Crypto firms should never trust their engineers to upload code without an external review first, says JP Richardson, CEO of the self-custodial crypto platform Exodus.
He emphasized the importance of having a second-layer team to review all engineers’ code before any updates or upgrades are made to a crypto firm’s software in order to prevent bad actors from uploading malicious code.
In an interview with Cointelegraph at Token2049 in Singapore, Richardson highlighted the necessity of prioritizing customers’ data.
“I think it really comes down to building a system so that if it does happen, your customers are still safe,” stated the Exodus CEO. “That requires operational resilience in the business, so again, customers are not at risk.”
Richardson pointed out the rise in North Korean hackers fraudulently securing jobs at crypto firms by faking their identities.
He stressed the importance of reviewing all code before finalizing it to ensure security and prevent incidents like the recent theft of $1.3M from a crypto firm due to malicious code being pushed.
Related: Zero-day vulnerability in Chrome exploited by North Korean hackers
The FBI also reported that North Korean malicious cyber actors were targeting workers at decentralized finance and crypto firms to steal funds through social engineering campaigns.
Magazine: What Solana’s critics get right… and what they get wrong