DragonEX was hacked and lost over 10 million dollars equal crypto asset, that's the biggest news from China crypto industry in the past two days.
The most ironic thing is the stunning slogan "A safe and stable platform of Bitcoin and Ethereum transactions" is still available when you open the website. The DragonEX announced they're lost through major blockchain and crypto media in China, and they report the police in Estonia, Thailand, Singapore, and Hongkong.
DragonEX official telegram channel announced 8-hour maintenance on noon of 24th Mar, then they report database abnormal occurred in the afternoon. The 3rd ANN published 1 day after, 25th, they announced DragonEX was hacked and they called police in the above countries. And DragonEX will take responsibility for users' lost.
Stealing by Platform or Hacking
The first idea comes normally is the platform occupied users' asset, and as platform do not have the ability to pay user back, then they announced the platform actually hacked. The most problem is people do not trust centralized platform as famous Mt.Gox happened. Even today, the same situations are always heard from small exchanges.
On another hand, lot's of exchange are lack of experiences of risk control and safety module inspect in the trading system. Even the standard deposit/withdraw cold, warm, hot wallet with the multi-signature system, they even do not understand how that work.
Personally, I prefer to believe the platform hacked by someone. As DragonEX is operated over 1 year, and they already established their own eco-system in the exchange industry. But still have a small chance that people of the team doing evil, that still has a chance to happen.
How to Avoid Lost on Exchange
Firstly, I would emphasis both exchange and user should level up awareness of security!
To exchange:
- To build reasonable hot, warm, cold deposit/withdraw wallet structure
- Build wallet multi-signature system, distribute the key to at least 3 employees to control
- Do not pick normal ECDSA algorithm as multi-signature as it already hacked (can try coinjoin etc.)
- Work with reliable 3rd party custody services like Bitgo to distribute risks
- Buy crypto insurance for the platform asset
To individuals:
- Buy a hardware wallet instead of keywords wallets
- Keep your key away from the internet as long as possible
- Do not leave many assets in one exchange, you can trade in several platforms
- Chose those exchanges who are googlable, try to find the real man worked with the platform
- Do not download software on computer and phone with unfamiliar links
- Bond your F2A to all account
As the centralized exchange still the major choice for people, the hacking things will never stop, that's the real word with the good and bad aspect, then, that gives a strong impulse to exchange team to upgrade their services for the better experience.
Security is an eternal topic for exchange!