Are there security measures that CEXs can put in place to cub the activities of hackers?

[Wakanda]

It's worrisome to see that just after 2 months of rebranding and celebration of 10th year anniversary which saw Huobi transformed to HTX, the exchange has suffered a major hack. Of course the CEX name didn't settle well with users when the name was unveiled in September as many question the similarity between the new name and the defunct FTX and it's already looking as if users guesses were right afterall.

What is more worrisome is that just a few weeks back precisely Nov 10, poloniex exchange also suffered a hack with losses estimated at over $100 million in cryptocurrency. Putting this vis a vis with the HTX and Heco chain hack with an estimated loss of over $115 million, we are talking of a combined $215 million loss in users funds.

Despite the compensation plans announced by this CEX, I couldn't help but think why not implement the "prevention is better than cure" strategy. After the 2016 Bitfinex hack, I think exchanges should have learnt and implement more robust security measures but it's sad that 7 years later, we are still discussing security breaches in a sector that has the most glaring technology (Blockchain).

At this point am curious to know if there are exchanges immune to this hacks and are there any measures they put in place? I also think integrity test should be conducted for exchange owners but the question is how can this be achieved in an industry that is not being regulated. Share your views and let's discuss.

[BashJasper]

Smart contract fraud and wallet address hackers just like internet fraudsters can only be checked if there's constant monitoring of the space, upgrading security architecture continuously and practice safe browsing. some other exchanges have maintained a healthy state of exchange security over the past couple of years like Bitget and Upbit even when there's been several attempts.

[XTRAVAGANZA]

Exchanges are now implementing mandatoty KYC in an effort to increase security and protect users. Some exchanges have even implemented asset protection funds like the SAFU on Binance and the asset protection fund on Bitget, to further boost users confidence and show increased commitment to protecting users funds.

[Bash4j]

In addition to the above listed by various contributors, I guess  implementing these unique security measures might help in mitigating the activity of hackers:

equiring users to enable 2FA adds an extra layer of security by verifying their identity through an additional authentication factor, such as a mobile app or SMS code.

Cold Storage: Storing a significant portion of customer funds offline in cold wallets or offline storage devices helps protect them from online hacking attempts.

Utilizing multi-signature wallets requires multiple authorized signatures to complete transactions, reducing the risk of unauthorized access or fraudulent activity.

Enabling IP whitelisting allows users to specify trusted IP addresses from which they can access their accounts, restricting access from unknown or suspicious IPs.

Employing advanced monitoring systems and intrusion detection tools helps detect and respond to potential security breaches promptly.

Conducting routine security audits by independent third-party firms helps identify vulnerabilities, assess risk, and implement necessary security enhancements.

Some exchanges offer insurance coverage to protect customer funds in the event of a security breach or hack, providing an additional layer of financial protection. (e.g the recently launch $300M plus Bitget protective)

These security measures, combined with continuous monitoring, employee training, and adherence to industry best practices, can significantly enhance the security posture of CEXs.

[Maxicreed01]

6 hours ago, XTRAVAGANZA said:

Exchanges are now implementing mandatoty KYC in an effort to increase security and protect users. Some exchanges have even implemented asset protection funds like the SAFU on Binance and the asset protection fund on Bitget, to further boost users confidence and show increased commitment to protecting users funds.

Yeah, a lot is happening particularly with exchanges and platforms that are user centric and i feel in no distance time the situation could be reduced to the barest minimum. 

[Incarts]

On 26/11/2023 at 23:57, BashJasper said:

Smart contract fraud and wallet address hackers just like internet fraudsters can only be checked if there's constant monitoring of the space, upgrading security architecture continuously and practice safe browsing. some other exchanges have maintained a healthy state of exchange security over the past couple of years like Bitget and Upbit even when there's been several attempts.

It all boils down to the exchange's dedication to protect customers' assets. Apparently these exchanges that haven't recorded any hacks for 5+ years of functioning like the case of the first exchange you mentioned, are working behind the scene to make it happen. HTX and the likes need to do more and save the industry’s reputation already. 

[Megamind]

On 26/11/2023 at 08:48, Wakanda said:

It's worrisome to see that just after 2 months of rebranding and celebration of 10th year anniversary which saw Huobi transformed to HTX, the exchange has suffered a major hack. Of course the CEX name didn't settle well with users when the name was unveiled in September as many question the similarity between the new name and the defunct FTX and it's already looking as if users guesses were right afterall.

What is more worrisome is that just a few weeks back precisely Nov 10, poloniex exchange also suffered a hack with losses estimated at over $100 million in cryptocurrency. Putting this vis a vis with the HTX and Heco chain hack with an estimated loss of over $115 million, we are talking of a combined $215 million loss in users funds.

Despite the compensation plans announced by this CEX, I couldn't help but think why not implement the "prevention is better than cure" strategy. After the 2016 Bitfinex hack, I think exchanges should have learnt and implement more robust security measures but it's sad that 7 years later, we are still discussing security breaches in a sector that has the most glaring technology (Blockchain).

At this point am curious to know if there are exchanges immune to this hacks and are there any measures they put in place? I also think integrity test should be conducted for exchange owners but the question is how can this be achieved in an industry that is not being regulated. Share your views and let's discuss.

Because of this, it's wise for traders to thoroughly investigate exchanges before choosing one. I exclusively deal with cryptocurrency exchanges that have declared proof of reserve in the wake of the unfortunate events that saw some go bankrupt and others hack. Because of what I've heard traders say about Bitget and the fact that it met my requirements, I had to start using it right away. Therefore, I'd advise DYOR to choose whatever best meets your needs.

[gandalf03]

8 hours ago, Incarts said:

It all boils down to the exchange's dedication to protect customers' assets. Apparently these exchanges that haven't recorded any hacks for 5+ years of functioning like the case of the first exchange you mentioned, are working behind the scene to make it happen. HTX and the likes need to do more and save the industry’s reputation already. 

Not just HTX but including others that have been affected with this deficiency IMHO.