Good Security Practices For EOS Exchanges

Since the launch of the EOS mainnet on June 9th 2018 many things have happened, with one of those things being the many scams and hacks which have taken place during this period. As a result of this security has become an important topic in the EOS community and has also left many wondering how good the security practices of the exchanges that hold millions of EOS really are. We will discuss the current state of exchange security and the possible improvements which could be made.

Short introduction to EOS accounts

Before we start talking about security, it is important to understand the basics of EOS accounts and permissions.

One of the main differences of EOS with other blockchains is the account system. Between your funds and you, there’s an account. A 12 character name. And when you want to spend those funds, you need to sign a transaction for the account, not an associated key directly. Behind the account you can have one or more keys and those are on chain, and you can change those. You can alter them and there’s different permission levels. That’s really awesome. It also means you can do permissions management on your account. — Alexandre Bourget

As explained above, EOS has a unique account system, which allows users to manage permissions on their account. Each permission requires one or more valid transactions to be transferred to the blockchain. By default, an EOS account has 2 permissions, active and owner.

The active permission authority is used for transferring funds, voting for producers and making other high-level account changes.

The owner permission symbolizes ownership of an account. There are only a few transactions that require this authority, most notably, actions that make any kind of change to the owner authority. Generally, it is suggested that the owner key is kept in a cold storage and is not shared with anyone. The owner permission can be used to recover another permission that may have been compromised.

By default, the keys for the active and owner both have a weight of 1, and both the active and the owner permission have a default threshold of 1. This means that only 1 signature from the owner key is required to perform any action that requires the owner permission. The same goes for the active permission. Only 1 signature from the active key is required to perform any action that requires the active permission. (Explanation taken from Blockgenic)

EOS Accounts and Permissions Visualized. Source: Blockgenic

To help you understand the EOS account system we have also included this visualization of an EOS account. For a more detailed explanation see the original article.

Current state of exchange security

Now you are familiar with the way EOS accounts work we can start looking at the way (major) EOS exchanges store the EOS of their users, and whether this is happening safely. 

In general, it is recommended to at least have different owner and active keys, but to really ensure the safety of the funds in an account, it is recommended to have multisignature permissions (permissions that require multiple signatures in order to perform any action that requires the permission).

Current state of key structures of exchange accounts. Data taken from bloks.io

The image above shows the key structure of the accounts belonging to some of the top EOS exchanges. A shocking 4 out of 7 exchanges only has 1 key for all permissions on their account, 2 out of 7 exchanges have different owner and active keys, and only 1 of the 7 exchanges has multisignature permissions.

This means that if somebody with malicious intentions manages to get the key of one of 4 accounts with only 1 key, they are able to not only steal all the funds in the account, they are even able to take complete control of the account. Almost the same goes for the exchanges with 2 keys, if somebody is able to get the active key of one of the accounts they will be able to steal all the funds, and if they are able to get the owner key, they are able to steal both the funds and gain complete control of the account. Only one of the exchanges took the time to implement a multisignature key structure, which makes the account (and thus the funds the account contains) much less susceptible to possible attacks.

How exchanges can improve their security

As you can see, the security of most exchange accounts is without a doubt sub-par. So, how can exchanges improve their security?

First of all, it is important to note that no matter how many keys are required to use a certain permission, these keys should always be created and stored as securely as possible. After all, a multisignature permission is just as insecure as a singlesignature permission if the keys are not stored in a secure manner.

Secondly, if the exchanges want to improve the security of their accounts, they should upgrade the key structure of their accounts. Not having any multisignature key structure in place makes the account very susceptible to hacks, which is obviously never desirable. Therefore it is worth the time (and money) to set up a proper multisignature key structure for an account.

These are however not the only measures exchanges can take to improve their security. EOS has many security related features, with one of them being customizable permissions. This allows owners of accounts to manage and customize their permissions however they wish. Exchanges could create new permissions (which require different keys than the active and owner permissions) which only allow certain actions, taking away the need to actively use the active and owner key.
Another feature they could implement in their accounts is time delays for certain actions. This means that once a transaction has been signed a certain time period has to pass before the transaction is actually executed. This would give exchanges time to react in case of an unauthorized transaction.
These are just some of the possibilities.

Conclusion

Despite the many available security features in EOS, many exchanges have chosen to simply ignore all recommendations and go with the most simple and also most insecure type of EOS account. Upgrading the security of their accounts should be a priority, as these accounts will otherwise end up being relatively easy targets for hackers and other malicious actors.

About us

Founding block producer for the EOS Mainnet. Partner in the Europechain sister chain. Investor in blockchain projects. Governance, intercultural cooperation and Security specialist. You can find us here:
Website
Twitter
Youtube
Steem