Crypto-Exchange Security

Safe transactions and funds for traders

A crypto-exchange is an online platform where users buy and sell cryptocurrencies. The combined monthly trading volume of the largest crypto-exchanges exceeds hundreds of billions US dollars. That is something cybercriminals simply cannot ignore. In fact, they regularly target cyber-exchanges and many of their attacks are successful. In the first half of 2018, for instance, at least four attacks resulted in losses of more than $750 million.

Hackers usually don’t try to exploit vulnerabilities in cryptocurrencies because of how difficult they are to hack. They also rarely attack wallets directly. In most cases, they are interested in the cryptocurrency exchanges themselves, since these are currently centralized systems with a single point of failure – malicious scripts can be embedded in the source code of online platforms. They are also vulnerable to 51% attacks and phishing.

Learn how you can mitigate the risks related to trading engines as an application and to the web aspect of crypto-exchanges.

  • Cybersecurity Incident Response

    Perform remediation, data collection as well as in-depth intelligence and forensics activities. Highly experienced cyber-intrusion detection analysts and investigators help ensure effective resolution of security incidents.

  • Trading Platform Resilience

    Get a full review of your source code and a report on detected platform vulnerabilities along with our recommendations on how to fix them. Mitigate the risks of infiltration and disruption to data or systems by resolving any security issues.

  • Cyber-Hygiene Education

    Online interactive training for non-professionals as well as your tech staff to improve their cybersecurity skills. Armed with these basic skills, your developers and maintenance team can manage threats more effectively.

  • Prevent Breaches & Intrusions

    Protect your users from account fraud by making transactions and authentication secure. Prevent code injections and data breaches. Use penetration testing to see how strong your infrastructure is.

Case Studies

Learn how companies secure their token sales, smart contracts and environments with Kaspersky solutions

The Use

  • Application Security Assessment

    Safe, sustainable systems can be based on compiled programming languages such as C++, C# or Java, as well as web technologies. Both can produce highly efficient, safe engines, but they may also contain exploitable vulnerabilities that can be detected and reported. We provide a full system assessment and recommendations to address threats.

  • Incident Response

    Reduce the impact of security breaches or attacks on your IT environment. You can ask our experts to carry out investigations, identify and isolate compromised modules, prevent threats from spreading and conduct digital forensics. A combination of continuous automated analysis of phishing activity along with expert cybersecurity assistance provides immediate alerts that help protect you from financial and reputational losses.

  • User Account Takeover Prevention

    While working with transactions and hot wallets, users can fall victim to fraud. Malicious scripts can be inserted into the JavaScript of a page replacing the transaction parameters, hackers can gain access to a user's private keys, while social engineering and phishing are still effective. These and numerous other threats mean it's important to protect user accounts. We provide security solutions for web and mobile channels to ensure account safety.


Security Breach?

Professional help is available whenever you need it. Operating in more than 200 countries, from 34 offices worldwide, we have you covered 24/7/365. Take advantage of our Premium support packages, or call on our Professional Services to ensure that you derive maximum benefit from your Kaspersky security installation.

White Papers

Learn more, with thought leadership from our globally recognized cybersecurity experts

The Risk

From the very beginning of the project, while you are managing public communications and marketing, estimating key milestones and looking for strategic alliances, attackers are also collecting information about you. Targeted attacks, including DDoS, can be launched either during the design and beta-testing stages or after the project’s global roll-out. Sometimes these attacks are funded by unscrupulous competitors. Before an intrusion, hackers conduct in-depth research on technological and design weaknesses of the platform. In most cases this focuses on the web layer, because it can be unstable and unsafe. Fake beta testers, partners or dedicated development teams may seek to gain access to the project platform. They use their access to find bugs and exploit them.

  • Scan

    Probing with malware, phishing, social engineering.

  • Scan

    Targeted attacks aim to get inside and inject malicious code into the project's source code.

  • Scan

    Secret keys from client wallets can be stolen.

  • Scan

    Attempts to get inside and plant a backdoor or steal credentials for remote access.

  • Scan

    Attacks via third parties such as fake beta testers.

  • Scan

    Cryptocurrency clients may contain malicious code.