Crypto Custody: A troubled present, a secure future
This article is reprised from an article on TechCrunch.
“Cryptocurrency” is the latest buzzword, popular amongst blockchain veterans and the masses. While people dream of ‘owning’ cryptocurrency, they are uncertain of its security. Their apprehension is justified.
The internet is flooded with news of unrecoverable crypto-funds that are either lost or compromised. This is a direct result of poor or overly complicated security, coupled with the consumer’s lack of knowledge regarding crypto-custody.
The ask is simple: “I want to keep my cryptocurrency safe.” The problem arises when we think of how to achieve this.
Should you BYOB?
BYOB stands for “Be your own bank” and removes physical banks as the middlemen. This sounds lucrative and secure, but brings its own set of problems. Crypto-custody requires you to keep your own private key and a secret passphrase, considering cryptocurrencies are encrypted. The former lets you sign transactions while the phrase allows you to ‘recover funds’.
The passphrase, generally 12 or 24 words in length, is to be remembered. Unsurprisingly, most people tend to write it down. That’s not exactly safe.
What else can you do?
Let’s ‘Exchange’ funds
Exchanges are akin to established companies. When BYOB fails or becomes too cumbersome, people will most likely leave their funds on their exchanges. However, there’s a catch. Unlike the decentralisation that sets blockchain apart, exchanges are centralised. This opens your funds up to hacking, DDOS, unavailability, and improper maintenance. They could also be shut down by your government. The problem with this centralised system, as mentioned in TechCrunch, is that it depends on the ‘legacy finance system’. If the system fails or the currency is outlawed, your funds are lost.
In this system, people only trade coins, sans ownership. As a result, withdrawal or deposit of coins becomes impossible. Transfers from exchanges are not entertained, thus impacting ICO participants. So, what next?
Wallet it
There are two kinds of wallets — hardware wallet and software or Hot wallet. The latter is always connected to a network. This increases its vulnerability to attacks. Hardware wallets are connected as per your will. That is, when you connect them. They have an additional layer of security in the form of a hardware key, which is in turn protected by ‘secure hardware elements’. However, the hardware itself can be stolen and is prone to software issues, which exposes your passphrase and security when you connect.
As per TechCrunch:
“The reality is that even decentralized services are at risk — because no code is perfect.”
Crypto Competition
Every cryptocurrency now has its corresponding wallet. No single wallet helps give access to all the currencies at the same time. Hardware wallets have limits on currencies as well. Unfortunately, none of them have a smooth process to transact with other wallets. This makes it difficult for people to keep track of their funds’ locations. Thus, users have to keep lists of multiple wallets and private keys. This makes the wallets more vulnerable to attacks.
Wolves in Sheep’s Platforms
From wallets to downloading wallets. We have all clicked on that enticing “free”-something link at some point, be it a message sent by our operator, an ad, or just an interesting app in the app store.
Fake mobile wallet apps are a means for hackers to obtain our private key or our phone number. The number protects our SMS 2FA. If you see an ad that is too good to be true, it probably is. Do your research before you click on an ad or download an app. A little precaution goes a long way. After all, it’s not just the apps.
“…domain registrars and DNS providers have become targets to hackers and can result in loss of funds.” — TechCrunch
The least platforms can do now is check the authenticity of apps and ads they display.
Does the future seem bleak?
It isn’t.
A secure future
The problems have been identified. Now we can work towards solving them. The focus is on security, convenience, and safety.
Multi-Sig is a step in the right direction. It has a dual-or-multi-key confirmation process to verify transactions. It is not convenient, but it’s a start. This way, you can delegate half your security to a centralised entity, while keeping the other half for yourself. Hence, the entity does not have complete control.
Regulated services like Robinhood are also leading the way to a more secure future, with safer transactions and storage.
Needless to say, technology will advance, but will it advance enough to stop people from worrying about their security and countering human error? Only time will tell.
As stated by Ouriel Ohayon, “You can build the fastest and most scalable crypto protocols you want. What’s the point if no one has peace of mind(?)”
Like what we wrote? Help us by sharing a clap. Follow us to get more updates on digital asset security.
