Unleashing Mt. Fox

Or: How Arwen Protects Traders from A Hacked Exchange

Security innovation is always difficult to showcase because its use cases are rare. Think about airbags. No one wants to wait for a car crash to see the product in action, but thanks to crash test dummies, both drivers and manufacturers could see obvious value in this new protective measure.

Arwen is an innovative new blockchain security protocol, that protects traders even if an exchange get hacked or becomes unresponsive. But rather than waiting for another exchange hack, today we’re thrilled to demonstrate how Arwen protects you and your coins in the worst-case scenarios. With that, today we reveal our hacked testnet exchange: Mt Fox!

Arwen for Testnet (with Mt. Fox) on Mac 
Arwen for Testnet (with Mt. Fox) on Windows
Arwen for Testnet (with Mt. Fox) on Linux
IMPORTANT: Remember to use testnet coins only!

Watch: How Arwen protects you from a hacked exchange

See firsthand how Arwen protects your coins

Five years ago, Mt. Gox abruptly filed for bankruptcy, having lost 750K in Bitcoin. In December, Quadriga Coin Exchange lost access to its cold wallet, leaving traders without access to the coins they had deposited at the exchange. Last week, Cryptopia revealed that hackers had walked off with $16M USD worth of ERC-20 tokens held in deposit by traders at the exchange.

Arwen is designed to protect your coins, even if an exchange is hacked, goes offline, or loses access to its wallet. Instead of depositing your coins in the wallet of the exchange, Arwen keeps your coins safe by locking them in on-blockchain escrows, where the agent of escrow is the coin’s native blockchain. (So, the agent of escrow for bitcoins in the Bitcoin blockchain.) Individual trades are then executed using instant atomic swaps.

In this post, we walk through some interactions with Mt. Fox.

Arwen Security Assumptions

Arwen allows you to self-custody your coins while still enjoying the speed and liquidity at a centralized cryptocurrency exchange. With Arwen, trades are backed by on-blockchain escrows, where each coin’s native blockchain acts as the agent of escrow. Trades are fast atomic swaps and their security is backed by the on-blockchain escrows. The Arwen Trading Protocols ensure that even a hacked, malicious or unresponsive exchange cannot steal a trader’s coins.

Mt. Fox will attempt to steal your testnet coins. So, before we start trading at Mt. Fox, we first review the two key security assumptions behind Arwen.

Arwen protects traders’ coins as long as

1. the trader remembers to close her escrows before they expire.

2. if a trade is aborted, the trader remembers to come online during the coin recovery period indicated by the Arwen App.

The traders’ coins are not at risk if she remembers to do items 1 and 2 above. Coins are at risk ONLY if the exchange is compromised, malicious, or unresponsive! An honest exchange will not abort trades and will always close escrows on the user’s behalf once her escrows expire.

We are now ready to see how Arwen protects our coins against Mt. Fox.

Foxes are the tricksters in medieval literature. This is Reynard the Fox from MS Stowe 17, “The Maastricht Hours”, early 14th century.

Mt. Fox refuses to close our escrows

Each Arwen escrow comes with an expiry time. Expired escrows cannot be used for trading, and escrows must be closed before the expire.

What happens if I try close an escrow before it expires, and Mt. Fox refuses?

It turns out that a trader can unilaterally close an exchange escrow before it expires, even if Mt. Fox refuses to respond to her closing request. (Why? This follows from the structure of the Arwen protocol for unidirectional RFQs. If you’re curious for details, read our whitepaper.)

An issue arises only if Mt. Fox refuses to close a user escrow. In this case, the user coins’ are never at risk — — she just needs to wait until her user escrow expires. Once the user escrow expires, her Arwen App will unilaterally close the user escrow, without Mt. Fox’s help!

Here’s what we see in the Arwen App when Mt. Fox refuses to close a user escrow. Our Arwen App will unilaterally close the escrow (without Mt. Fox’s help) once the escrow expires.

Mt. Fox aborts a trade

The Arwen App currently supports unidirectional RFQ trading. (Other trading instruments protocols are in the works — see our whitepaper and stay tuned!) An Arwen RFQ trade works as follows.

