Investing in crypto: how to stay away from weak players

Kostiantyn Oleshko

The main reason behind the hacks of crypto exchanges is weak key management. For example, all 4 hacks that took place in 2021 were caused by the ability of hackers to obtain access to hot wallets. 

Crypto exchanges market: (un)safe heaven for investors’ money

Crypto exchanges are playing a central role in the functioning of the crypto market. According to CoinGecko, there are a bit more than 400 active crypto exchanges as of middle May. More than 30 exchanges process greater than $1B daily trading volume. Users are interested in being confident of the security of their assets traded. 

Since 2012, crypto exchanges have lost $2.66B as a result of hacks. The total number of exchanges that have fallen victim is 46. In 2020, there were 9 recorded hacks of crypto exchanges, the biggest one was the KuCoin hack ($275M). In 2021, there were only 4 recorded hacks, the biggest one was the BitMart hack ($150M). Thus, it is reasonable to note that the state of security in the crypto exchanges industry has improved. 

The main reason behind the hacks of crypto exchanges is weak key management. For example, all 4 hacks that took place in 2021 were caused by the ability of hackers to obtain access to hot wallets. 

But crypto exchanges are just middlemen. What about the security of the final destination for your money – cryptocurrencies? According to the recently released security rating of cryptocurrencies – more than 90% of the top 1,500 cryptocurrencies by CoinGecko do not have all basic security features in place

White hat hackers fighting against cybercrime

While common users most often fall victim to simple social engineering attacks such as phishing, crypto projects have experienced advanced cyberattacks involving the use of novel attack vectors. 

For example, in the Axie Infinity breach, hackers attacked the bridge, and networks that connect blockchains. Hackers managed to compromise Ronin network, the own blockchain created by Axie Infinity. Exploiters used hacked private keys to forge fake withdrawals and compromised other key validator nodes. When speaking about bridges, the attack surface is much greater compared to normal DeFi projects. 

Also, bad actors actively utilize flash loan attacks to get voting power without collateral. Flash loans are possible via decentralized lending protocols. They often involve complex financial transactions. If smart contracts are not properly designed, they are vulnerable to flash loan attacks. 

Unfortunately, by solely relying on their internal cybersecurity efforts, projects cannot eliminate all possible security threats. Cooperation with ethical hackers constitutes a universal security solution for crypto projects. Namely, crypto projects run bug bounty programs on reputable platforms such as Yes We Hack, Immunefi, or HackenProof and reward ethical hackers for finding bugs. And bug bounty programs are becoming a must-have testing process for successful projects.

How to see whether your chosen token is a safe option?

  • Look for its audit report. Smart contract audit report shows whether the token’s code contains vulnerabilities including the critical ones. Also, try to verify whether the code deployed by a project matches the audited code. Namely, check whether the code published, for example, on Etherscan/BSCscan is the same as the code audited. If there is no match, it is likely that a project tries to manipulate its users. 
  • Look for a platform audit. For utility tokens, there is a risk that users may lose their assets due to vulnerabilities in their platforms such as DEX or farming services. 
  • Try to find the project’s bug bounty program. An active public bug bounty program run by a project on a reputable platform is a strong indicator of ensuring the security of users’ assets and data.
  • Check whether a project has insurance. Insurance guarantees that even if a project is hacked, investors will get their money back. 
  • Analyze its history. Be careful when finding a project with previous hack cases.


Security breaches, rug pulls, phishing and other forms of scams undermine users’ trust in crypto. Weak security and high volatility are the factors deterring the real mass adoption of crypto. By improving the security of virtual assets, we can make crypto much more attractive for investors and, thus, prevent or mitigate the negative effects of possible crypto winter. 

Kostiantyn Oleshko, product owner at

About Kostiantyn Oleshko: Kostya is a master of science in applied cryptography with 6+ years of expertise in the blockchain industry. He used to work as a Project Manager at many crypto projects, including the entities linked to the National Bank of Ukraine that were developing E-Hryvnia, Ukrainian CBDC. He strongly believes that security is the key to crypto mass adoption.

Read this next

Digital Assets

Crypto exchange Bittrex exits US market amid regulatory woes

Bittrex said on Friday it plans to wind down operations in the United States and voluntarily liquidate because of the uncertain regulatory environment surrounding their business.

Institutional FX

Tradeweb completes integration of Nasdaq’s US fixed income platform

Tradeweb Markets has completed the technology integration of Nasdaq’s US fixed income electronic trading platform, formerly known as eSpeed, which it acquired two years ago in a $190 million, all-cash transaction.

Digital Assets

FTX Europe to allow client withdrawals via new website

The Cypriot unit of failed cryptocurrency exchange FTX has launched a new website that it says would allow customers to withdraw deposits of fiat currency and crypto assets after months of suspension.

Retail FX

Liquidators apply to cancel SVS Securities’ FCA license

An update published today by Leonard Curtis said the UK high court of justice has approve their application to bring the special administration of the failed wealth manager SVS Securities to an end.

Digital Assets

Japan forms government panel to pilot digital yen

Japan’s Finance Ministry has created an advisory panel to look at the feasibility of issuing a central bank digital currency, otherwise known as “CBDC”.

Digital Assets

USDC sees massive $10.4 billion outflows in March

Cryptocurrency traders have withdrawn more than $10 billion from the world’s second largest stablecoin, USDC, in less than three weeks even as concerns over the fallout from the Silicon Valley collapse have receded.


OSTTRA’s Joanna Davies goes beyond 30-30-30 data standard at FIA Boca 2023

FinanceFeeds Editor-in-Chief Nikolai Isayev spoke with Joanna Davies about OSTTRA.


CloudMargin’s Stuart Connolly on how to manage collateral amid high rates at FIA Boca 2023

FinanceFeeds Editor-in-Chief Nikolai Isayev spoke with Stuart Connolly about CloudMargin’s SaaS platform, said to be the only cloud-native collateral and margin management system in the industry, at a time of stress due to rising interest rates.


Baton Systems’ Alex Knight on solving post-trade with DLT at FIA Boca 2023

FinanceFeeds Editor-in-Chief Nikolai Isayev spoke with Alex Knight about Baton Systems’ about rising settlement fails, collateral management, and the profile of DLT beyond cryptocurrencies.