Study: Weak Passwords are let at 70 % of Crypto Exchanges

More than 70 percent of the cryptocurrency exchanges allow users to create accounts with weak passwords
23 March 2018   1136

The research authors claimed that such passwords`unsafety keeps the personal information demonstrated to financial theft. Less than a half of the interviewed trading platforms stipulate password strength assessment tools.

According to the new survey, some popular crypto exchanges let their customers to explore dangerously weak watchwords. 43 % of the platforms allow users to make accounts choosing passwords with fewer than 8 points. The study also reveals that 34 % platforms do not demand alphanumeric passwords at all. The testers mainly could set up accounts with watchwords using plain combinations of numbers and letters, for example “12345” or words like “password”.

The digital security company Dashlane regularly presents the annual Cryptocurrency Exchange Password Power Rankings. They have checked 35 of the leading trading platforms in the world inspecting their password security. Researchers examined if exchanges provide strength assessment tools, email confirmation (activation) and  2FA (two-factor authentication). They revealed that over 50 % of the platforms supplied account keepers with tools like meters of a color-code bars. In conclusion the authors claimed that such insecure practices can leave many customers`accounts to hacking or financial theft.

Emmanuel Schalit (Dashlane CEO) said that the above-mentioned study should “serve as a wake-up call to the entire industry”. He considers that signing up for a cryptocurrency exchange is like signing up for a bank account. He also stated “it`s critical that your account is locked down on the security front”.

During the exchange survey each platform was being tested on five critical password and account security positions. Then they have been ranked according to the received points. Only 10 platforms correspond to all 5 criteria. These are Bitcoin.de, BitMEX, BTCC, Cobinhood, Coinbase, Cryptopia, Gemini, Huobi, itBit, and Paxful.

Experts recommend users to generate their passwords with no less than 8 symbols for each online account they open. Enabling 2FA is critical and should definitely not be skipped even when you log in for the first time.

China to Finance Hacker Attacks on Exchanges, - FireEye

Experts believe that the victims of APT41 are industry participants, the development of which is a priority in the current Chinese five-year period
08 August 2019   313

The hacker group APT41 attacks companies in the areas of healthcare, telecommunications, fintech, media, and cryptocurrency exchanges. This activity is funded by the Chinese government, according to analysts of cybersecurity company FireEye.

Experts believe that the victims of APT41 are industry participants, the development of which is a priority in the current Chinese five-year period.

Industries Targeted by APT41
Industries Targeted by APT41

At the same time, APT41 pursues its own goals, extracting financial benefits from attacks, which is unusual for other groups under the Chinese government, according to FireEye.

APT41 is known to include at least two people with the pseudonyms Chzan Xuiguan and Wolfji. The group probably has connections with other hacker organizations like BARIUM and Winnti.

FireEye also evaluated at what time of the day the APT41 attacked the gaming industry (its core target) and businesses from other areas. It turned out that this was happening outside the framework of a standard working day - probably these people, among other things, have the main job.

APT41 Operational Times
APT41 Operational Times

According to the UN Security Council, hackers under the DPRK government stole about $ 2 billion from banking institutions and cryptocurrency exchanges.