- OKEx and Bitfinex were both attacked by DDoS
- “Competitors” were behind the attack
Recently, two of the leading cryptocurrency exchanges, Bitfinex and OKEx, were both hit by DDoS (distributed denial-of-service) attacks one after another but they have confirmed the issues were solved and no user fund was effected, which also sparked a debate about the system security of crypto exchanges. The first attack was happened on OKEx, one of the leading exchanges in crypto derivatives trading volume, in the afternoon of February 28 according to a twitter from Jay Hao, CEO of OKEx. It was said the technical support team of the exchange has successfully managed to spot the attack and solve this issue immediately before any user account was hacked. More interestingly, Jay Hao revealed in Weibo, a Chinese microblogging website, that “competitors” planned this attack.
Hours after the attack on OKEx, another leading cryptocurrency exchange Bifinex suffered similar sophisticated attack, and it took around one hour for the exchange to resolve the issue. All services have resumed according to the latest announcement from the exchange.
Planned attack by competitors?
While this attacks were resolved, it is still interesting to investigate the truth behind it. Ardoino, CTO of Bitfinex, said the attack should be carefully premeditated, and OKEx also reached the same result. So now comes the question, who has the ability to conduct two simultaneous DDoS attacks? Before answering that, it is necessary to understand DDoS is a typical attack which attempts to disrupt the normal operation of the targeted network with a flood of fake traffic, which prevents the normal traders from visiting the trading platform. Thus, massive damage will be caused to the exchange and its users, restricting the exchange to collect trading fees and locking users’ fund during the break down period. And who would get benefit from this attack? Hao gave us a hint on his weibo by saying the attacked was prepared by his competitor. If we look further at the comments on both twitter and weibo, a sneaking suspicion goes over Binance, another leading digital asset exchange.
Even though there is no evidence to show the attacker right now, but based on the existing technology, it is easy to track the source, and this attack will definitely bear legal responsibility. Moreover, OKEx CEO offers bounty to the DDoS team with double payment only if they can reveal the buyer behind it.
Security is the key to crypto exchanges
Thanks to the strong security level of OKEx and Bitfinex, the attacks don’t cause serious fund loss, and the system resumed within a short period to avoid further damage to the users if they are holding some position. But, we still need to put more emphasis on the enhancement of the infrastructure system, because it is obvious a successful hack into the exchange’s defenses could lead to millions of losses. In May 2019, Binance was successfully hacked, but their technical system is not “lucky” enough to avoid the 41 million worth of Bitcoin stolen from their wallet. As one of the top exchanges around the world, it is unacceptable that Binance still has the security issues cannot be resolved thoroughly, which is actually quite irresponsible because millions of users have deposited their funds in your accounts, and it must be the exchange’s job to keep that secured, without any excuse. The attacks remind us that security is always the key factor for the crypto exchanges, no matter how fast you are moving, the fundamental must be the most important. Otherwise, the higher you stand, the harder you will fall.