Report of the New York prosecutor's office: cryptocurrency exchanges are vulnerable

Representatives of the New York Prosecutor's Office analyzed the work of 9 cryptocurrency exchanges

The New York Office of the Office of the United States Attorney General (OAG) presented a report called the Virtual Markets Integrity Initiative Report, in which he commented on the situation in the New York City's cryptocurrency market. The report contains comments and calculations related to the manipulation of some trading platforms.

The materials presented by the 9 largest cryptocurrency exchanges, such as Coinbase, Bitstump, HBUS and others were used as the platforms for the investigation. It should be noted that initially the request was sent to 13 companies, but 4 of them refused to cooperate. Among them are Kraken, Binance, Huobi and Gate.io.

The document indicates that by now more than 1,800 different virtual currency exchanges   are known around the world. To access the virtual currency area, users access virtual platform assets that perform functions similar to traditional exchanges and trading floors. But in comparison with traditional players, virtual asset platforms that currently operate are not registered in accordance with state or federal securities or commodity laws.

Let us remind you: virtual platforms are required to obtain a license BitLicense to legalize their activities in New York.

Under these conditions, the New York Prosecutor's Office had questions regarding the security of operations with the use of tools provided by these exchanges: general safety standards, internal controls, market surveillance protocols, disclosure.

Given the information provided by the aforementioned cryptocurrency exchanges, it was established that:

1. A common security measure for operations is the monitoring of IP addresses. It operates as a unique identifier for the computer connected to the Internet that allows the operator of the website to track its activity. However, scammers may try to disguise their IP addresses using a virtual private network ("VPN"), excluding the ability to locate the logon.
2. Locking of a client logged via VPN is only present in Bitstamp and Poloniex, while for Bitfinex and Tidex only registration of an email, name or phone number shall suffice. This raises the question of the ability of trading platforms to restrict access only to authorized users.
3. Some exchanges allow their employees to trade on their platforms, while they insiders.
4. Taking into account the nature of the virtual currency, it is difficult, if not impossible, to restore the stolen assets. Theft can be carried out by someone sitting at a computer in a jurisdiction remote from effective enforcement.

Given the revealed disadvantages, additional investigation will be conducted by the New York Department of Financial Services (NYDFS)with respect to certain cryptocurrency exchanges.

As for the rest, OAG suggested following the recommendations outlined in the document. The first exchange to follow them was the Gemini which improved its control measures.