How to Mitigate Cryptocurrency Exchange Security Risks Using REMME

Introducing two additional spots for cryptocurrency exchanges to participate in 2018 REMME Pilot program!

When we first conceived REMME as a passwordless authentication system, we knew its potential use cases would be wide-ranging. The REMME protocol was envisaged as a means of protecting critical infrastructure, and what could be more critical than safeguarding platforms in charge of billions of dollars in digital assets?

Only this week Korea’s Bithumb exchange revealed it is sitting on cryptocurrency worth $6 billion, and sums of that magnitude call for the utmost security, for the sake of the platform and its customers alike. Instances of exchange hacks, while mercifully rare, can have catastrophic consequences, such as the $400 million in NEM stolen from Japan’s Coincheck exchange back in January. Statistics show that weak or compromised passwords are a primary cause of cyber breaches, and it is here that REMME comes into its own.

Our team is happy to present a new research paper into the feasibility of using REMME to secure a major crypto exchange, and the document makes for interesting reading. You can view it in full here, but in this post we thought we’d go over some of its key findings.

Mitigating Risk the REMME Way

For the purposes of our paper, we investigated ways in which a major exchange such as Binance or Bittrex could reduce cyber threats whilst balancing these responsibilities with ease of use and functionality. The range and severity of attack vectors is diverse, including DNS hijacking (as previously happened to EtherDelta exchange), a fake DHCP server being created, clickjacking and other phishing attacks. If a user’s login details are stolen, there’s a very real risk that they will lose all of their funds associated with that account.

There is no such thing as perfect security, but there is certainly the possibility of better security without impacting on the user experience or adding complexity. The world’s Identification and Authentication, Authorization and Accountability (IAAA) challenges have changed. There is a global trend for passwordless authentication which could potentially be implemented in many different spheres with different technologies, from biometric to hard-keys or smart-cards.

REMME supports this passwordless authentication approach and we provide our own blockchain framework to replace traditional Certificate Authority (CA) in Public Key Infrastructure (PKI) to improve security baseline level and decrease the active IAAA vulnerability count. Our team understands modern security issues affecting cryptocurrency exchanges and pays direct attention to authentication risks.

One of the recent high profile additions to the list of participants in our 2018 Pilot Program is Changelly, a popular cryptocurrency exchange that has attracted over 2 million registered users from around the world since 2015. Konstantin Gladych, CEO of Changelly, said: “We’re always looking for ways to further reinforce our platform. The REMME protocol has the potential to make authentication on Changelly seamless, so we’re very much interested in this technology.”