In line with a recent official ‘web-blog post‘ published, Hong Kong based renowned P2P [Peer-to-Peer] ‘cryptocurrency‘ exchange name ‘BitMEX’ has announced an increased rush of attacks on its user account credentials.
Additionally, covering a litany of best available practices for user security, the crypto-exchange stressed the importance of employing 2FA [two-factor authentication] above all. The report summarizes 2FA as follows:
“2FA, generally mentioned as ‘two-step verification’ or ‘multi-factor authentication’, adds an extra layer of security to your account by requiring not solely your credentials at login, but conjointly the input of a unique, time-based token. Tokens can be held on a phone within a software-based authenticator application like Google Authenticator or Authy.”
As per BitMEX, analysis at Google shows that nearly all attempts of stealing account credentials can be prevented by using 2FA. BitMEX concurred that 2FA is the best available way to stop such attacks, and is thinking of implementing 2FA authentication necessary on its platform.
BitMEX conjointly outlined that compromised accounts on the exchange are usually related to weak or reused passwords, hacked emails, or computers infected with ‘malware‘. In addition, the exchange discovered some new techniques being used within these account ‘hacks‘, and have updated its policies from time-to-time.
Firstly, there’s not any option to disable email notifications regarding account logins, since hackers were disabling these notifications so as to any hide their tracks. Secondary, withdrawal requests should now on be verified by email, since attackers were creating API keys with the hacked accounts, that might be used on their own to authenticate withdrawals.
As ‘reported‘ earlier, U.S based cryptocurrency exchange ‘Kraken’ also implemented the use of 2FA mandatory for its platform earlier from March. In line with the Kraken’s announcement, 2FA has been optional on the platform since its launch from 2013. The exchange notably supports 2FA apps like Google Authenticator and YubiKey, as per the announcement.