The alarm for the security of exchange assets is ringing again. How does Gate.io build a solid "protective gate"?

Original｜Odaily Star Planet Daily

Author | Wenser

As the hardest hit area of Hacker attacks, security incidents in the Crypto Assets industry are frequent. According to CertiK’s monitoring, in the first half of June alone, the total loss of the Crypto Assets industry was as high as $85 million, of which the UwU Lend protocol suffered a total loss of more than $22 million. And from the beginning of the year to the beginning of June, the Crypto Assets industry has lost about $821 million. Previously, several leading exchange and users in the industry have also suffered different degrees of security attacks and asset losses, Crypto Assets exchange it is digital asset a high-incidence area of security incidents. In this regard, Crypto Assets exchange Gate.io, which was established in 2013, has always been in the first echelon of the industry, and its unique security strategies such as binding IP, internal and external dual security guarantees, etc., have built a “digital asset security protection door” for long users. Today, let’s walk into Gate.io’s “long Security Protection System”.

Security issues have become a chronic problem in the industry, and pinpointing the issues is key.

In February 2024, a cryptocurrency exchange in Hong Kong, BF, lost about $56.5 million in assets; in April, a cryptocurrency exchange in the Middle East lost $14.8 million in an attack; in May, a top cryptocurrency exchange in Japan was hacked, with 4,502.9 bitcoins stolen, resulting in a loss of $305 million; in June, a cryptocurrency exchange in the UK stopped trading after losing $22 million in a ‘security incident’, and then closed two days after being hacked; a cryptocurrency exchange in Turkey announced that it was attacked on June 22, affecting the hot wallet assets of 10 cryptocurrencies.

When reviewing the past, the key may lie in identifying the stages where problems arise. Specifically, the main issues in the industry currently include the following three aspects:

First, on the exchange side: Some exchanges have vulnerabilities in risk management mechanisms, lack encryption insurance mechanisms for user data management, lack disaster recovery backups, or have permission management issues. In addition, the single asset storage method is also an important reason for the frequent occurrence of security incidents in exchange digital assets;

Secondly, on the user side: the natural “anonymity mechanism” of the Blockchain network and the complex and high-risk network environment provide convenience for Hacker or attackers, and the lack of awareness of asset security management is also the main reason for the damage of Crypto Assets assets. Not only that, some users with huge wealth are also facing various risks in offline physical shorts, personal and property safety is threatened, and “k people and k” social engineering attacks are also waiting for opportunities in the shadows, eyeing their digital assets;

Finally, on the security company side: Despite more than 10 years of development in the cryptocurrency industry, there is still no well-established “white hat hacker” mechanism. The absence of a clear responsibility for security vulnerability reporting mechanisms makes it difficult to address and resolve many issues in a timely manner. Recently, cryptocurrency exchange Kraken and security company Certik had a heated dispute over security vulnerabilities and reporting mechanisms. For more details, please refer to the article “CertiK vs. Kraken: What is the appropriate scope for white hat hackers?” published by Odaily Star Daily.

How does Gate.io solve the problem of exchange hackers’ frequent incidents?

As an important flow node of digital assets, exchanges are undergoing the most direct and intense security attack tests. As a veteran exchange established in 2013, Gate.io has gained the trust and support of many loyal users due to its continuous technical product updates, risk control management, and fast and convenient trading system. It is understood that the current global number of Gate.io users exceeds 16 million, supporting more than 2,200 cryptocurrencies. As one of the mainstream exchanges in the market, it provides diversified cryptocurrency trading options for many users.

In response to Hacker attacks, the combination of financial strength, transparency, and 100% reserve is the most fundamental part of the user asset security protection system.

In view of this, as an exchange that has always adhered to the principle of “being fully prepared for the security of users’ digital assets”, Gate.io had already, as early as 2020, before the second largest cryptocurrency exchange FTX in the industry went bankrupt due to a liquidity crisis in 2022, made commitments to compliance and transparency, becoming one of the first exchanges in the industry to promise users the ability to verify reserve proofs, allowing every user to independently verify whether various digital assets are held in a 1:1 ratio. For more details, please refer to the Reserve Audit Proof interface on the Gate.io official website. Gate.io also issues regular 100% reserve reports to ensure that user assets will not be maliciously misappropriated or encounter other security issues.

Gate Reserve Audit Interface

And in terms of specific asset security management, Gate.io’s efforts are also evident.

Gate.io’s multiple security measures build a solid security gate for digital assets

It is worth mentioning that due to the frequency and complexity of security incidents in the industry, Gate.io has not only focused on one or a few aspects, but has made efforts to build a digital asset security protection system based on multiple protection strategies.

