Third-party data breaches have exploded. The problem? Companies, including cryptocurrency exchanges, don’t know how to protect against them. When exchanges sign new vendors, most just innately expect that their vendors employ the same level of scrutiny as they do. Others don’t consider it at all. In today’s age, it isn’t just a good practice to test for vulnerabilities down the supply chain — it is absolutely necessary.
Many exchanges are backed by international financiers and those new to financial technologies. Many are even new to technology altogether, instead backed by venture capitalists looking to get their feet wet in a burgeoning industry. In and of itself, that isn’t necessarily a problem. However, firms that haven’t grown up in the fintech arena often don’t fully grasp the extent of the security risks inherently involved in being a custodian of hundreds of millions of dollars in digital assets.
We’ve seen what happens in the face of inadequate security, which goes beyond vendor management and stretches into cross-chain bridges. Just in October, Binance faced a bridge hack worth nine figures. Then there’s also the Wormhole bridge hack, another nine-figure breach. The Ronin bridge hack resulted in the loss of well over a half billion dollars in assets.
In fact, a new report indicates that over a two-year period, more than $2.5 billion in assets was stolen thanks to cross-chain bridge hacks, dwarfing the losses associated with breaches related to decentralized finance lending and decentralized exchanges combined.
Third-party breaches aren’t just a problem for the crypto industry, though, and they certainly aren’t confined to small players. Earlier this year, the New York City school system had a breach involving a third-party vendor that affected more than 800,000 people. Third-party breaches are the new frontier for bad actors.
Related: Government crackdowns are coming unless crypto starts self-policing
This is especially true as nation-states rely more and more on hackers as a matter of foreign policy. In particular, groups out of North Korea and Russia are looking for honey pots from which they can siphon off assets. This makes the cryptocurrency industry a prime target.
The only way to stem these issues before they take down the industry is to realign how it perceives third-party security initiatives. Third parties need complete and thorough vetting before they’re allowed access to institutional data of any kind. Once…
Click Here to Read the Full Original Article at Cointelegraph.com News…
