When CEXs act as black boxes
Updated: Nov 2, 2022
When taking the first steps in the world of cryptocurrencies, centralized exchanges are almost always preferred. Thanks to their simple and intuitive user interface, the user or trader often can live an excellent user experience. But can you completely trust centralized exchanges in terms of security and privacy?
In this article, we will analyze the case of Luna reverted transactions by Crypto.com and whether centralized exchanges are really safe.
What happened to Terra-LUNA in Crypto.com?
The collapse of Terra-LUNA caused a death spiral in the whole crypto market. One of the most popular centralized exchanges Crypto.com, on May 12th, has shown its traders' mispricing of the LUNA’s token. Due to the crash of Terra, customers who made LUNA transactions had their trades reversed and lost more funds due to this inconvenience. This event made users complain, and some traders claimed it stole their funds. In order to hush up rumours and controversies, Crypto.com released an official statement to its community explaining and clarifying the inconvenience.
To better understand the whole matter, taking a step back toward TerraLabs and Crypto.com is essential.
The case of TerraLabs
In our previous articles about DeFi and the violated principles, we talked about TerraLabs’s meltdown and the related backlashes that have affected the whole crypto industry.
“The creator of the LUNAFoundation, Do Kwon, had bought billions of Bitcoin as a safeguard for UST and deployed more than $3B to defend the peg. He also caused downward pressure on the market, that in turn caused other large investors to sell off their Bitcoin shares. The unique result was that Bitcoin hit its lowest point since December 2020, and Kwon’s ploy to save UST was unsuccessful.” Source: Time
This event has led to a ripple effect that has repercussions on the entire cryptocurrency market.
Crypto.com is one of the most important centralized exchanges (CEXs), founded in 2016, and is now based in Singapore. The company has a team of 4000 employees and more than 50M users in 90 different countries. Its chain is called Cronos, the first EVM-compatible chain built on Cosmos’s blockchain, ushering in a new era of NFTs, DeFi, and Web3 gaming.
Cronos is scalable and can process more transactions per minute than Ethereum, making it faster, cheaper, and greener to execute smart contracts. It’s based on a scalable consensus mechanism called Proof of Authority (PoA).
Moreover, the Inter Blockchain Communications (IBC) protocol is open source and enables interoperability and bridging to the Crypto.org Chain, and other IBC-enabled chains, such as Cosmos Hub.
Is LUNA delisted on Crypto.com?
When the matter was still tangled during the first period, and the news was unclear, numerous exchanges suspended buying, selling, and trading LUNA. Among these, we find Binance that first blocked to protect its customers and later reopened the sale and trading of the pairs.
Does Crypto.com reverse LUNA transactions?
Crypto.com expects that the official statement will be enough to calm the infuriate community and hope that users continue to trust its platform, but it’s not quite how.
At first moment, the protocol suspended the trading of tokens of the Terra ecosystem due to extreme market conditions, but after a temporary suspension of all LUNA trades and the announcement of the Terra chain migration, it decided to support a new LUNA Token airdrop for existing LUNA holders. The old Terra blockchain was renamed Terra Classic, and the original LUNA token became Luna Classic (LUNC).
The actions taken by Crypto.com were as follows:
trading and deposits/withdrawals of LUNA will be temporarily suspended on the Crypto.com App and Exchange starting from 26 May 2022, 12:00 UTC;
existing LUNA balances will be converted to LUNC after the Terra chain migration;
the new LUNA token will be airdropped to LUNC holders in the Crypto.com App and Exchange;
the snapshot timing, implementation, and distribution mechanics of the new LUNA will be announced separately when all details are ready.
The list was taken from the official statement published on Crypto.com.
Are Centralized exchanges safe?
Multiple centralized exchanges have been hacked in the past, so storing your cryptocurrency on a CEX can’t be considered 100% safe. If you’re looking into using a centralized exchange, remember that you always need to research the security and the protection systems adopted to preserve your data from hackers.
Another foray into the crypto sector
Rep. Raja Krishnamoorthi, Chair of the Subcommittee on Economic and Consumer Policy, sent letters to four federal agencies (U.S. Department of Treasury, Securities and Exchange Commission, Commodity Futures Trading Commission, and Federal Trade Commission) and five crypto exchanges (Binance U.S., Coinbase, FTX, Kraken and KuCoin) on 30th August 2022. In these letters, he requested information about the procedures adopted to combat cryptocurrency-related fraud and scams to protect American users.
“As stories of skyrocketing prices and overnight riches have attracted professional and amateur investors to cryptocurrencies, scammers have cashed in. The lack of a central authority to flag suspicious transactions in many situations, the irreversibility of transactions, and the limited understanding many consumers and investors have of the underlying technology make cryptocurrency a preferred transaction method for scammers.”
The chairman requested federal agencies and crypto exchanges to provide helpful information and inform legislative solutions to bring stability to the cryptocurrency industry by September 12.
This represents an important step in the crypto industry, another foray to shed light on the security policies of centralized exchanges.
Here you can read the full article about Coinbase, FTX, Binance get inquiries as Congress looks to crack down on $1 billion crypto fraud
Crypto.com security system
Crypto.com is one of the safer crypto exchanges. It keeps 100% of customer funds in cold wallets, holds withdrawals to new addresses for 24 hours, allows multifactor authentication, and provides 24/7 customer support. Remember that no crypto exchanges are entirely risk-free.
Crypto.com has high-tech security, but no one isn’t perfect. When you use and make transactions with this exchange, remember some risks:
It is not insured by the FDIC (Federal Deposit Insurance Corporation) or any other fund
2FA messages and emails could be intercepted.
In January 2022, Crypto.com staff admitted that it lost $30 million in a hack because the exchange keeps all of its customers’ funds in cold wallets. However, none of Crypto.com’s 50 million users lost any crypto or cash.
The security team discovered that hackers had found a way to make withdrawals from compromised accounts without inputting 2FA codes, and 483 accounts were affected.
In response, the team suspended withdrawals and required all users to reset their 2FA. It then credited the lost crypto back to users’ accounts and absorbed the losses on its balance sheet, preventing users from losing funds. A few hours later, withdrawals were reinstated, and users were again allowed to transfer crypto to their wallets.
To stay safe using Crypto.com, you can practice five simple expedient ways like using a solid PIN and email, setting up an antiphishing code, withdrawing your crypto from the app, and for what concerns 2FA, an authenticator app instead of code via SMS, it’s advisable.
Operating with crypto is not risky; it is advisable always to pay the utmost attention.
CEXs’ security issues when they revert transactions
The case of TerraLuna reverted transactions by Crypto.com underlines that trusting a centralized exchange is like trusting a bank. Your wire transfer can be cancelled, and your account can be closed anytime. The same happens with centralized exchanges, where internal transactions are made within the system, and you do not own your private keys. The exchange itself decides whether to confirm or cancel a transaction. This represents a major security issue for users who increasingly prefer decentralized exchanges.