Hong Kong based crypto-exchange loses over $21 million, in yet another hacking incident

Bilaxy, a Hong Kong based trading platform, reported recently that its hot wallet was hacked.

⚠️⚠️Top Urgent-Bilaxy Hacked Notice

Pls note Bilaxy Hot wallet was hacked, ❌pls DON't send any funds to your bilaxy accounts again. We are racing with the time to checking and fixing. Pls wait for further Notice.@ICODrops @ICO_Analytics @CoinMarketCap @

Bilaxy Team

— Bilaxy (@Bilaxy_exchange) August 29, 2021

The extent of loss was unclear, but some estimates claim it to be over $400 million. HOGE, a DeFi token, confirmed on Twitter that the network has lost over 1 billion HOGE worth $22 million in the attack. The losses caused in this theft could overtake those in the previous exchange attack on Japan-based Liquid Global. It lost cryptocurrencies to the tune of $80 million last week.

After the confirmation, Etherscan has indicated caution with regards to the addresses reported to be involved in the Bilaxy scam.

What attracts hackers?

Centralized cryptocurrency exchanges continue to be the target of hackers due to their abundant liquidity. While some of the major exchanges like Gemini and Binance rely on insurance, it doesn’t mitigate the risk of hacks. It can only ensure a refund to the investors without a large haircut. So, what’s the solution?

Dr. Amber Ghaddar, the founder of crypto platform AllianceBlock, recently told BBC,

“We need auditing and testing. We need to have various standards that need to be monitored in order to protect market integrity if we really want cryptocurrency to reach mass adoption.”

Regulatory Gaps

Centralized cryptocurrency exchanges report a hack, mostly in case of monetary losses. And lack of a global reporting framework does result in lax security measures. While exchanges use two-factor authentication (2FA) to execute transactions, it is not enough. Hackers exploit weaknesses in other layers of the protocol to execute an attack, hot wallets being the most vulnerable.

Therefore, a security audit of the exchange’s smart contracts is a requirement. As per recent reports, the U.S. Securities and Exchange Commission signed a deal worth $125,000 with AnChain.AI, a blockchain analytics firm, to monitor the DeFi industry. The firm will provide preventive solutions to the agencies to avoid an attack.

In case of an attack, the authorities will also be able to track the transfer of funds, just like it enforces money laundering regulations. According to Chainalysis, ransomware money laundering is concentrated and often ends up in exchanges after passing through a mixer to hide its origins. Therefore, authorities can effectively track these transfers by a handful of operators to stop hackers from converting their hack into fiat.

Regulatory authorities will have to play catch-up with technology to ensure investor safety. Until then, centralized exchanges can ensure some systematic protection measures like bug bounties, third-party custodian agreements, and foolproof cold storage to ensure increased security.