Systemic Risks Of Big Exchanges & Why We Build An in-wallet DEX
Today’s Binance hack shows a failure of accounting practices as much as the systemic risk of a crypto exchange legacy systems.
Binance just lost 2% of their assets. Their communication and process has been transparent — That’s good.
Here is what happened (Read their announcement here.):
- Binance confirms 7,000 BTC were withdrawn by an unauthorized account (and covered by their disaster fund)
- Additional accounts may be affected as well
- Deposits and withdrawals are suspended for one week
We could argue day and night, who is holding responsibility for such a hack. We could also argue about who pays the real costs of the hack: 7k BTC may easily be covered, but obviously the overall confidence in crypto and our community have taken hits, everytime big hacks have happened.
Instead, we argue that centralized, custodial exchanges are flawed by design. In fact, we identified 3 systematic flaws:
First, centralized exchanges hold your coins. You can trade and withdraw only with their agreement. Not only can they hold your coins hostage at will, but they are even forced by design, they have no other way as to completely lock withdrawals (see Binance, but also other exchanges) in case their accounts were compromised.
The reasons are technical: Imagine not only your personal email password has been stolen, but your master password for a password manager that holds your email, facebook, twitter and all other passwords. You would want to lock every account to prevent hacker’s access.
And that’s exactly what exchanges do in such a cases.
Second, centralized exchanges bait bad actors: Massive amounts of crypto tokens secured by the same mechanisms, ordinary users (like me and you) use for securing your own crypto. This so-called ‘honeypot’ lures hackers attention and incentivizes criminal activity.
Lets say, a hacker aims to steal 5.000BTC (~29,000,000USD million). To compare: Bitfinex lost 120,000 BTC in August 2016. Those sums of money surely draw attention.
Third, after a successful heist, the criminal can — to a certain extend — sell crypto anonymously.
Looks bad to you? To us it does.
We need to build a better future, with the help of decentralized exchanges. Exchanges that do not hold your funds (so-called ‘non-custodial)’, but instead simply:
- Provide prices to trading pairs
- Facilitate atomic swaps, wallet-to-wallet
Wallet-to-wallet exchanges CANNOT be hacked
We call exchanges decentralized if no single party can control withdrawals, deposits and trades.
Trades on a centralized exchange live inside an (hackable) exchange, controlled by somebody else. Funds can be withdrawn to a wallet for a fee.
Trades on a decentralized exchange go from your wallet -> to your wallet. That’s it.
Decentralized (wallet-to-wallet) exchanges totally get rid of the design flow that centralized exchanges — such as Binance — have: Holding your coins hostage.
Localethereum (on imToken) as a p2p exchange for example, simply matches you with a counterparty that wants to trade with you.
Kyber and Uniswap (both on imToken) for example, are built on smart contracts to verifiably give you a price and settle the trade on the blockchain.
Note, that Binance DEX can be hacked just like Binance can be hacked, as its servers are fully controlled by Binance. Even if they don’t want to stop withdrawals on Binance DEX, Binance will have to do it, as we have shown above.
Different DEXs have different benefits. Some are faster, some have more liquidity (i.e. variety in prices and tokens), some offer a huge range of tokens.
In August 2018 we released Tokenlon exchange as our own way to maximize security while keeping great prices and easy-to-use interface. We since then iterated on the system design. The latest version went live as a beta 2 weeks ago.
Fully control your own crypto — with Tokenlon DEX
Since our latest version imToken 2.4.1, Tokenlon combines simple UX, efficient pricing and security in one nice app:
In short, we designed Tokenlon as a decentralized exchange with off-chain limit orders and on-chain settlement, based on 0x. Its modular design prevents front-running and trade collisions.
That means, the new Tokenlon beta is:
Faster to trade. Entering the Market view, you already see the present final price. Technically, the prices are represented by off-chain quotations from market makers.
Clicking on trade, the price is locked, and is finalized within the 15–30 seconds of one or 2 blocks.
Easy to use. Again, in the Market view, you already see what you get. One more click, and you can watch your trade with exactly that price being settled via 0x.
Best DEX prices. First, all ERC20 sell orders are realized through gasless transactions, meaning your fee is 0 for deposit/withdrawal (again, there is no deposit), and 0 for trading.
imToken pays the gas fee for you!
More secure. Tokens trade wallet-to-wallet via on-chain atomic swap, meaning your sold token only leaves your wallet, if the bought one is in your wallet.
imToken also supports imKey bluetooth hardware wallet (currently available in Asia, and USA so far).
Get yours on https://imkey.im/ .
Where we go from here
As mentioned, the latest Tokenlon beta is online in imToken 2.4.1 and later. We are currently working on onboarding more tokens.
If you like imToken, and have some feedback, please let us know anytime in the app, or at:
Follow our twitter for Tokenlon listings and the official release of the live version.
imToken is the world’s largest Ethereum digital asset wallet, whose users produce ~10% of all Ethereum transactions. imToken provides access to Ethereum, BTC, EOS, Cosmos.
Our amazing new imToken 2.0 International introduces features, such as:
- Use Face-ID and fingerprint to send BTC Segwit, ETH, EOS, COSMOS transactions to friends via the decentral address book (synchronized over IPFS)
- Earn by staking on Cosmos & Loom or earning interest on Compound
- One-Click trade on the native Decentralized Exchange: Tokenlon
- Store your tokens securely on your old mobile phone using the secure Cold Wallet setup or get imKey
- Check out DApps in the open DApp browser