The beginning of January 2022 was challenging for the crypto exchange LCX. According to the preliminary estimations provided in the incident report issued by LCX, hackers have stolen almost $8M through unauthorized access to one of the exchange’s hot wallets.
In 2021, LCX entered into collaboration with the Hacken team. The exchange launched a bug bounty program on HackenProof in September 2021 and concluded a cybersecurity assessment between March and October 2021 where LCX got a positive security score. Our specialists have provided the exchange with a set of recommendations on how to address major security risks. That is why the Hacken team actively monitors the investigation process.
Currently, we are working with LCX specialists to clarify all details of the incident.
The hack took place on Saturday night, 8 January 2022. The security incident has been limited to one of the exchange’s ETH hot wallets. Hackers have withdrawn different virtual assets including EnjinCoin (ENJ), Monerium EUR (EURe), Quant (QNT), LCX token (LCX), ChainLink (LINK), SAND (SAND), USD Coin (USDC) tokens.
LCX noticed malicious activities within minutes and prevented further damage by taking immediate actions. Namely, the deposit and withdrawal functionality of the platform has been put on pause and LCX has notified its partners and respective authorities in Liechtenstein of the security incident. The company also contacted Etherscan and provided details about the hacker’s wallet. Now this wallet is marked.
LCX specialists have completed initial security checks, identified affected assets, and published a detailed incident report. LCX also announced that it would use their own funds to provide compensation to the affected users. There will be no impact on user balances at LCX.
Malicious actors always modify their hacking techniques. Although hack prevention constitutes a complex process, there is a list of universal recommendations by following which crypto exchanges can become resistant to major types of security threats:
Focus on information security policy:
Secure network perimeter:
Vulnerability management, penetration testing, and red team exercises:
Access control measures:
Protecting secret data:
Following these recommendations is a must-have activity for every reputable crypto exchange. That is why the security of exchange’s users and their assets heavily depends on the ability of its security team to introduce appropriate security measures mentioned above.
In the industry landscape, there are security standards encompassing the key security areas for crypto exchanges. Standards allow projects to comply with regulatory requirements thereby ensuring that users’ assets are protected.
SOC 2 and ISO 27001 standards complement each other by giving a project a strategy for protecting its information landscape and demonstrating the security of the environment. SOC 2 and ISO 27001 are the fundamental standards for crypto exchanges to follow. Below there is some basic information regarding the importance of these standards for industry players including exchanges.
Both SOC 2 and ISO 27001 are designed to instill trust with clients that a project is protecting their data. They both cover important dimensions of securing information including confidentiality, integrity, and availability.
A mapping of their criteria can be found on the AICPA Website demonstrating ~80% overlap. Projects use these standards to demonstrate to their clients that they are correctly managing information security.
The difference is which of those security controls a project implements. The two standards state that entities only need to adopt a control if applicable to them, but the way they approach this may differ.
ISO 27001 key areas are the development and maintenance of an ISMS (information security management system), that constitutes an overarching method of managing data protection practices.
To become compliant a project needs to perform a risk assessment, determine and implement security controls, and conduct their review regularly.
Unlike ISO 27001, the key characteristic of SOC 2 is flexibility. It covers 5 Trust Services Principles: Security, Availability, Processing Integrity, Confidentiality and Privacy, but only the first principle is mandatory.
Projects are free to decide whether to implement internal controls related to the other principles, but it’s not required to become certified.
Right now the investigation process is in the active phase. LCX has provided adequate response to the incident and reached the Hacken team. Their quick, open, and detailed communication helped to clarify what happened and prevented additional damage and panic among their clients, users, and partners. The incident reveals weak points in the security of many technology companies and modern cryptocurrency exchanges. We will share more details about this incident when the investigation is finished and the causes of the incident are identified.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.