What bitcoin exchanges can learn from the ShapeShift hack

What bitcoin exchanges can learn from the ShapeShift hack

When it comes to swapping coins, altcoin exchange ShapeShift has had a firm grasp on how to run a successful exchange over the past three years.

Launched in 2013, ShapeShift.io has been an exchange that has been focused on users who want to be able to swap or trade bitcoins or altcoins instantly, and be as friction-less as possible. Shapeshift lets users swap between many alternate currencies, for example a bitcoin user could sell his bitcoins for ether easily and quickly, or vice versa. ShapeShift isn’t a regular bitcoin exchange in the normal sense that most are used to; users cannot trade fiat currencies for bitcoin or altcoins, it’s all coin-to-coin.

The exchange is owned by bitcoin investor and entrepreneur Erik Voorhees, and also has investors such as Roger Ver and Barry Silbert. Unfortunately though for ShapeShift, due to their overwhelming success they were recently the target of a hack, where the attackers were able to walk away with $230,000 in total. It was actually more than one hack, over a short period of time where ShapeShift was targeted. The tale of the hackings and what happened was recently told by Voorhees in a captivating article, which lays out the entire story start to finish.

One of the main features of Shapeshift since the beginning has been that users can swap coins without registering an account, which means no user information is captured to even steal. No emails, no names, addresses, or passwords. This is what helps the exchange create a friction-less experience for users, which is not only fast for the user but keeps their privacy and security intact.

In the retelling of the story by Voorhees, he said,

“No customers lost money throughout multiple hacks orchestrated even by an insider. Through decentralization, through code, through innovation, through structure… consumer protection by design is one of this industry’s most important contributions to society – something that a century of legacy banking has failed to achieve, as noted by Satoshi’s infamous line in the Genesis Block.”

A learning experience for bitcoin exchanges

However, for bitcoin exchanges ever since the beginning, this hasn’t been the case. Bitcoin exchanges in and of themselves are a centralized third party, that you as the bitcoin user must trust, as you need to send them your fiat currency in exchange for bitcoin. For the most part, this means entrusting them with all of your private and personal information, as most exchanges adhere to KYC and AML compliance regulations. Not only is your email and password stored with them, but also your private information.

Bitcoin exchanges have been under constant attack ever since bitcoin was established as a store of value. Many bitcoin exchanges have been hacked, with an unprecedented number of hacks in recent times. If you’re a bitcoin exchange, there is a hacker out there that is or will be targeting you and your platform in order to try to hack it for data, for bitcoin, or for both.

In order for your private and personal information to be secure from hackers, the data shouldn’t be there in the first place to be stolen. If it doesn’t exist, there is nothing to steal.

Zero knowledge platforms are the next evolution of bitcoin

Having zero knowledge of your customer’s data makes you less of a target than an exchange or bitcoin wallet that does. In addition, if you are hacked, you can rest assured that no customer data is compromised if you never capture it to begin with.

Zero knowledge systems and services are going to be the next innovation in this space. There are a few companies that are already doing this, for example bitcoin exchange Bitsquare is set to launch this week, where there is no centralized bitcoin exchange in the middle which captures customer data. This removes any chance of a third party hacking and stealing your information.

Bitcoin wallets are starting to do this as well, for example Airbitz is a bitcoin wallet that performs a one-way encryption on a user’s device data before it’s even sent to the network or servers. This means any data sent from the user’s device cannot be decrypted and that Airbitz knows nothing about the user, so if the data were to be compromised at any time it would be useless to a hacker.

Will bitcoin exchanges be able to accomplish zero knowledge in it’s current state? With bank and government regulations, it’s not completely possible when dealing with fiat currencies yet. Future exchanges may be able to though as the bitcoin space evolves and exchanges and wallets can learn, innovate and build from one another and past experiences which can help shape future zero knowledge systems.