China is increasingly cracking down on bitcoin and cryptocurrency, fearing the proliferation of illicit investments and fundraising. — Photo: © AFP, MARCO BELLO
In a recent article from TechRadar, it was revealed that Coinbase customers are very concerned following actions by rogue hackers to drain their crypto wallets. These hacked Coinbase accounts are then sold on the Dark Web for anywhere between $100 and $150.
The incident is of significance because Coinbase is one of the largest and best-recognized digital asset exchange in the world, being listed on the Nasdaq.
According to CNBC, many customers remain as angry with Coinbase as they are with the attack, based on the level of support they have received. Coinbase’s customer service communications have been primarily via email. In response, many customers are reported by CNBC to have said they struggle to reach company representatives.
Looking into the incident for Digital Journal is Sam Bakken at OneSpan. According to Bakken the incident highlights why the cryptocurrency sector remains vulnerable, as well as a prime target given the relative value of tokenized money.
Bakken explains: “Incidents like this demonstrate that cryptocurrency exchanges need to take a serious look at how they are authenticating users on their platforms and following up on fraud claims. Table stakes would be responding to customer inquiries within a reasonable amount of time, better would be pro-actively notifying customers of fraud, best would be detecting, and stopping the fraud before it occurs.”
In terms of the salient lessons to be drawn from the latest incident, Bakken offers the following insight: “Players in the cryptocurrency space will need to look at the lessons learned by more traditional financial institutions (FIs) and banks when it comes to security – especially as crypto moves into the mainstream with more consumers investing via retail exchange platforms than ever before.”
He adds that vulnerability concerns spread even further: “SIM swap fraud has been used widely by bad actors to gain access to accounts. SMS alone as a form of authentication is innately less secure than other methods – and crypto firms will need to follow suit. Using SMS for multi-factor authentication often puts the onus of protecting customer data on mobile network operators, whose number porting processes are historically not designed to withstand such attacks.”
Despite obvious consumer hesitancy, cryptocurrency exchange sites will continue to be popular. Bakken is of the view that these platforms can, and should, do more to protect their users. He recommends: “Cryptocurrency platforms should be looking to adopt mobile push notifications and binding mobile devices and apps to accounts as an alternative, which have the added benefits of being protected by application shielding technology as well as the latest identity verification technologies such as machine learning and biometrics.”
In doing so, Bakken finds: “This will allow these online platforms to have a stronger interface for a seamless and user-friendly experience, while being able to quickly and remotely verify whether a user is in fact who they say they are or not.”