Connect with us

Research & Opinion Trending

From WazirX Hack to Crypto Security: What Experts Say About the $230 Million Theft

Research & Opinion

Cascading Chaos: Why a Single Tech Failure Can Bring a Nation to its Knees

Cyber Crime Research & Opinion Trending

This Innocent Facebook Friend Request Cost a Mumbai Man Rs 21 Lakh—Find Out How

Research & Opinion

Unveiling the Power of Generative AI: Transforming Creativity and Innovation

Cyber Crime Research & Opinion

I Got Scammed, How Do I Get My Money Back?

Cyber Crime Research & Opinion

All You Need To Know About Digital Arrest: A Novel Cybercrime Trend

Cyber Crime Research & Opinion Trending

I4C, NSD Join Hands With MyGov To Raise Awareness on Cybercrime in Innovative Street Plays

Research & Opinion Tech Talk Trending

Innovative Cyber Investigation Tool to Win Prestigious 'सर्वश्रेष्ठ साइबर त्रिनेत्र' Award at Future Crime Summit 2024 - Nominate & Register

Cyber Crime Policy Watch Research & Opinion

India Faces Rising Threat of Spam Marketing: Protecting Consumer Rights

Research & Opinion Tech Talk Trending

Future Crime Summit 2024: Recognizing India's Cybersecurity Champions - Nominate & Register Now

Research & Opinion Tech Talk Trending

FutureCrime Summit 2024: Gathering Of India's Finest Speakers To Combat Digital Threats - Don't Miss the Biggest Cybersecurity Event of the Year

Research & Opinion

SCOPE Convention Centre, New Delhi To Host FutureCrime Summit 2024

Research & Opinion

Prof. Triveni Singh Unveils Revolutionary Cybercrime Management Framework at DSCI Event

Research & Opinion

FutureCrime Summit 2024: Nominations Open for Top Honors in Cybersecurity

Research & Opinion Trending

FutureCrime Summit 2024: Over 500 Participants Enroll Within 24 Hours of Registration Launch

Research & Opinion

Registrations are now OPEN for the “FutureCrime Summit 2024”. Register Now!

Research & Opinion

FCRF-RML National Law University Lucknow Webinar: Join Data Protection & Privacy Workshop By Top Experts

Research & Opinion Trending

India Ranks Third Globally in Governmental Requests for Content Removal from Google

Research & Opinion Tech Talk

FutureCrime Summit 2024: Most Innovative Confluence of Cyber Crime Fighters

Research & Opinion

Why Reinventing the Wheel in Cybersecurity is Crucial for National Security

Research & Opinion Tech Talk Trending

23 Milestones of India’s IT Act @ 23

Research & Opinion Tech Talk Trending

Card Swiping Secrets Unveiled: How VISA, Mastercard, and Amex Make Money Moves

Research & Opinion Trending

Cyber Battlegrounds: FCRF Unveils India's Top 10 Cybercrime Hotspots & Vulnerable Districts

Cyber Crime Research & Opinion Trending

FCRF Report: India Battling Cyber Threats with Online Financial Fraud Dominating at 77.41%

Research & Opinion

SEBI Issues New Cyber Security Guidelines to Protect Securities Market from Cyber Attacks

Research & Opinion

New Age Transaction Monitoring Signals for Banks || Rented Accounts

Research & Opinion

Digital Forensics: India’s Roadmap for the Next Decade

Research & Opinion Trending

Cybercrime's Hidden Web: 120,000 Computers Infected by Stealthy Malware Network

Research & Opinion

World Social Media Day - From Empowerment to Harassment: The Bitter Reality of Online Spaces for Indian Women

Research & Opinion

Top 23 Most Lethal Ransomware Groups In The World – Tactics, Victims & Operations Details Inside

Research & Opinion

Breaking The Spam Cycle TRAI's AI Solution To Combat Unwanted Messages

Research & Opinion

Indian Health Ministry Shuts Down Data Breach Claims, Ensures Co-WIN Portal's Fortified Security

Research & Opinion

Google's Secret Manipulation: Research Psychologist Exposes Biased Algorithms and Election Influence

Research & Opinion

How To Protect Your Devices, Like a Pro

Research & Opinion

Financial Cybercrime On The Rise: Cyber Criminals Use Fake SMS And Malicious Apps

Research & Opinion

Want To Become A Future Crime Researcher? Join The Future Crime Research Foundation

Research & Opinion

How To Not Take The Phishing Bait

Research & Opinion

Cyber Fraud In The Name Of ‘Work From Home’ Job Offer

Research & Opinion Trending

World Economic Forum 2023: What’s Cyber Pandemic? How Much Data Is Being Created Globally Every Minute?

