Is it Possible to Create an Un-hackable Crypto Website/Bank for your bitcoin (or other cryptos)?
Those who bought any significant amount of Bitcoin (or any other crypto) are faced with an interesting dilemma. Where to put it and how to keep it safe?
A related question is: Is it even possible to keep your crypto safe?
Hacking has been a major problem in crypto currency circles since Bitcoin was introduced in 2008. Even before the recent wave of interest in cryptocurrency (which happened in 2017), there were well known hacks and problems. In 2014, for example, Mt. Gox, the largest bitcoin exchange at the time was hacked for 740,000 bitcoin, which was valued at over $460 million at the time (and which at 2017 and even 2018 prices would be over $1 billion).
It’s not just exchanges that got hacked — in 2017, Nicehash, one of the leading mining services was hacked for over $70 million. In 2018, coindesk reports that over $1 billion was hacked from various services!
With Mt. Gox set to come back on online in the near future, a good question is, should you store any bitcoin or crypto on sites like Mt. Gox, or Coinbase, or other online sites?
On the flip side, there is the dilemma of storing your crypto in “cold storage”, or in “hardware wallet”. There are some downsides to this too — namely, if you can’t get access to it without going to the cold storage, what’s the point of having electronic money in the first place??
More recently, just in early 2019, Canadian crypto exchange QuadrigaCX, was unable to repay $190 million in its client holdings after its founder unexpectedly passed away and he was the only one who knew the “password”!
So where to store your crypto?
Let’s quickly look over the places you might store your crypto:
- Where you bought it — Coinbase or an exchange. In many ways, for many people, this is ideal because you can log in anywhere and access it. However, this has the obvious problem of being hackable, like all the major hacks to date. Just because the site you use hasn’t been hacked yet doesn’t mean it won’t be!
- Wallet on your laptop/desktop — There are obvious problems with this — if your hard drive dies, or you just forget about it. I know someone who had some bitcoin on his laptop from 2014 that he had forgotten about, and when the price started to rise in 2017, he realized that he had hundreds of thousands of dollars in bitcoin somewhere on his laptop. When he went to look for it, he found that the bitcoin client he was using was so old that it didn’t work anymore! Luckily he was able to get the private key and put it into a new wallet, but obviously individual laptops are not very secure and can be hacked!
- Hardware Wallets — A popular option is the hardware wallet, such as the Nano ledger. In this little USB device, which you plug into your laptop, the private key is only stored on the hardware wallet and never actually stored on your laptop at all. The problem is one of no redundancy — if you forget the password or lose the seed phrase to get your private key, then you’re screwed. Of course, you could store the passwords and/or private key somewhere, but then that makes them hackable!
- Cold storage (in office or in a bank). I know many founders of crypto companies and one approach is to store your ether in, for example, a hardware wallet or the seed phrase and have it stored in a physical safe or in a physical safe deposit box at the bank. Of course there are serious disadvantages to both the hardware wallet and cold storage — you can’t access them when you travel or from more than one place. And if you are a company, there are multiple people that may need to be able to access it (CFO, CEO, etc.) and it becomes very cumbersome to have to make a trip to the bank every time you want to do a crypto. One of the great things about having your money at Wells Fargo or Bank of America is that you can walk into a branch anywhere and do a transaction (or use your debit card).
- Spread it out across different exchanges/sites. This is an option that I used at one point, since I didn’t want to have my crypto on my laptop, and because I travel a lot I wanted to have access to it. This doesn’t stop any particular exchange/site from being hacked, but it reduces your losses. The obvious drawback here is the needing to remember all the passwords on different sites. If you use the same password then you are once again pretty much hackable!
Redundancy and Hackability — Is There a Tradeoff?
As we saw above, pretty much anywhere you store your crypto, of which all seem like good suggestions, have both advantages and serious disadvantages.
The death of the QuadrigaCX founder shows that you need redundancy if you are going to store your bitcoin anywhere. Of course, the more redundancy you have, the more likely it is that you can be hacked! And of course, if you store it on any online exchange or website, there is always the possibility that they can be hacked!
There have also been (although I have to say this is probably very rare), stories of people held up at gunpoint to enter their password into a hardware wallet. This is not unlike storing anything in your safe, like cash or if you are in a Quentin Tarantino movie, bearer bonds! If you are a company that has say millions of dollars in crypto — would you EVER store that much in cash at your office in a safe? No? Then why would you store a hardware wallet?
A New Approach to Storing Crypto
It seems like redundancy, accessibility, and hackability are the key considerations when deciding where to store your crypto. The safer it is, the less accessible it is. The more accessible it is, the easier it is to hack!
A few years ago, I was looking at ways to spread crypto out across different websites so that I could always log into one of them. As I said, this has serious disadvantages in that you have to remember passwords and any of the sites can be hacked — it’s unlikely that you would have them on enough sites to really reduce the risk.
