If 2017 taught the cryptosphere anything, it gave it a lesson in security. The sheer number of hacks throughout the year–and the millions of dollars in coins stolen as a result–sent a clear message: cryptocurrency trading needs a makeover.
The foundation for this makeover? Decentralized exchanges.
2017 will likely go down as the year that put crypto on the map. With attention, however, comes vulnerability, and the same year that saw crypto prosper was the same year that drove it into the hands of malicious individuals.
More than a dozen separate attacks occurred throughout the course of the year. From exchanges to wallet services to ICO funds, hackers feasted on system vulnerabilities. Factoring in current market prices, the total value of the year’s stolen funds is somewhere in the ballpark of $500mln. This figure doesn’t even accommodate pre-2017 hackings, which includes Bitfinex and Bitstamp, among others, and the infamous Mt. Gox breach that drove the market into hibernation. Add these to the tally and over $12.5bln worth of cryptocurrency has been filched over the years.
In the thick of the trouble, wallets have had their fair share of run-ins. Back in July, hackers compromised Parity, a popular Ethereum multisignature wallet, running off with 153,000 ETH (worth nearly $200mln at its current exchange rate). In November, a Tether treasury wallet lost $31mln to an attacker linked to a 2015 Bitstamp exchange hack.
Overall, however, cryptocurrency exchanges bore the brunt of malicious actors in 2017, and South Korean exchanges in particular were on hackers’ hit lists. Youbit, formerly known as Yapizon, lost 3,816 Bitcoin in April of 2017. Valued $5mln at the time of the hack, the total cost of this attack now tops $50mln. To make matters worse, Youbit was hit again in December, forcing it to file for bankruptcy after losing 17% of its funds. further, in July, news broke that 30,000 user accounts on Bithumb, South Korea’s largest exchange, were exposed in a data breach that left billions of won stolen. In current market prices, customers suffered a collective loss of at least $10mln.
All of these compromised exchanges–Bitstamp, Bitfinex, Youbit, Bithtumb–are centralized. This is nothing out of the ordinary, as most all major exchanges are centralized. There are obvious reasons for this, the most apparent being convenience, but these reasonings often overlook security concerns.
When an exchange is centralized, this centralization comes in two forms: asset control and system management. With asset control, exchanges operate much like trusted institutions such as banks; when you use a centralized exchange, you agree to let the exchange hold your funds and private for you until you wish to withdraw your currency. Exchanges will often hold customer funds in a hot wallet reserve (online) and cold wallet reserve (offline).
The other form of centralization refers to how an exchange stores its data and the infrastructure it uses to support itself. Larger exchanges have to outsource server space, often to cloud services, in order to accommodate website traffic, and this usually means that hosting servers are allocated in a single source.
Starting to get the picture? If a hacker wants to hit a centralized exchange, they need only to go through a central entryway, usually a third-party hosting server. Once in, the hacker then has access to a central source of funding, the exchange’s hot wallet reserve and private keys.
Of course, major exchanges have a number of security features in place to insulate themselves against malicious actors. But as precedent has shown, these measures don’t always go far enough.
This is why we need decentralized exchanges. They pick up the slack that centralized exchanges, because of their inherent design, can’t. As such, decentralized exchanges (DEXs, for short) offer a number of enhanced security benefits.
Unlike their centralized counterparts, DEXs are not controlled by a single entity. The domain server that people access to use the exchange is centralized, of course, but no one entity controls the marketplace, nor is the exchange supported by a single server.
As they currently stand, most decentralized exchanges are built on the Ethereum blockchain and are supported by a network of nodes rather than a centralized server. This means that an attacker would have to compromise half of the nodes that support an exchange to control it, a practically impossible feat.
Since there is no one entity that owns a DEX, there is no central hub that controls user funds. Decentralized exchanges are trustless, meaning users are always in control of their assets and all trades are peer-to-peer.
To accomplish this, DEXs manage currencies using Ethereum-powered smart contracts. Once funds are locked into a smart contract, only someone with the corresponding private keys can touch the funds. Under a centralized system, you relinquish your private keys, and they are all pooled into a single ledger that reflects the exchange’s hot wallet reserve. If a hacker gets its hands on these keys, your funds can be swept away. Under a decentralized system, you’re always in control of your own private keys, and so long as you don’t reveal them to a malicious third party, your assets are safe in a DEX’s smart contract.
This is perhaps the biggest benefit a DEX has to offer. Most decentralized exchanges, such as Ether Delta and IDEX, can sync up with the Ledger Nano S or Trezor hardware wallets. Alongside cold storage, hardware wallets are the safest options for storing and managing personal funds, as they are impervious to the same malware that can compromise software wallets. Using a hardware wallet compliant DEX, you can plug in your Ledger or Trezor and send funds directly into the exchange’s smart contracts. This is preferable to manually entering your private keys, as manual entry is vulnerable to phishing and keylogging attacks.
While they’re a better option than more popular centralized options, decentralized exchanges, as they currently operate, are far from perfect.
As EtherDelta taught us last December, they’re still prone to phishing attacks through the exchange’s domain name server. Still, as I argue here, the security features inherent to the exchange minimized the damage done. Accounts that used Meta Mask or Ledger to manage funds were completely safe even if they used the fake site, and if you never revealed your private keys on the fraudulent domain, your coins were safe in their smart contracts. By today’s rates, over $500,000 worth of funds were nabbed, and while this number isn’t laughable, it’s much less than we’ve seen stolen through centralized exchanges.
To continue with DEX downsides, there’s a reason centralized exchanges are more popular: they’re easier to use. Newcomers may get frustrated with the maze of smart contracts they must navigate to begin trading. Sure, you don’t have to sign up or get verified to use a DEX, but you have to transfer funds back and forth from your personal wallet to an exchange wallet every time you want to trade. You’re also at the mercy of the Ethereum network everytime you want to move funds or make a trade. If the network is congested, you may face, at best, higher transaction fees or, at worst, a buggy, unresponsive trading system.
There are a number of projects looking to ameliorate these issues. 0x, for example, is implementing an off-chain ordering system in conjunction with an on-chain trading system. In theory, this will give the DEX the quick order matching system of a centralized exchange without sacrificing security. Blocknet is another DEX that hopes to bring cross change atomic swaps to streamline decentralized trading and make it even more secure.
I believe decentralized exchanging will be the future of cryptocurrency trading, as it is necessary for the ecosystem’s financial health and future survival. Hopefully, 2018 will bring a slew of innovations for this unrefined system, and hopefully, these innovations will help to mend the losses suffered under the current centralized standard.
Featured image from Shutterstock.
Last modified (UTC): January 21, 2018 18:53