Research & Opinion

Why We Need Global Rules To Crack Down On Cybercrime: World Economic Forum Warms Up To The Idea Of Online Security

Cyber Crime Research & Opinion Trending

Hybrid Work Models In India Increase Hacking Risks: Unregistered Devices A Potential Security Threat

Research & Opinion Tech Talk

Most Cyber Attacks on China, India in Govt Sector: CloudSEK Report

Research & Opinion

Every Cyber Attack Is A wake-up Call For The Nation

Research & Opinion Trending

Security Flaws In Atlassian Products Can Be Misused By Cyber Criminals Affecting Multiple Businesses

Research & Opinion Tech Talk

Future Crime Research Foundation And CMEE IIM Lucknow Webinar: Experts Come Together To Decipher Rising Financial Cybercrime And Prevention

Research & Opinion

Automated Fraud Detection in Android Apps — Financial, E-Commerce

Economic Fraud Research & Opinion

Exposing FRAUD4 Nexus With Bureaucrats, Vendors, OEMs, C-Suite Executives: Time To Audit The Big4(20)

Research & Opinion

All You Need To Know About Financial Cyber Crime Through Fake Message For Electricity Disconnection

Research & Opinion Tech Talk

How Hackers Break Passwords And How You Can Secure Them! Here Are Top Four Methods

Research & Opinion

Death Of The Whistleblower

Research & Opinion Tech Talk

All You Need To Know About Password and Authentication Best Practices

Research & Opinion

12 Typologies Of Crypto Scams To Watch Out For

Research & Opinion

The Less Talked About Immigration Scam

Research & Opinion

Fraudulent Quick Loan Apps & Chinese Directors Behind RBI's Crackdown Against 5 NBFCs

Research & Opinion

Future Crime Workshop: Know All About The Use Of Blockchain In Prevention Of Cybercrime

Research & Opinion

Future Crime Workshop: Demystify The Underground World Of Darkweb And How To Investigate Crime

Research & Opinion

Future Crime Workshop - Robust Policy And Investigation Key To Control Metaverse Crimes: Amit Dubey

Research & Opinion

From WazirX Hack to Crypto Security: What Experts Say About the $230 Million Theft

Published

2 months ago

on

NEW DELHI: India’s leading cryptocurrency exchange, WazirX, faced a massive security breach on Thursday, resulting in the theft of approximately $230 million (around Rs 2000 crores). The attackers targeted the exchange’s Safe Multisig wallet on the Ethereum network, demonstrating the complexity and precision of a highly organized criminal operation. This sophisticated hack has sparked speculation about the involvement of the notorious North Korean cybercrime group, Lazarus Group, which has a history of targeting the crypto sphere.

Prominent blockchain experts shared their insights on the incident and the measures needed to enhance the security of cryptocurrency exchanges.

Regulatory Clarity and Immediate Action

Sanjeev Shahi, Director-Sales, South Asia & Pacific at Crystal Blockchain highlighted the urgent need for regulatory clarity in India, especially in light of the evolving relationship between cryptocurrency exchanges and the government. “This is a critical moment for regulatory clarity, with stringent requirements for information security alongside AML and fiscal risks,” he stated. Shahi is confident that Indian authorities are working closely with WazirX to freeze and recover the stolen funds. Furthermore, he believes the government is likely verifying the custody procedures of other exchanges to ensure that their assets are not overly centralized and that proper measures are in place to prevent similar attacks.

Gaurav Mehta, Co-founder & CEO, Catax concurred, emphasizing the need for stringent regulations and regular audits for cryptocurrency exchanges. “Governments and authorities should enforce secure custody protocols similar to those in the stock market to safeguard assets, mandate insurance policies to cover losses from hacks, and promote robust cybersecurity frameworks and standards,” he suggested. Mehta underscored the importance of these interventions to ensure the safer custody of billions held by Indians on these platforms.

ALSO READ: Join FCRF’s Webcast: Decoding the Union Budget 2024 Allocation for Cybersecurity, Cyber Forensics, and Police on July 23

Advice to Clients and Other Exchanges

To the clients of WazirX and other cryptocurrency exchanges, Shahi advised against panic. “Clients should not believe that WazirX is dreadful at security,” he emphasized, suggesting that the issue is likely contained. He recommended that clients temporarily withdraw their funds to self-custody but cautioned about the associated risks. “If you’re using a hardware wallet like Trezor or Ledger, make sure it hasn’t been tampered with once you buy it from the store,” he advised.

Mehta added that clients should immediately collaborate with international exchanges, forensic experts, and industry partners to track and recover stolen funds, ensuring they are not liquidated.

Shahi underscored the relentless and clever nature of cyber attackers. “These attackers are persistent and always shifting tactics to beat the defenders. Sometimes, they just get through—and these disasters happen,” he explained.