For the exchange side

In the past, the security issues of encryption exchanges mainly occurred in the asset storage process. In response to this, Gate.io protects user assets through a dual storage solution combining online and offline solutions, leveraging the physical protection advantages of cold wallets and the encryption protection features of hot wallets to achieve highly confidential asset storage.

Gate.io Asset Security Instructions

In addition, the effective combination of advanced encryption technology, cloud security protection, anti-DDoS measures, robust DNS security, and web application firewall provides sufficient protection against external threats.

Gate.io Platform Security Introduction

For User Side

Gate.io has prepared a series of comprehensive security infrastructures to ensure the security of user account assets for users on the user side who have occasional and asynchronous security issues. Every operation step involving digital or physical interfaces on the platform runs smoothly under the corresponding security facilities. Specifically, it mainly involves the following aspects:

**1.Gate.io’s original “Bind IP” feature: **It is recommended that users select “Bind to IP address” when logging into the exchange account. This feature can protect the user’s current login session from unauthorized network hijacking, and the account is only available on Gate.io.

2. Fund operation isolation password setting: Users can set an independent fund password to achieve transaction verification and asset withdrawal. Note: This password should be different from the login password to prevent unauthorized transactions.

3. Enable 2FA double identity authentication: Users can use Google Authenticator or other two-factor authentication (2FA) tools such as YubiKey to set up login protection, adding extra security to the account login process through multiple forms of identity verification (such as plaintext password + authenticator).

4. Enable Email Anti-Phishing Password: Users should enable anti-phishing password and other settings to effectively address fraudulent emails, strengthen phishing email detection, receive genuine emails sent by Gate.io official email accounts, help users identify fraudulent emails, and eliminate the risk of clicking on scam links from the source.

Gate.io account security instructions

The above security features have been recognized and supported by senior security professionals in the industry, and their protective effects have been repeatedly verified in many practical application scenarios. It is particularly worth mentioning that the binding of IP as a pioneering security strategy of Gate.io effectively prevents unauthorized IP address access to user accounts, further enhancing the security of user assets. For more detailed information about the Gate.io solution, please refer to its official website.

In addition, Gate.io has also built a top-notch internal security expert team targeting Risk Management strategies to maintain user rights and ensure the highest level of protection for users’ digital assets.

For Security Company Side

In order to identify and address vulnerabilities in the internal security protection system, as well as to conduct early detection and prompt elimination of potential threats, Gate.io has formed a diverse professional team consisting of senior security experts and external auditors. This team conducts regular rigorous testing and inspections on various components of the platform, completing the ‘final puzzle piece’ of the security protection system.

Not only that, Gate.io has also established a long-term cooperation with the well-known blockchain security company Hacken, including annual security assessments, penetration testing, bug bounty programs, providing a comprehensive security vulnerability feedback mechanism and sufficient incentive rewards for white hat hackers and anonymous security personnel, truly achieving coordinated internal and external security protection. Earlier this year, Gate.io’s reserve fund scheme also passed Hacken’s security review, highly recognizing the good balance achieved by Gate.io’s reserve fund scheme between functionality and complexity.

Asset security is not only a pain point for users, but also a bottom line for the industry.

After experiencing the early development pains of the industry in 2014 and 2015, Gate.io has emerged in a new light and is active among many mainstream encrypted exchanges. It has been maintaining rapid follow-up and support for many early high-quality assets, innovative trading protocols, and investment targets with high market heat. Therefore, it has been affectionately referred to as “Gate.io”, implying that Gate.io appears like a magic door after chanting a spell, possessing a magical power that influences the market to some extent. According to official data, Gate.io’s total trading volume in 2023 reached 17.2 trillion US dollars, with over 360 new currencies added throughout the year. Over 7 million people have participated in Startup new project subscriptions, and the scale of Gate.io’s financial services users has reached millions, with a total capital exceeding 7.68 billion USDT.

And now, after passing the historically significant 11th anniversary, Gate.io has achieved long-term stability in maintaining the security of user assets and ensuring the stable operation of platform asset transactions with a consistent and responsible attitude and patience. With the slogan “Opening the Era of Comprehensive Trading,” Gate Group’s establishment of local stations in Malta, Hong Kong, China, Lithuania, Turkey, and other regions highlights the next focus of global development.

In this process, asset security, which is the pain point of users and the bottom line of the industry, is still a long way to go. After all, the formation of a secure, transparent, and decentralized blockchain world requires efforts and support from multiple parties. It is believed that Gate.io is willing to play a more proactive role as a builder in this process.

The ancient saying goes: ‘Although the road is long, as long as you keep walking, you will eventually arrive; although the task is difficult, as long as you start doing it, you will succeed.’

Building a ‘security gate’, Gate.io has always been on the road.