Digital currency exchanges are notorious for their vulnerability to cybercrime and data protection risk. Whilst the blockchain is immutable, exchanges and wallets are not. According to Reuters, since 2011 there have been at least three dozen heists on various exchanges.
Recently, South Korean cryptocurrency exchange Coinrail reported a hack on its website with thieves allegedly stealing more than $40 million worth of altcoins and assorted tokens. This resulted in a 10% drop in the price of bitcoin, with significant losses seen by other digital currencies too. Many find the idea of trading in cryptocurrencies extremely risky and these attacks serve to highlight the critical need for safe and secure cryptocurrency storage.
Here, we explore whether this could have been prevented and what steps can both companies and users take to ensure that they are doing what they can to effectively protect assets.
An industry of exponential growth
If we consider that there are more than 1,200 cryptocurrencies in use, the scale of the current problem, and potential future risk, becomes truly apparent – particularly when its considered that tokens are not physical assets that can be quantified. For enthusiasts to even speculate the use of cryptocurrencies on a global scale, it needs to be a lot safer than it is currently.
Exchanges and wallets must implement tighter measures and protocols. This is particularly crucial for companies operating within the financial services sector, which also hold masses of personal information as well as facilitate cross-border transactions across currencies.
As the boundary between mainstream markets and the crypto world grows narrower – for instance, the Swiss stock exchange is launching the fully-regulated Six exchange platform for the trading and storing of digital assets – the time for change is now.
Storing digital currency - online or offline?
Cryptocurrencies are held in digital wallets and numerous blockchain platforms have created their own exchange-based wallets, with varying pros and cons.
Those held through exchanges are considered ‘hot wallets’ as they are connected to the internet. While these are popular with those actively trading - as users have immediate access to their tokens - being constantly online puts tokens at a much greater risk of being hacked or stolen.
To overcome this major downside, ‘cold wallets’ have been created to store tokens in a much safer environment. These are stored offline, including in the form of hardware and paper wallets, thereby being less susceptible to attack. Cold wallets remove the risk of hackers infiltrating the system through any device.
While not efficient for micropayments and daily transactions, cold wallets offer a safe way to store large amounts of cryptocurrencies long-term. For example, following the hack on Coinrail, the exchange issued a statement on its website to confirm that 70% of its reserves were safe as they had been transferred to a cold wallet.
Hot wallets are of course still necessary for everyday use; however, it is much safer to transfer small amounts into these accounts – perhaps just enough for a given transaction, to minimise risk and potential loss.
Despite the security measures of cold storage, it’s still important to remain vigilant surrounding the choice of wallet and processes, as they can still be vulnerable to threats. Exchanges need to make sure they are putting as many security systems in place as possible to protect their users and outsmart hackers.
For exchanges and businesses, there are certain protocols that can help. Simple safeguarding measures such as adding in another level of security when making requests to withdraw tokens and encrypting passwords and keys are a good start. And this can be taken this further by using systems that distinguish human from machine input, avoiding those that store memory and cache.
To that end, limits can be set for the amount of digital currencies stored (and the length of time for which they are stored) in a hot wallet, whilst the majority of tokens can be placed in cold wallets that require authorisation from multiple sources.
From two factor authentication to the logging of relevant information in order to track, record and alert on abnormalities, these systems have been available for a long time in traditional economies. Many of these tried and tested processes can be maximised and expedited through the unique characteristics of the blockchain, such as decentralisation, efficiency, simplicity and immutability.
The underpinnings of blockchains are based on time-tested cryptographic primitives that allow for a high level of trust in the overall system. For example, during log-ins, a digital signature can be created by computing a signature over the transaction. If the transaction changes, it will result in a different signature. If the digital signature attached to the content does not match the digital signature that is computed for the content, then the content is rejected as invalid.
Know your client
Identity theft is a long-standing security threat that can lead to many cases of fraud and stolen funds.
In the digital space, stringent governance and ‘Know Your Customer’ (KYC) processes are not yet deeply ingrained. While some would argue that such a level of regulation is an unnecessary step in what is deemed to be a revolutionary alternative to more traditional methods, regulation is critical to support the continued growth of innovation.
For now, blockchain-based businesses tend to comply with certain ‘best practice’ KYC requirements, which are not set in stone by the financial regulators. This includes collecting specific data from users, particularly if companies offer any currency related services, to alleviate the risk of fraud and other cybercrime.
For merchants and arbitrators, the process should include additional layers of verification and a more in-depth process to facilitate API integration. This process should also automatically involve a contract being acknowledged and signed.
Certainly, the benefits of blockchain technology mean that these steps can now be simpler and faster to carry out than ever before.
If security and regulation continue to be taken seriously by platforms who are leading the charge, we can expect to see increasingly bigger players entering the market, with the assurance that the correct measures are in place to protect them and their customer. This can only be a positive thing for individual users, businesses, industries and the economy.
About Dr Nir Haloani
Dr Nir Haloani is an innovator in the areas of data compression, AI, and machine learning and has earned the prestigious Master Inventor title for authoring over 13 patents in these fields. He has more than 19 years of experience leading research and development teams at a number of tech companies and was the former co-founder and CTO of Infima Technologies, which was later acquired by IBM. Nir holds a BSc degree in computer science and mathematics from Tel Aviv University, as well as a PhD in applied mathematics from Bar-Ilan University. Dr Nir Haloani is the Chief Technology Officer at COTI.
In the decentralised economy of the future, there is a need for a decentralised payment platform – meet COTI. COTI is building a platform that creates payment networks over DAG (Directed Acylic Graphs), that can scale infinitely. It powers up merchants, payment service providers, developers and financial organisations with a full solution that can help them replace cash, credit cards and banks.