Unleashing Mt. Fox

How Arwen Protects Investors from A Hacked Exchange

Published in

Arwen

6 min readMar 4, 2019

Security innovation is difficult to showcase. Rare events don’t create much opportunity to demonstrate value and utility. Consider airbags — no one wants to wait for a car crash to see a solution in action, but innovators created crash test dummies for drivers and manufacturers could see value in this protective measure.

Similarly, our team didn’t want to wait for another exchange hack so we’re excited to demonstrate how Arwen protects you and your coins in the worst-case scenarios. With that, we’re happy to reveal our hacked testnet exchange, Mt Fox!

Arwen for Testnet (with Mt. Fox) on Mac
Arwen for Testnet (with Mt. Fox) on Windows
Arwen for Testnet (with Mt. Fox) on Linux
IMPORTANT: Remember to use testnet coins only!

A Persistent Threat

Five years ago, Mt. Gox abruptly filed for bankruptcy, having lost 750K in Bitcoin. In December, Quadriga Coin Exchange lost access to its cold wallet, leaving traders without access to the coins they had deposited at the exchange. Last week, Cryptopia revealed that hackers had walked off with $16M USD worth of ERC-20 tokens held in deposit by traders at the exchange. In addition to the settlement risk posed by exchanges, the threat of hacks is creating significant reputational risk for the crypto-asset economy and keeping institutions at bay.

Arwen eliminates this counterparty risk and protects your coins, even if an exchange is hacked, goes offline, or loses access to its wallet. Instead of depositing your coins in the wallet of the exchange, Arwen keeps your coins safe by locking them in on-blockchain escrows, where the agent of escrow is the coin’s native blockchain. (e.g. your BTC is protected by the Bitcoin blockchain itself) Individual trades can be executed using instant atomic swaps.

Arwen decentralizes settlement while still enjoying the speed and liquidity afforded by a centralized crypto exchange. Our protocols ensure that even a hacked, malicious or unresponsive exchange cannot steal a trader’s coins.

Introducing Mt. Fox

We designed Mt. Fox to steal your testnet coins, but there are two two key security assumptions behind Arwen.

Arwen protects traders’ coins as long as:
1. Traders remember to close their escrows before they expire.
2. If a trade is aborted, the trader remembers to come online during the coin recovery period indicated by the Arwen App.

Coins are at risk only if the exchange is compromised, malicious, or unresponsive. An honest exchange will not abort trades and will always close escrows on the user’s behalf once her escrows expire. Traders’ coins are not at risk if items 1 and 2 are fulfilled.

When Mt. Fox attacks

Each Arwen escrow comes with an expiry time. So, what happens if you try to close an escrow before it expires, and Mt. Fox refuses?

It turns out that a trader can unilaterally close an exchange escrow before it expires, even if the exchange refuses to respond to the closing request. (This follows from the structure of the Arwen protocol for unidirectional RFQs. Details can be found in our whitepaper.)

An issue arises only if the compromised exchange refuses to close a user escrow. In this case, the user coins’ are never at risk — — the user waits until their escrow expires and the Arwen App will unilaterally close the user escrow, without Mt. Fox’s help.

View in the Arwen App when Mt. Fox refuses to close a user escrow. Arwen will unilaterally close the escrow without the exchange’s help once the escrow expires.

When Mt. Fox aborts a trade

The Arwen App currently supports unidirectional RFQ trading which flows as follows:

The trader requests a quote : “How much BTC is needed to buy 100 LTC?”.
The exchange gives a quote — “You can buy 100 LTC with 0.523 BTC.” At this point the exchange commits to executing the trade at exactly this price.
The trader can either place the order, or not.
If the trader places the order, the exchange executes the trade of exactly 100 LTC for 0.523 BTC. This trade is a cryptographic atomic swap.

In the Mt. Fox case, the trade is unexpectedly aborted at step 4. In an optimistic condition, the exchange will execute a trade against any quote it provides.

If an exchange aborts a trade, the escrows involved in the trade are frozen.

Mt. Fox improperly aborts a trade. The escrows backing the trade are frozen. The coin recovery period is between February 20, 7:19pm and February 21, 7:19am.

The user escrow and the exchange escrow backing the aborted trade are frozen.

When an escrow is frozen, the user is given a coin recovery window. The coin recovery period will be displayed to the user immediately after the trade was aborted. (In the example we showed, the coin recovery period is February 20, 7:19 PM to February 21, 7:19 AM.)

To recover her coins, the user needs to connect her Arwen App to the Internet during the coin recovery period. If the user forgets to do this, the coins involved in her aborted trade could be at risk.

If the user forgets to connect her Arwen App to the Internet during the coin recovery period, the coins involved in her aborted trade could be at risk.

What happens during the coin recovery period?

One of two things can happen when the user comes online during the coin recovery period — the aborted trade either gets executed, or not.

But which of these two outcomes will happen? That depends on the actions of the hacked exchange. That why the user’s Arwen App needs to come online during the coin recovery period, see what the exchange tried to do, and then recover the user’s coins. One of the following will happen.

The aborted trade is executed on blockchain. Thus, the trader sells 0.00120610 BTC and buys 0.1 LTC. The frozen escrows are closed, and the 0.00120610 BTC from the aborted trade is deposited into the exchange’s wallet, and the outstanding 0.1 LTC is deposited into the user’s wallet.
The aborted trade is NOT executed on blockchain. Thus, the user keeps her 0.00120610 BTC and does not buy 0.1 LTC. The frozen escrows are closed with the outstanding 0.00120610 BTC deposited into the user’s wallet, and 0.1 LTC deposited into the exchange’s wallet.

A trade of 0.0010000 BTC for 0.08379090 LTC was aborted by Mt. Fox. Our Arwen App recovered our coins during the coin recovery period — showing that the aborted trade was actually executed on-blockchain.

A trade of 0.00100000 BTC for 0.08379090 LTC was aborted by Mt. Fox. Arwen recovered our coins during the coin recovery period. During the coin recovery period, Arwen finds that the aborted trade was never executed, and so our intended trade amount of 0.0010000 BTC is returned to our wallet along with the unspent balance.

Fortunately, the coin recovery period is only relevant when the exchange aborts a trade. Under normal conditions, the trader will be able to trade and close her escrows without worrying about the coin recovery period.

Summary

Arwen is what cryptographers call an “optimistic protocol” — it is fast and simple when everyone behaves, but becomes more complex when one party misbehaves. In fact, the key technical contributions of the Arwen Trading Protocols come into play when recovering coins from frozen escrows.

Fortunately, however, the trader need not be aware of any of these protocol niceties. All she needs to know is when to connect her Arwen App to the Internet. Her Arwen App (and its underlying Arwen Daemon) will execute the coin recovery protocol under the hood, without any input from the trader.

So if the exchange goes offline, loses access to its wallet, or attempts to steal the trader’s coins, the trader’s coins are never at risk. This follows because the Arwen Trading Protocols allow the trader to unilaterally recover coins from her escrows, on her own, without any assistance from the exchange.

Download the Arwen testnet app and see how you fare against the Fox!

Arwen for Testnet (with Mt. Fox) on Mac
Arwen for Testnet (with Mt. Fox) on Windows
Arwen for Testnet (with Mt. Fox) on Linux
IMPORTANT: Use testnet coins only!

See also: Arwen Testnet User Guide (with instruction on getting testnet coins)