Penta to Safeguard Token Exchanges Against Hacking

Penta Security Systems Inc. closes security gap in blockchain industry with CryptoXchange, a security solution for token exchanges.

 

Cryptocurrency exchanges are highly vulnerable.

Coinrail, Korea’s 7th largest domestic exchange by transaction volume, suffered losses amounting to an estimated 40 billion won in a hacking incident that took place just last month on June 11. Thereafter, similar attacks have continued to plague the industry, even halting operations at some of the nation’s largest exchanges. Cryptocurrency exchanges operate in a legal grey area in Korea as the newly established Financial Innovation Bureau rushes to come up with policy initiatives to regulate and nurture the burgeoning fintech industry, especially in the areas of cryptocurrency and blockchain technologies. While crypto exchanges may presently be largely unregulated, the existing Act on Promotion of Information and Communications Network Utilization and Information Protection (“IT Network Act”), has provisions that require companies operating at similar scales to perform their due diligence in ensuring adequate security is in place. Under the Act, Information Security Management System (ISMS) certification is necessary for companies with annual revenues exceeding 150 billion Korean Won, or telecommunication services that either exceed 10 billion Korean Won in sales or have maintained more than 1 million average daily users over at least 3 months. Therefore, what the recent hacking incidents have shown is that these exchanges need to be held more accountable for taking concrete steps towards security.

That said, obtaining ISMS certification is only covering the basics in terms of security, considering how tens of billions of Korean Won pass through these cryptocurrency exchanges. Maintaining a level of security comparable with that at traditional financial institutions is in fact well within reasonable expectations. While the technological foundation of cryptocurrencies, blockchain, is theoretically secure, the actual circulation of cryptocurrencies does not take place through the blockchain alone. Rather, it takes place via the same conventional IT infrastructure as with traditional finance. Consequently, the same security threats that plague existing IT systems are also present in the cryptocurrency environment. With the local cryptocurrency market valued at over 300 trillion won, the level of security in the cryptocurrency environment should go above and beyond what is required of traditional financial institutions.

CryptoXchangePenta Security’s Security Solution for Cryptocurrency Exchanges, ‘CryptoXchange’

In order to secure the cryptocurrency environment, end-to-end (E2E) security has to be implemented at every layer of the system to protect the data flow from beginning to end. Furthermore, as secure key management is at the core of securing the cryptocurrency environment, it is recommended to store cryptocurrency assets in cold wallets that are disconnected from the network, in order to prevent key hijacking on the network. That is why exchanges that are members to Korea Blockchain Association have pledged to maintain 70% of their cryptocurrency holdings offline in cold wallets. Nonetheless, cold wallets still connect to the network when making transactions and therefore carry the risk of keys getting stolen, albeit momentarily. Hence building an overall security system with strong user authentication, web security, and system-wide E2E encryption is essential for the cryptocurrency environment.

With cryptocurrency exchanges getting hacked left and right these days, Penta Security’s cryptocurrency exchange solution, CryptoXchange, has been garnering much attention.

CryptoXchange leverages various enterprise-level security platforms for data encryption, web security, authentication, and more, to address specific security needs present in cryptocurrency exchanges, such as in the area of user key management. Furthermore, the security solution is not limited in scope to just providing security for cryptocurrency exchanges. Operating in conjunction with Penta Security’s cryptocurrency wallet, Pallet, it will be able to provide complete E2E security for the entire cryptocurrency environment.

Pallet, which is perfectly interoperable with CryptoXchange, was developed to secure the weakest link in the cryptocurrency environment, which is user key management. On top of protection against hardware security threats, Pallet also features user-device authentication, secure key generation and key management, as well as E2E encryption for secure data transmission. To further elevate security, Pallet encrypts all data before transmission and the app version operates entirely within a smart phone’s TEE environment. All these features, along with support for easy biometric authentication, make Pallet a unique offering in the hardware wallet market that successfully unifies convenience and security.

Dr. SangGyoo Sim, who oversees Penta Security’s blockchain business unit, stresses the need for comprehensive security in all IT systems with operational links to blockchain technology: “In order for a cryptocurrency-based economy to operate securely, anti-hacking measures need to be implemented all throughout the cryptocurrency environment. Penta Security’s CryptoXchange and Pallet have both been designed to provide the security needed not just in today’s environment, but the blockchain-powered world of tomorrow.”