Platform security assumes criticality in the face of crypto hacks

Crypto platforms need to integrate automation and intelligence into a unified security stack, run well-compensated bug bounty programmes, and have stringent KYC protocols in place

As cryptocurrency gains traction in India, platform security is becoming increasingly critical to the future of crypto operations, especially in light of two major hacks in the past year that resulted in losses exceeding $270 million.

 

It is imperative to plug leakages when it comes to cybersecurity of companies by reading early warning signs ahead of a potential cyber attack, experts said.

 

In July last year, crypto exchange WazirX lost about $230 million to a hack. Earlier this month, another exchange, CoinDCX, saw about $44 million wiped out, though the company maintained that customer funds remained secure.

 

“Without hundreds of attempts, it is usually unlikely a particular exchange would get compromised, so companies have to read those. Early detection systems should be in place to detect abnormalities in the first place,”  said Sathvik Vishwanath, co-founder and chief executive officer (CEO), Unocoin, a Bengaluru-based crypto platform.

 

To guard against future threats, crypto platforms must also integrate automation and intelligence into a unified security stack at a time when artificial intelligence (AI) continues to reshape the technology landscape. Given widespread threats, platforms may deploy AI to train models to detect unusual activity or sign-ups based on a common repository of known security vulnerabilities, say security experts.

 

“Platforms need a unified security stack that integrates automation and intelligence across the entire lifecycle. This means using AI-powered agents for constant vulnerability scanning and immediate threat detection, rather than waiting for human intervention,” said Mitchell Amador, CEO of blockchain security firm Immunefi.

 

He added that these automated protocols should be capable enough to neutralise active threats on the platform without disrupting normal business operations.

 

“This goes hand-in-hand with redundancy in infrastructure, like multi-chain monitoring to detect cross-protocol exploits early, and predefined escalation paths that integrate bug bounty workflows for quick expert input during incidents,” he noted.

 

Vishwanath added that stringent know-your-customer (KYC) checks should be implemented across Indian exchanges to prevent contamination of systems.

 

“Before any kind of exchange gets hacked, a particular hacker who is trying to target it would have actually created an account with them. There are times when they might also go through verification and KYC. Having better anti-money laundering (AML) and KYC checks should be in place,” he said.

 

Crypto platforms should also run timely, well-compensated bug bounty incentive programmes to encourage ethical hackers to identify system vulnerabilities. Inadequate rewards or the absence of such initiatives can deter reporting, potentially worsening the impact of security flaws.

 

That said, it remains difficult to gain access to tracking and securing lost funds, especially at a time when blockchain technology promises to be decentralised and transparent.

 

“Securing and tracking lost funds are two different things. While the ledger provides an immutable record of transactions, pseudonymity allows attackers to obfuscate trails through mixers, cross-chain bridges or privacy protocols,” Amador said.

 

He explained that recovering lost funds still requires co-operation from law enforcement agencies and centralised exchanges, which ‘clashes with decentralised ethos’.

 

“In high-growth markets like India, exchanges must prioritise liquidity management as a core security function, not an afterthought. Reactive measures like launching a bug bounty only after a hack exacerbate the problem,” he added.