Remember: No Crypto Exchange is Bulletproof

in #cryptocurrency6 years ago

6d4b6597eb.jpg

On Jan. 28, Canada’s biggest cryptocurrency exchange, QuadrigaCX, suddenly went dark. At least $136 million in customer assets vanished under highly suspicious circumstances.

How was that possible? Here’s the scenario that’s being reported:

Founder and CEO Gerald Cotten abruptly gets married, changes his will, and flies to India in sole possession of private keys to the exchange’s offline crypto wallets.

A death certificate surfaces, saying Cotten died suddenly of Crohn’s disease. But Crohn’s disease is not normally fatal, and India is home to a thriving black market in high-quality fake documents, including death certificates.

Whether all this is true or not, the fact remains it was no ordinary hack. Typically, hackers attack from the outside; this one looks like it was the ultimate inside job.

Did Mr. Cotten secretly siphon off customer crypto to his own private wallets? To co-conspirators? We may never know for sure.

Still, this episode highlights two risks of doing business with cryptocurrency exchanges. The first is widely acknowledged in the industry. But almost nobody talks about the second.

Risk #1: No exchange can be 100% bulletproof against hackers
Every time a cryptocurrency exchange uses a private key for one of its wallets to accommodate a customer withdrawal, there’s a risk it could be compromised.

The risk is tiny, even infinitesimal. But it’s not zero. So, when you multiply that risk by millions of transactions, suddenly it’s not so tiny after all.

Robust security policies and procedures can greatly reduce the risk. But they can never extinguish it.

Reason: The process for withdrawing cryptocurrency from an exchange requires the use of a private key via an automated online process. That’s inherently risky.

Technology is always evolving, but clever hackers are perpetually on alert for new ways to score.

Security experts know that, no matter what they do, exchanges could ultimately be vulnerable to Risk #1. So as back-up plan, they normally keep only a small fraction of their total funds in the online wallets they use to transact with customers.

It’s like a neighborhood grocery store that keeps just enough change in the cash register to cover the business on an average day. The bulk of their money is moved offsite. In the crypto world, the equivalent mechanism is called “cold storage.”

Are cold storage wallets safer than online wallets? Sure. In-and-out transactions are less frequent. So, there are far fewer chances for private keys to be compromised. And, needless to say, if they’re not even connected to the internet, it’s much harder for hackers to gain access in the first place.

However, this solution to risk #1 can also create …

Risk #2: Too many exchanges are not audited.
There are a lot of exchanges in the world. If even just a handful don’t get audited, that’s too many. If there are more, that’s even worse.

Result: There’s no way to know how much crypto they have — not even how much they’re supposed to have. Sure, we know about some wallets that belong to exchanges, but the full picture is often not disclosed.

Here’s the issue in a nutshell:

The distributed ledgers that support cryptocurrencies are transparent and fully auditable. But once the assets are sent to an exchange, only the exchange staffers know how much they actually hold.

You’d think customers would demand more disclosure. But most are satisfied just so long as their transactions are executed efficiently, and they can get their crypto out on demand.

In the meantime, the opacity of exchanges can conceal a multitude of sins. This researcher claims Quadriga never even held the Bitcoin it supposedly lost and depended on inflows from new customers to cover withdrawal requests by existing customers.