Tackling the crypto exchange hacking problem

Terence Zimwara

Regular reports of crypto exchanges getting hacked are increasingly becoming a real worry for those hoping to see the widespread use of crypto-currencies. Hackers are primarily targeting crypto exchanges although they are also known to target individual wallets.

Just like a bank robbery, hacking of an exchange is particularly rewarding for these high tech thieves. In essence, an exchange acts as a ‘vault’ for multiple wallets or private keys, therefore successfully breaking in means the score will be greater than attacking individual wallets. Hackers are known to have made off with millions of dollars in clients’ funds each time they target crypto exchanges.

For example, according to a UK financial services watchdog the Financial Conduct Authority (FCA), in the first half of 2018 alone, $731 million worth of cryptos were stolen from exchanges. This included $500 million from a hack on the Coincheck exchange and $40 million from a hack on the Coinrail exchange. By October 2018, hacking of exchanges increased to $927 million. The problem is quite significant relative to the size of this fledging market.

Perhaps the only small consolation is the fact hackers are only targeting private keys, they are not attacking the crypto-currencies themselves. This once again underlines the efficacy of Bitcoin and alt-coins, that these currencies are immutable and that there is no incentive for hackers to cripple this innovation.

While the overriding concern of all crypto-currency businesses has been getting the message about this fintech across to the masses, resolving the scaling issues and regulatory uncertainty, there is a new challenge they must now grapple with. The question now is; how do you hasten widespread adoption of an innovation that is very vulnerable to hacking attacks? In fact, this may be a worry of not only potential users but of early adopters as well.

An impartial observer may conclude that the infrastructure supporting this technology is not secure enough to help build confidence when there are regular hacking reports. How do you convince folks who have worked hard all their life to convert their savings into cryptos when there is a high risk that all such funds will be stolen with little or no prospect of recovery?

Given this current state of affairs, it is plausible to conclude that many will prefer to keep savings in bank accounts where they are ‘safe’ than in the form of Bitcoin, which is susceptible to hacking!

It is on this issue that the entire crypto-currency community need to seriously self introspect. How can they collectively work nip this problem in bud before it gets even worse? Of course, if everyone listened to Andreas Antonopoulos, a prominent Bitcoin supporter, by keeping funds away from exchanges, then the problem would not be as big as it is today.

However, in fairness, the whole crypto business is a very complex one, without crypto exchanges or similar intermediaries, this market would not have grown to current levels. Asking a non-IT person to suddenly start understanding the complexities of crypto-currencies will be asking too much, they do not have the time for that. Therefore the use of ‘trusted’ intermediaries remains inevitable if the dream of greater adoption is to be achieved. Indeed for hardcore advocates of a decentralized system, this might be a bitter pill to swallow. However, just like medicine, it may have a bitter taste but it gets the job done, crypto exchanges or intermediaries might be seen as a deviation from the peer to peer principle but they do help get the job done ultimately.

Thus for now crypto exchange businesses and custodial wallet providers need to be supported by all crypto-currency issuers for the mutual benefit of all. Sadly as it stands now, the fragmented crypto community is failing to come up with a united response to the hacking problem, individual players are working silos when attempting to combat this threat. Some insist on making or improving security features of storage devices or wallets as the best way of dealing with the hacking problem but others believe solving the problem at crypto exchange level will yield better results.

It goes without saying that compromises will have to be made if progress is to be made on this front. A balance will have to be struck between user security concerns on one hand and the Utopian ideals of crypto-currencies on the other. For those that wish to see decentralized cryptos’ domination of the market continuing, now is the time to consider such compromises before well funded players enter the market.

Failing this, there is every chance that well resourced and bigger players like Facebook and its partners will seize on this, by rewriting the rules and in the process obfuscate the original ideals of a privately issued currency. Until now, the laudable decentralization and permissionless features of crypto-currencies have been the unrivaled hallmarks of this great innovation but that may yet change.

To illustrate this point we look at the proposed Libra stablecoin and how this can potentially change the crypto-currency landscape. A glance at Libra’s whitepaper reveals that this stablecoin will start off as a permissioned Blockchain backed crypto with the possibility of it becoming permissionless eventually. However, Facebook and its partners may ultimately choose for it to remain permissioned a little longer as one way of assuaging and winning over skeptical politicians.

This means the much vaunted Libra stablecoin will not adhere to the fundamentals of a decentralized currency.

To compensate for this, the Libra Association members do have the infrastructure and the financial muscle that they can use to invest in making security features that make it difficult for hackers to target the Libra token. There is no doubt Facebook and its partners will see enhanced security features as one way of cancelling out the less desirable aspects of Libra and will thus work harder on this.

If potential users are more satisfied with Libra’s handling of the hacking challenge they will embrace it ahead of original cryptos. Apparently not everyone is sold to the idealism of crypto-currencies, security is more important for others.

Therefore it may not matter how much permissionless Blockchain supporters bleat, the world could well embrace Libra because it is scalable or due to its superior security features. If Libra succeeds, permissionless cryptos will find themselves behind in every measure; from user numbers, market capitalization, merchant embrace etc.  

Of course, the prospect of Libra taking a giant slice of the market from founding crypto-currencies is not entirely a bad thing. This market needs competition in order for it to continue improving and to be that better alternative to fiat money. However, when one player with ties to the old order becomes dominant, this will not augur well for the future of privately issued currencies.

Creators of pioneering crypto-currencies must be willing to embrace changes just as they have brought change to the way we see money. Adapting to changes will be key to survival for crypto-currencies that have dominated until now. Their survival will keep this market free from monopolies and their malpractices.