Type to search

The Security of the Chain

With the growing number of crypto exchange hacks and the quantum of wealth that is being lost in these hacks, there has been increasing concern among non-crypto folks about the long-term sustainability of cryptocurrencies and the durability of underlying blockchain technology. Code might be law, but code, like laws are written by men and women, and can be broken and rewritten by men and women. The defence’s case so far has been that the underlying blockchain systems themselves are not really compromised in the case of an exchange hack; It is not a hack on bitcoin or ethereum, it is an attack on vulnerable IT configurations or in some cases plain old social engineering of the Kevin Mitnick variety, both of which do not necessarily have anything to do with blockchains.

Source: https://imgs.xkcd.com/comics/security.png

However, this argument around blockchain security sanctity is now under assault. Until the recent ETC 51% attack, such attacks were pretty much limited to lesser-known cryptocurrencies that neither had strong communities nor high enough hash power. PoW chains are vulnerable to 51% attacks because there is always a non-zero probability that more than 50% of the mining power is controlled by a single entity, which could then use it against the interest of stakeholders in the ecosystem by reversing and double-spending the coins. However, the 51% attack on Ethereum Classic, which is one of the more popular cryptos and the original parent chain of Ethereum prior to the infamous DAO hack and the subsequent Ethereum fork, should serve as a much-needed wake up call to folks with dogmatic faith in the security of cryptocurrencies. They are immutable and censorship-resistant, but definitely vulnerable to 51% attacks by motivated actors.

A recent article published in MIT Technology Review  lays out the various forms of attacks that malicious actors can launch on public blockchains. The article is valid in some of its criticisms. A blockchain network is a honeypot for hackers, and at any given point in time it is a constant battle between a set of stakeholders ( usually the core developers) trying to keep it secure and those that are trying to attack the network. In general, the larger networks – Bitcoin, Ethereum, ZCash, etc. are safer than some of the smaller cryptocurrencies, that do not have as much developer attention and are consequently targeted by hackers successfully. A case in point it the recent ZCash vulnerability that was fortunately caught internally, precisely because ZCash’s status as a major privacy focused blockchain network means that it has some of the smartest developers working on it. For the larger chains therefore, a risk of a hack is a black swan event, where as for the smaller chains, it is probably a real and present risk till they scale and attract enough attention to have a global pool of developer talent that is willing to supporting them. Also, even for the larger chains, as Taleb would say, they have a low probability of happening, until they happen; like US house prices retracing, for instance.

Even if a major blockchain network were to be hacked, decentralization provides a certain anti-fragility and resilience, as this tweet lays out.

Zooming out, the blockchain vs hacker developer wars have to be seen in the context of the overall cybersecurity scenario today. With the profusion of data, pretty much every piece of meaningful data that exists is fair game, as evidenced by the increasing number of data security breaches. At any given point of times, armies of hackers, some even state sponsored, are plugging away on their keyboards, trying to pick their way into the databases and the servers of most of today’s large corporations, governments and even individuals.

We also need to differentiate between the security risks of the blockchain itself and the security risks posed by improperly designed supporting infrastructure, to go back to an earlier point. Most media references, when they refer to exchange hacks for instance, actually refer to traditional IT breaches, and are not necessarily a criticism of any of the blockchain technologies underpinning the coins traded on the exchange. Centralized exchanges will continue to be a major attraction for hackers, and hence the increasing interest in decentralized exchanges such as Fordex and the upcoming one from Binance.

Eternal vigilance is the price of liberty; Thomas Jefferson’s quote is applicable here in the case of cybersecurity as well.

Meanwhile in Crypto Wonderland….

“Beam Raises More Capital” Privacy-oriented cryptocurrency startup Beam has secured an undisclosed amount of funding from Japan’s professional network website, Recruit Co., Ltd. Recruit stated that the investment was made through its $25 million RSP Blockchain Tech Fund, which was set up last November. Beam confirmed the investment, stating that Recruit invested prior to its mainnet launch. Recruit said the reason it backed the firm was because Beam provides a blockchain that prevents the exposure of transaction data to third parties, thus protecting user’s information.

“BitGo’s Crypto Insurance” Blockchain security firm and crypto wallet service BitGo has revealed plans to offer crypto insurance through Lloyd’s of London. BitGo Business Wallet clients will be able to acquire insurance for their digital assets held on BitGo’s Business Wallet service and Custodial offering. Assets held by either BitGo or BitGo Trust Company can insured for up to $100 million by global insurance and reinsurance market Lloyd’s.

“Crypto > Stocks” Nearly half of millennial traders have more trust in digital currency exchanges than in US stock market exchanges. Data regarding millennial investment attitudes was collected in a new study from investment platform eToro and published yesterday. As per the report, 43% of the surveyed millenial online traders demonstrate less trust in the traditional stock market, while having more faith in cryptocurrency exchanges. 93% of millennial cryptocurrency traders reportedly said that they would invest more in digital currency if traditional financial institutions proposed such an option.

“More Crypto Derivative Pairs”Malta-based cryptocurrency exchange OKEx has added four new crypto derivative pairs to its platform. OKEx, the third-largest crypto exchange by trade volume, has announced the listing of BSV, QTUM, DASH and NEO against BTC and Tether on margin with a 3x leverage option. The digital asset exchange OKEx had earlier launched a derivative product, dubbed a “perpetual swap,” that supports BTC/USD with up to 100x leverage.

Crypto Twitter Pick

What We’re Reading / Listening To

Superfluid Collateral in Open Finance by Dan Elitzer

What Grinds My Gears: Crypto Cartels


Satoshi&Co Daily Crypto Newsletter

By Ramani Ramachandran and Rohit Alluri

ZPX - Daily Crypto Update