract $50 million in ether, challenging the promise of smart contracts and "code is law." We must be clear that smart contracts are just software, and it is impossible to avoid security flaws caused by logical vulnerabilities.

Just like putting your money in an exchange, you should carefully consider smart contracts and decentralized solutions, how they work, and how they protect your funds.

Second half of 2016: Individuals become targets

As services in the cryptocurrency space develop and security standards improve, hackers are starting to target easier targets, such as individual users.

Forbes reported that even savvy Bitcoin experts like Jered Kenna were not immune to the attack.

In the second half of 2016, the phone numbers of some people in the cryptocurrency field were stolen. Hackers used so-called "social engineering" to send requests to telephone operators and persuade technical support engineers to switch their phone numbers to numbers controlled by the hackers.

The practice is particularly insidious because text messages and phone numbers are common authentication mechanisms for many everyday services, including Google, Facebook and some cryptocurrency services.

In some cases, your phone is the single factor for resetting passwords or logging into your accounts. Your phone carrier maintains your digital service with the cheapest possible labor, and their technical support engineers don't always follow security procedures.

The best practice is to unbind all services that may use your mobile number from your phone. Another best solution is to set a password for your personal account and set the premise of changing the SIM card or operator to verify your real name on site; of course, this is not foolproof because operators do not necessarily follow safe operating procedures.

Regarding social engineering, be careful to protect services that store personal confidential information, such as Facebook, Twitter, and LinkedIn.

Because hackers can harvest this information and use it to gain access to your personal accounts, carefully consider your personal security solutions and determine whether someone could attack you through your Facebook profile.

And if you reuse the same username and password on multiple sites, consider changing them. Use hardware- or device-based two-factor authentication on each site.

There are also phishing websites that steal personal secret information. Hackers will continue to purchase keyword ads so that their malicious websites will always appear at the top of web search results.

Outlook for 2017

2016 was a banner year for hackers, but 2017 could be the year that things turn around.

We should pay more attention and use advanced protection measures to protect personal and corporate accounts to create a safer cryptocurrency ecosystem.

However, we are not doing enough. We expect the industry to invest heavily in the development of blockchain privacy protection technology and identity solutions in 2017.