Bybit’s chief executive officer Ben Zhou said that he was no longer stunned by the attacks happening to crypto firms as they are vulnerable by design.
Crypto exchange security has been a trending subject recently due to crypto attacks that happened in the past few months. Once again, the subject was in the headlines after hackers drained about $150 million from Bitcoin exchange Kucoin. According to Bybit CEO, Ben Zhou, such incidents should not shock crypto users anymore because crypto exchanges are vulnerable by design. He added that as a centralized web application, crypto exchanges are exposed to the same security issues other websites face.
“Hot wallets are vulnerable to theft.”
Bybit CEO Zhou explained that most crypto exchange servers and storage networks hold virtual currencies in hot wallets. If not well secured, these hot wallets are vulnerable to theft. The Bybit executive noted that a cold wallet system would be much safer than a hot wallet one. Unlike hot wallets, cold wallets are not connected to the internet. This means they are less vulnerable to hacks. The only inconvenience with cold wallets is the inability to make immediate large withdrawals from an exchange. Zhou asserted that security should be among the priorities for any exchange, more so those that operate online.
“Crypto exchanges need to address their current weakness and enforce more security layers.”
Cryptocurrency exchanges need to address their current weakness and enforce more security layers to help prevent future hacks, the CEO said. Security systems must be able to protect information across all points of interaction, including securing user data. “This can be accomplished by applying best practices for application life cycle management, hiring knowledgeable and reputable security consultants for penetration testing, and running bounty programs within the white hat community to identify any potential vulnerabilities,” Bybit CEO said. The CEO further suggested that crypto exchanges should collaborate with trusted security firms to implement firm management processes, conduct security audits, and bank on zero-trust architecture.