The Glimpse at Crypto Exchange Hacks and Security Model
By Milana Valmont on ALTCOIN MAGAZINE
Reality
The year of 2018 was a harsh one for cryptocurrency users and exchanges. Despite the bear market looming in the background, there is an even more alarming trend at play. Forbes estimates that in 2018 $765 MILLION was lost to nefarious cryptocurrency hacks, of which CoinCheck was dealt the biggest hit as they lost over $500m in cryptocurrency.
In my previous article I had made it clear that decentralized exchanges are much, much safer than their centralized counterparts. Simply put, decentralized exchanges do not have access to your private keys, meaning that users must sign for every transaction rather than allowing the exchange to do it on their behalf. This gives users a wider range of control over their funds and improves security. Despite these well-known facts, the User Interface and User Experience in many of the decentralized exchanges available today are simply too appalling to engage new users and cryptocurrency newcomers.
As a result, many who wish to get started in cryptocurrency trading or simply holding will opt for the simpler and more user-friendly centralized exchanges. It is therefore why 2018 has been an absolute wreckage when it comes to money lost due to cryptocurrency exchange hacks.
Maturity
The main issue today is that exchanges are not seen for what they are. Cryptocurrency exchanges such as Kraken, Bitfinex or Binance are simply web interfaces which allow users access to various blockchains. (Centralized) Exchanges are not cybersecurity companies, but rather fintech startups. Customers and traders today place an overwhelming amount of trust in these exchanges, which in turn makes way for hackers to take advantage of them. After all, exchanges are just fintech startups with a web interface, how hard could it be?
In 2016, Bitfinex had lost nearly 120,000 bitcoin due to not having taken the proper measures to counter-act such agendas. Despite the hacks in the past and the ones happening momentarily, cryptocurrency and exchanges are at a turning point, a point where maturity and growth can occur. Both exchanges and users alike don’t want to lose money, and it is therefore in their best interest to start taking measures against this. As such, many exchanges have never been hacked (see Kraken) since they took notice of the events happening around them. The same can be said for some cryptocurrency traders and holders. Taking the proper measures such as storing your coins in your own private wallet and keeping your private key safe can go a long way.
Change
Although it may not seem like it, 2018 was a year of record-setting for cryptocurrency, as the biggest hack in the history of cryptocurrency hacks occurred, with CoinCheck losing over $500 million in NEM tokens.
Although CoinCheck did not wish to issue any details of the how, why and where, there are a few ways this could have happened. First of all, it is important to note that in this instance, only NEM coins were drained from the crypto exchange, which in itself is a massive indicator. Exchanges store different currencies in different wallets, as such, the security between some of these wallets can differ. In this case, it has become apparent that the NEM wallet where the cryptocurrency was stored was a ‘hot wallet’, a wallet which lacks multi-signature protection. Multi-signature makes wallets harder to hack as it requires more than one signature from one private key, therefore making it harder to access. (Side note: If the hack’s cloud was exchanged then having a multi-sig wallet does not protect against moving the funds, as the hacker has access to all of the private keys).
The number one question which arises from this incident is why? Why would an exchange which is holding such immense amounts of cryptocurrency on behalf of its users be so careless? A clear sign that we are still in a young and developing industry and that change must occur. The maturity of the industry is slowly but surely making its way, with more and more exchanges taking measures against such hacks.
The future is going forward we as users are also expected to start taking the measures necessary to safe-keep our cryptocurrencies. After all, the whole idea of Bitcoin and the cryptography behind it is to give people back the power over their financial instruments. As such, it is strongly recommended that new cryptocurrency users take the time to learn how to trade on Decentralized Exchanges due to the security features that are in place. However, what if there was a platform that combined the best of both worlds?
While many believe that it is hard to topple the Exchange giants of the cryptocurrency industry, I believe that it may not be as difficult as some think (from a competitive point of view). There are many issues and reports from users which would make exchanges a better experience. As such, a hybrid exchange would most probably fare well in today’s scene, as long as it is done correctly. A hybrid exchange is defined as a bridge between a centralized and a decentralized exchange, whereby they co-exist. Users balances are stored and locked on the decentralized side, and traded on the centralized exchange.
A hybrid exchange would offer the security features of a decentralized exchange, i.e. not having custody over user funds, allowing users to store their coins in their own personal wallets, and allowing users to withdraw funds despite DDOS attacks and any other off-chain hacks, all while offering the best user-experience available.
Furthermore, the relationship between the two components of a hybrid exchange allows the decentralized part to ‘monitor’ APIs from its centralized counterpart, where transactions are taking place. Should the system suspect that foul play is at work, it will raise a flag, which halts transactions for a short period of time, however also allowing users to check if there truly is something wrong. This could, in turn, lead to a consensus-based system whereby exchange users can agree or disagree on the flag raising, and decide whether the system needs to be halted for a longer period of time or not. This provides users with the sense of security that their funds and transactions will not be stuck due to an arbitrary decision from a third party, e.g. the exchange itself.
In conclusion, it is clear that today’s cryptocurrency exchange methods are rather primitive in comparison to the solutions which we are likely to see as the industry matures. However, progress happens in a step by step process, solving each problem at a time whilst thinking ahead! If anything, 2018 was a year which shows us we’re still dealing with exchange hacks, ranging from DDOS attacks to cloud hacking of private keys. Could a solution such as a “hybrid” cryptocurrency exchange be the one to solve these problems, and perhaps add to the experience which users have been longing for? Stay tuned to find out…
Thank you for reading and don’t forget to clap :)
XOXO
