To protect their funds from hacker attacks, wallet owners should keep their keys in offline wallets, and cryptocurrency exchanges must use secure servers and trusted payment systems. This is an opinion stated by Head of Blockchain Innovation at Nir Porat & Co. Law Firm Aviya Arika. Aviya will present at Blockchain & Bitcoin Conference Switzerland, so we talked to her about cyber security of cryptocurrency exchanges and practices of regulating such organizations.

– Hello, Aviya! We can see from the media that it is not uncommon for hackers to steal funds from the wallets of ordinary cryptocurrency exchange users. What do you think people should do in order to minimize the risk of losing funds from their stock exchange accounts?

– Hello! If you, as a user, choose to keep your coins on the exchange itself instead of sending it to an external wallet of which private keys’ you have the control over, then you are automatically increasing your risk level. There is a saying in the crypto world: “not your keys — not your coins!” and this is essentially true, because when you keep your coins on the exchange, practically it means that the coins are stored in the exchange’s wallet, a wallet (and private keys) which is within the exchange’s control. An exchange at its most currently common centralised form has a single point of failure, and if this point of failure is compromised (for example, gets hacked), then the hacker gets control over the private keys, meaning control over the exchange’s wallets, meaning your coins are gone.

Therefore, to minimise risk it’s always better to get your coins out of the exchange and into your own wallet, the private keys of which you and only you have control over. If you can’t do this because, for example, you want to have available balances of coins for trading on the exchange, then at least make sure you use 2 factor authentication and other control measures, to protect your account as much as possible.