Mandatory Security Protocols

Shahi pointed to the Cryptocurrency Security Standard (CCSS), an open standard developed for cryptocurrency businesses, as a crucial guideline. “The most important considerations are having multi-signature requirements for key wallets and distributing funds into smaller amounts to minimize losses if one wallet is compromised,” he explained. He also stressed the importance of minimizing damage if attackers gain access to systems, which often occurs through phishing attacks on social media or email.

Mehta emphasized the need for clear custody guidelines and mandatory third-party auditing to ensure better protection for users’ funds on cryptocurrency platforms. “This approach addresses the lack of standardized treasury management practices across exchanges, providing a more consistent and secure framework for safeguarding user assets,” he said.

Picking a Safe Exchange

When asked about how to choose a safe exchange, Shahi acknowledged that no solution is 100% foolproof. He suggested that users consider their level of exposure and look for external audit standards like ISO 27001 and PCI DSS. “You can also look for evidence of on-chain tech audits if it’s a DeFi protocol or token,” he advised. Shahi recommended checking if exchanges use high-quality custodial services and effective AML monitoring tools like Crystal, which can help detect and respond to hacks swiftly.

Improving Internal Security Measures

Addressing how services can improve their internal security measures, Sanjeev Shahi emphasized that security requires a cultural shift rather than just financial investment. “You need a culture of it—from the office to the home,” he said. He suggested making small security practices routine, such as using a password manager for both work and personal use. Shahi also proposed offering security-related perks to staff, like free antivirus subscriptions and password managers for their families, to integrate security into their daily lives.

ALSO READ: SIT Files Chargesheet Against Former DGP BS Sidhu in Dehradun Land Scam

Gaurav Mehta added that cryptocurrency exchanges can improve their internal security measures by implementing real-time monitoring and anomaly detection systems, conducting regular third-party security audits and penetration tests, and enforcing strict access controls for transactions. He stressed that while multi-signature protocols are important, the overall system security is crucial. “Exchanges should ensure the security of the entire system, not just the multi-signature components,” he explained.

Transparency and Communication

Mehta highlighted the importance of transparency from cryptocurrency exchanges in the event of a security breach. “Exchanges should provide clear and timely information to their clients about the breach, the steps being taken to address it, and any measures clients should take to protect their assets,” he advised. This transparency helps build trust and ensures that clients are well-informed.

Comprehensive Steps to Enhance Security

Sanjeev Shahi elaborated on several comprehensive steps to enhance security in the cryptocurrency sector. First, he highlighted the importance of having stringent regulatory frameworks that mandate robust information security practices. “Regulatory clarity will ensure that exchanges adhere to best practices in information security, AML, and fiscal risk management,” he stated.

He also stressed the necessity of multi-signature wallets for key funds. “Multi-signature wallets prevent a single person from withdrawing funds, adding an extra layer of security,” Shahi explained. Additionally, he recommended that exchanges distribute funds into smaller amounts across multiple wallets to minimize potential losses if one wallet is compromised.

Shahi emphasized the importance of regular security audits and third-party assessments. “Exchanges should undergo regular security audits and adhere to standards like ISO 27001 and PCI DSS. These audits provide an external validation of the exchange’s security measures,” he advised.

Educating and Empowering Users

Educating users about the security measures they can take is also critical. Shahi suggested that exchanges should provide comprehensive guides on how to securely store and manage cryptocurrencies. “Users should be informed about the risks and best practices for securing their assets. This includes using hardware wallets, keeping seed phrases secret, and downloading applications only from trusted sources,” he explained.

Building a Culture of Security

Building a culture of security within the organization is equally important. Shahi recommended integrating security practices into daily routines for all employees. “If employees are required to use a password manager for work, they should use one at home too. This consistency helps reinforce secure habits,” he stated. Offering security-related perks, such as free antivirus subscriptions and password managers for employees’ families, can further promote a culture of security.

Lessons for the Industry

Gaurav Mehta concluded with a crucial lesson for the industry: custody and exchange mechanisms should be managed by separate entities. “VDA asset custodians should be handled by specialized entities that are insured, regulated, and compliant with local laws,” he advised. This separation can help mitigate risks and ensure that assets are better protected.

The breach at WazirX highlights the ever-present threats in the cryptocurrency sector. While regulatory clarity and robust security protocols are crucial, fostering a culture of security among both staff and users is equally important. As the industry navigates these challenges, expert insights from professionals like Sanjeev Shahi and Gaurav Mehta will be invaluable in shaping a safer future for cryptocurrency exchanges. By implementing comprehensive security measures and educating users, the industry can better defend against sophisticated cyber threats and build trust among cryptocurrency investors.

 

Follow The420.in on

 TelegramFacebookTwitterLinkedInInstagram and YouTube

 

Related Topics:
Continue Reading