Millions of dollars for safety: like gate.Io protects customer funds
According to the Hedgewithcrypto portal, over the past 10 years, hackers hacked 49 crypto -rhizas and stole $ 2.7 billion. Nevertheless, the sites constantly improve protection – large thefts are getting less and less. In 2020, nine hacks occurred, last year – four, and in this – only one.
Together with Gate.Io telling what vectors of attacks most often use hackers, how the platform protects customer funds and what the largest crypto -rhizas are afraid of.
What is the safety of the exchange
The most common reason for hacking the exchanges is the vulnerability of the storehouse of private keys to hot wallets. According to HedgewithCrypto, hackers also used:
- bugs of the trading platform;
- gaps in the protection of servers;
- mailing of malicious programs;
- Buying employees.
To protect customers, sites must close these vulnerabilities and develop response scenarios to various threats. Some exchanges use unique measures:
- Gate.Io has developed a program for onchain audit of reserves and the first of the mainstream crypto-streaks provided evidence of 100% of user balance;
- BitMex implemented in the trading engine reconciling user balance after each transaction and stop cranny to stop operations if at least one trader does not converge with the history of its transactions;
- Coinbase launched Coinbase Tracer – its own service to check the cleanliness of transactions;
- Kraken installed video surveillance systems in server systems and assigned armed guards to them.
Complex protection of the site is expensive: Gate.IO spends millions of dollars on it a year. The exact amount is under secret.
Protection of hot and cold wallets
Exchange uses two types of wallets: hot for daily operations for the adoption of deposits and withdrawal of funds and cold for safe storage of assets.
Hot wallet keys are usually on a computer with the Internet connection so that the site can quickly sign transactions. This is dangerous – hackers can access the car, steal a private key https://gagarin.news/news/aptos-project-overview/ or redirect transactions to their addresses.
For controlling hot and cold gate wallets.Io uses multi -signature, which means theft of one key will not lead to loss of control over assets.
In addition, Gate.Io holds keys and backups in hardware security module – Trezor and Ledger analogues for business tasks. All cold wallets are disconnected from the Internet.
Safety of the site and servers
In 2020, hackers gained access to Livecoin exchange servers, increased bitcoin and Ethereum quotes to $ 220,000 and $ 65,000, respectively, and then stole more than $ 2 million. Since 2014, eight exchanges have suffered from such hacks.
To resist such attacks, gate.Io uses:
- HTTPS protocol for safe data transfer between users and servers;
- own anti-DDOS and Cloudflare firewall to protect against traffic, which can slow down or paralyze the platform;
- Web Application Firewall (WAF) to combat network attacks -SQL interceptions, substitution of access tokens, performing malicious code in the browser and attempts to erupt passwords;
- Protected DNS so that hackers could not redirect users to a phishing site.
Gate trading core.IO consists of separate modules. This approach does not allow hackers to implement a script with the substitution of cryptocurrency quotes, instruments or any other parameters of the platform.
To ensure internal security, the exchange has introduced corporate files and a system for monitoring corporate resources. When one working computer is infected, the system will reveal the virus at the first attempts to read the data.
If an attacker receives access to the user account, he will be able to steal his means despite measures to protect wallets and platforms. Therefore, Gate.Io obliges users to configure two -factor authentication in one way:
- Code in SMS or writing by e -mail;
- Google authenticator;
- Confirmation of the entrance through the hardware key to Yubikey, the hardware wallet Gate.Io Wallet S1 with a fingerprint scanner or other device with FIDO2 standard support.
The user also sets the trading password. The platform requests it before any operation with assets: opening or closing a position, transferring funds or the withdrawal of cryptocurrency to an external wallet. In addition, he can configure the white list of addresses to output.
Even if there is a login and password from the account, the hacker will not be able to withdraw or use the funds in a different way. At the same time, Gate.Io will send the owner of the account a notification of the entrance from the new IP address and writes it to the journal Loginov.
For unforeseen circumstances on gate.IO works an account inheritance service. The user indicates the contact details of loved ones or friends. If he does not go to the platform for a long time, the exchange will contact the indicated people and after confirming the personality will transfer access to the account.
In 2022, crypto enthusiasts faced a new problem: exchanges used their deposits for their own operations. Due to the fall of bitcoin and Ethereum courses, the positions of the sites became unprofitable. Companies suspended the withdrawal of funds or even announced bankruptcy.
Two years before, Gate.Io has developed a Proof-OF-RESERVES ONCHINE for an independent audit of reserves. In it you can find out your real balance on the cold wallet of the Hesha UID exchange .
In July 2022, the audit company Armanino LLP confirmed that Proof-OF-RESERVES works correctly and Gate.Io stores 100% of the funds paid.
Cryptoists launch blockchains and tokens, but cannot guarantee the safety of decentralized applications. So, in March 2021, hackers captured the DNS Pancake SWAP on BNB Chain, and intercepted the private keys of part of the traders.
To eliminate this vulnerabilities Gate.Io added to GateChain the mechanism of cancellation of transactions and backup withdrawal. Users create special storage addresses and set the number of blocks, within which the sent transactions can be canceled.
In addition, the owner of the storage can tie a backup address to him for withdrawal of funds in the event of a private key loss. To do this, contact the technical support Gate.Io.
After rebranding on the page “About Gate.IO “appeared the slogan” Our highest priority – the safety of data and user assets “. And this is true: the stock security system closes the well -known vulnerabilities of trading floors.
But Gate.Io does not stop there: the exchange launched a bounty program for white hackers and developed a hardware wallet with a fingerprint print scanner Wallet S1.
Read the FORKLOG Bitcoin News in our Telegram-cryptocurrency news, courses and analytics.