  1. The trader requests a quote : “How much BTC is needed to buy 0.1 LTC?”.
  2. The exchange gives a quote — “You can buy 0.1 LTC with 0.00120610 BTC.” The exchange commits to executing the trade at exactly this price.
  3. The trader can either place the order, or not.
  4. If the trader places the order, the exchange executes the trade of exactly 0.1 LTC for 0.00120610 BTC. This trade is a cryptographic atomic swap.

However, Mt. Fox is not your usual exchange, and frequently aborts at step 4. This is unexpected. The exchange is expected to execute a trade against any quote it provides. (Note: if the exchange does not like a trade, it should not give a quote!)

If an exchange aborts a trade, the escrows involved in the trade are frozen.

Mt. Fox improperly aborts a trade. The escrows backing the trade are frozen. The coin recovery period is between February 20, 7:19pm and February 21, 7:19am.
The user escrow and the exchange escrow backing the aborted trade are frozen.

When an escrow is frozen, the user is given a coin recovery window. The coin recovery period will be displayed to the user immediately after the trade was abort. (In the example we showed, the coin recovery period is February 20, 7:19 PM to February 21, 7:19 AM.)

To recover her coins, the user needs to connect her Arwen App to the Internet during the coin recovery period. If the user forgets to do this, the coins involved in her aborted trade could be at risk.

If the user forgets to connect her Arwen App to the Internet during the coin recovery period, the coins involved in her aborted trade could be at risk.

What happens during the coin recovery period?

One of two things can happen when the user comes online during the coin recovery period — the aborted trade either gets executed, or not.

But which of these two outcomes will happen? That depends on the actions of the hacked exchange. That why the user’s Arwen App needs to come online during the coin recovery period, see what the exchange tried to do, and then recover the user’s coins. One of the following will happen.

  1. The aborted trade is executed on blockchain. Thus, the trader sells 0.00120610 BTC and buys 0.1 LTC. The frozen escrows are closed, and the 0.00120610 BTC from the aborted trade is deposited into the exchange’s wallet, and the outstanding 0.1 LTC is deposited into the user’s wallet.
  2. The aborted trade is NOT executed on blockchain. Thus, the user keeps her 0.00120610 BTC and does not buy 0.1 LTC. The frozen escrows are closed with the outstanding 0.00120610 BTC deposited into the user’s wallet, and 0.1 LTC deposited into the exchange’s wallet.
A trade of 0.0010000 BTC for 0.08379090 LTC was aborted by Mt. Fox. Our Arwen App recovered our coins during the coin recovery period — showing that the aborted trade was actually executed on-blockchain.
A trade of 0.00100000 BTC for 0.08379090 LTC was aborted by Mt. Fox. Arwen recovered our coins during the coin recovery period. During the coin recovery period, Arwen finds that the aborted trade was never executed, and so our intended trade amount of 0.0010000 BTC is returned to our wallet along with the unspent balance.

Fortunately, the coin recovery period is only relevant when the exchange aborts a trade. Under normal conditions, the trader will be able to trade and close her escrows without worrying about the coin recovery period.

Summary

Arwen is what cryptographers call an “optimistic protocol” — it is fast and simple when everyone behaves, but becomes more complex when one party misbehaves. In fact, the key technical contributions of the Arwen Trading Protocols come into play when recovering coins from frozen escrows.

Fortunately, however, the trader need not be aware of any of these protocol niceties. All she needs to know is when to connect her Arwen App to the Internet. Her Arwen App (and its underlying Arwen Daemon) will execute the coin recovery protocol under the hood, without any input from the trader.

So if the exchange goes offline, loses access to its wallet, or attempts to steal the trader’s coins, the trader’s coins are never at risk. This follows because the Arwen Trading Protocols allow the trader to unilaterally recover coins from her escrows, on her own, without any assistance from the exchange.

Download our testnet app and try trading at Mt. Fox!

Arwen for Testnet (with Mt. Fox) on Mac 
Arwen for Testnet (with Mt. Fox) on Windows
Arwen for Testnet (with Mt. Fox) on Linux
IMPORTANT: Remember to use testnet coins only!

See also: Arwen Testnet User Guide (with instruction on getting testnet coins)