In response to the security incident that occured on 21st February 2020, we will be implementing extra measures to bolster our existing security efforts to effectively safeguard your funds.
21st Feb Quick Recap
On 21st February, a cyber security attack on our platform required us to temporarily disable withdrawals, to ensure security of user funds.
This attack was a rare and unfortunate instance of our security measures requiring us to temporarily reduce functionality, but our existing security measures were quick to detect the attack and contained it effectively. No more than 20 users were affected, and all affected users have been fully reimbursed.
Our team also worked to ensure that our security measures worked seamlessly and minimize the disruptions for all our users.
For a more detailed breakdown you can visit our previous blog post
In light of the heightened threat, we have accelerated the development of some of our upcoming security features, and we remain committed to doing better. We will be rolling out a number of new measures over the next few weeks.
How is my Bitcoin (BTC) and cryptocurrencies better secured on Coinhako?
1. Real Time Password Scanning
We will be proactively alerting users who reuse passwords that have been leaked from a previous breach, on other platforms.
Accounts that use previously leaked passwords in other breaches run a higher risk of being compromised.
We will be introducing a new, real- time password scanning system that automatically compares your password against passwords that are known to be compromised when you sign-in; these would be based off the password database collected by haveibeenpwned,
Why don’t we just run these checks all the time?
Well, we don’t know your passwords.
Coinhako follows industry best practices and only stores a hashed version of your password.
This means that even our employees cannot see your credentials and the only opportunity to check them against compromised credentials is when you sign in.
2. Hardware 2 Factor Authentication (2fa)
This will allow users to opt into using a hardware tokens for their second factor, preventing unauthorized access to their account without the attacker physically stealing their hardware token.
This method of 2fa greatly reinforces the security of your account and helps secure against attacks such as the recently discovered 2fa snooping malware and accidentally revealing 2fa secret backup codes.
3. Address Books And Address Whitelisting
We know how hard it can be to keep track of, and cross check cryptocurrency addresses. All those letters and numbers can be a pain to look through, make it easy to mix up addresses or cause small errors when entering them.
Coinhako’s upcoming address book support will allow users to save their commonly used addresses, such as those belonging to their personal wallets, accounts on other platforms, and more. This will cut down on the hassle of having to look at addresses in detail but also provide users with an added layer of checks to ensure they are sending coins to exactly where they need to go.
Additionally, users may enable an address whitelist, which will prevent withdrawals to addresses that have not been previously whitelisted.
4. New IP Confirmation
Users will soon be required to confirm every log in from a new IP, which prevents unauthorized access in the event that account credentials are compromised.
For convenience, users will be able to whitelist commonly used IP addresses, such as their homes and offices, while still having the peace of mind that any unknown IP address will be met with an additional check.
5. IP Whitelisting
For users who only access their Coinhako accounts from specific networks, we will provide the option of enforcing an IP whitelist. This would ensure that no other network can access their account and enhance security.
All of these changes, along with a number of minor tweaks to existing features, will be put in motion over the coming weeks to enhance the security of your Coinhako account. The security of your funds remains our foremost priority, and we will continuously work to ensure it exceeds industry standards.
This sounds very complicated. What should I do?
We will follow up with more details and the relevant guides closer to the official roll out dates of these new service features.
We ask that you kindly keep a look out for our announcements and weekly newsletters.
👀Remember to visit our blog for the latest updates, or
📩 Subscribe to our mailing list to have them delivered straight to your inbox!
*The information presented in this article does not constitute investment advice and is purely for educational and/or informational purposes.
👉Join our Telegram community