Cryptocurrency exchanges in some of Africa’s biggest bitcoin markets have been forced to rethink their security to thwart persistent attacks from hackers, a trend that has troubled trading platforms all around the world.
The Worst Yet to Come for African Exchanges
Exchanges in the African continent have been relatively unscathed, suffering scant losses amidst the $930 million that’s been stolen from global exchanges so far this year, according to data by U.S. cyber security firm Ciphertrace.
The most notable assault on investor funds in the continent of 1.2 billion people happened around March in South Africa. It wasn’t a cyber attack on an exchange, but rather a scam. Fraudsters at BTC Global, a supposed cryptocurrency investment firm, made off with about one billion rand ($80 million) after 28,000 South Africans succumbed to the false promise of incredibly high, quick returns on their investment, police said.
As thefts have stoked exchanges worldwide, some African platforms have woken up to the need to strengthen their security to safeguard investor funds. This is particularly crucial in a continent where cryptocurrency markets are populated by people who trade with a certain degree of ignorance in many cases, lured by the promise of quick riches. Incidents of fraud or stolen money can smear a market struggling to build confidence in the absence of regulatory oversight.
“We have noticed a number of attempts to breach our system but we have managed to maintain our defenses and we keep on learning,” Suleiman Murunga, chief executive officer at Ugandan exchange Coinpesa, told news.Bitcoin.com.
“We (now) use suspicious activity monitoring tools to track user behavior in order to spot bad actors,” he said, adding that the company, one of the biggest in the East African country, also uses two-factor authentication.
Murunga stated that only a small portion of investor funds held on the exchange are kept in a hot wallet, of the kind targeted by hackers. The bulk of the funds are held offline, in cold storage.
Don’t Blame the Trading Platform – Blame the User
When breaches occur, exchanges are not always to blame. Sometimes investors simply aren’t careful. There have been instances where attackers gained access to individual accounts on the Zimbabwean exchange Golix before its forced shutdown in May, taking advantage of email password vulnerabilities to facilitate transactions.
Although no money was stolen, the 23 affected users noticed some changes to their accounts such as the conversion of their cryptocurrencies and the acquisition of additional coins through U.S. dollar balances they held in their accounts. This is according to Golix, which now has a presence in seven African countries. Back then, the exchange didn’t ask investors for 2FA upon signing up.
In Nigeria, Africa’s biggest bitcoin market, where trades reached $260 million on just one exchange this year, the threat of cyber attacks is real. In 2016, the Ibadan-based Naira4dollar firm didn’t receive the $15,000 worth of BTC it had bought to replenish its wallets after an attacker hacked into the trading platform’s system.
Investors in Nigeria and Ghana also fell victim to a $50 million hack of the Blockchain.info wallet, allegedly by Ukrainian hacker group Coinhoarder earlier this year. In the streets of Lagos, scammers take on false identities, infiltrating exchanges and various social media platforms promising outrageously high returns.
David Ayala, chief executive officer of Nairaex, which has more than 100,000 customers on its books, said all digital coins on the Nigerian exchange are stored “securely offline with Bitgo industry standards of multi-sig wallet.”
“Our platform is developed using best practices from the financial sector to maintain users’ security. We have maintained a secured network architecture since launch and we run scheduled tests and checks on the system for reliability,” he detailed, in emailed responses.
Is a Foolproof Security System Possible?
Often, hackers and scammers are a step ahead of their targeted victims, increasing the risk of persistent attacks. But will African exchanges ever implement foolproof security systems, or something approaching that ideal? William Chui, a Zimbabwean cryptocurrency enthusiast and former VP at Golix, proposed “A ‘walk-in’ model, where users [enter a physical premises] to buy [cryptocurrency] and are served while they wait.” It’s a model that’s proven popular in other countries such as South Korea.
He conceded, however, “This is not scalable nor feasible with the internet and will prove to be too slow. I doubt we can get a foolproof, secure system, but the [aim] will be to minimize losses as much as possible.”
Chui recommends that exchanges “invest in a technical development department that will continually penetrate the website, and offer bounties for external developers to do the same … Store a larger percentage of clients’ funds in cold wallets.”
Pesamill Africa in Kenya has gone as far as adopting Australian cryptocurrency industry regulations as part of efforts to align with global best practice. “We have built an exchange that fosters both peer-to-peer and centralized transactions in a safe and secure manner,” Brian Ngugi, Pesamill chief executive, told news.Bitcoin.com.
Whatever the case, African exchanges are at a stage in their development that holds a lot of promise for the growth of cryptocurrency use on the continent. Regulators will eventually step in, as is happening elsewhere worldwide. This will occur, not only to regulate and claim tax, but to make the cryptocurrency space stronger and sustainable.
What do you think about the level of security at African digital currency exchanges? Let us know in the comments section below.
Images courtesy of Shutterstock.
Verify and track bitcoin cash transactions on our BCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts at Satoshi Pulse, another original and free service from Bitcoin.com
Spot-markets for Bitcoin, Bitcoin Cash, Ripple, Litecoin and more. Start your trading here.