What if , I thought, I could store my bitcoin (or ether, etc.) across 100 different wallets on 100 different sites? That way, if any of them got hacked, I would lose at most, 1% of my holdings. While that could be a lot for some people, it’s a lot better than risking a hack losing 99% or 100% of your crypto holdings!
This didn’t seem practical. For one thing, I wouldn’t even know of 100 different sites. Secondly, i’d probably forget about some of them. And on and on, including transaction fees, etc.
A Novel idea: Expect To Be Hacked
I began to wonder if this approach could be automated to create a different kind of crypto bank or website that expected to be hacked? The key wasn’t to be un-hackable, but to have enough redundancy so that any hack reduces your potential exposure!
This was the germ of an idea that could be used for a new kind of crypto bank or storage that was fully electronic and didn’t require relying on cold storage or physical access to the bitcoin.
The basic idea is to spread out the risk across all patrons, like any bank might do. You could use a combination of multi-signature wallets and dynamically move around crypto, while providing access to some of your crypto from anywhere.
Could It Be Done? Some Thoughts
I began to think about whether this would be a valid model for a bank, and came up with the following algorithm / pseudo code of how to create crypto bank (which consists of sub-banks).
Let’s use BTC as an example and ignore transaction fees for the moment.
Let’s say you have 1 BTC to store. Let’s also say that there are 100 people, each of which have 1 BTC to store.
Now suppose you could set up 100 wallets, each with 1 BTC, but each person owns 1% of the bitcoin in each wallet (rather than everyone owning 100% of the BTC in their single wallet).
So, if a wallet gets hacked, then everyone is left with 99% of their holdings! A 1% loss might be acceptable.
Now, you have to make it so that it’s hard enough to hack these wallets that it’s unlikely someone could hack more than 1 of them from the same place (again, building in redundancy).
Supposed each wallet required multi-sig, and each person had one of the private keys and the bank had the other private key. You could set up a wallet (at least in theory for some cryptos) that each wallet by itself can withdraw only 1% of the holdings in a wallet, and even with two keys, at most you can withdraw x% of the wallet.
So, even if someone got all of the private keys from the bank, they could only get 1% out of each of the 100 wallets, or hack 1% of the total. If they were able to hack an individual, they would only get 1% of 1 wallet = .01%.
If they hacked the bank and got ahold of one of the private keys of the individual, then they could hack up to x% of one wallet only!
Some Other Considerations
Every time one person decided to withdraw some BTC, you would have to do an adjustment of the amounts owned by each person.
Let’s say I withdrew the full amount (1 BTC), I would need my private key and the bank’s key, but I would really “logically” be withdrawing 1% out of everyone’s wallet, so if i’m really a hacker (rather than “me”), then theoretically everyone (including me) would still have 99% of our BTC (assuming I can report or figure out that it was a hacker).
Theoretically, every time one wallet gets drained, whether by a hack or a withdrawal, everyone’s ownership percentages get reduced. So let’s say one person withdraws their full BTC, then you could reduce the amounts of all 100 wallets by 1%, or get rid of one wallet, and everyone else still has an equal percentage of the 99 remaining wallets.
One disadvantage is that you can’t withdraw 100% of your crypto all at once. Theoretically, though even at normal banks, everyone cannot withdraw 100% of their funds at any given time (this would be called a run on the bank and was what led to the Great Depression and the creation of the FDIC, etc.).
By having withdrawal limits, you can set it up so that no one can get hacked to 100%, and that any withdrawal can be verified before further BTC can be withdrawn from that wallet. This would, as I said, put withdrawal limits, but again that’s what banks do with ATM cards, etc. Just like Bank of America, which has thresholds that it lets you wire out without approvals, this could be set up the same way.
Could it work? There’s a lot of details that would have to be worked out, including whether it could work better for blockchain with smart contracts like Ethereum or EOS rather than BTC which has very simple smart-contract capabilities. You’d also have to think about transaction fees if you are moving things between wallets and optimize so that you weren’t paying transaction fees on 100 different wallets.
ERC20 smart contracts, for example (and ERC721) keep track of transfers between wallets internally, and it doesn’t necessarily require having 100 different transactions, you could update the internal accounting all in one smart-contract.
Of course, the numbers used here are arbitrary — you could have 1000 wallets or 99 or 9, depending on the threshold, and could require an increasing number of signatures, say 1% for one key up to 99 keys at once, etc.
What do you think? Is this a trivial or a non-trivial solution to a real or imagined problem? Would the costs of spreading out crypto across so many wallets make it unmanageable?
Risk management is an accepted area in any type of investment management or portfolio, why wouldn’t crypto be the same?