When the first cryptocurrency exchanges sprung up in late 2010, multisig wallets had yet to be invented. As a result, a single private key was commonly used to control all customer funds. Today, multisig has been complemented by sophisticated solutions such as Unbound Tech’s CASP, which uses secure multi-party computation. Despite these innovations, many exchanges have been slow to adapt, and are still using outdated tools to control billions of dollars of customer funds.
From Single Key to Multi Key
When Mark Karpeles sent 442,000 BTC between Mt. Gox wallets in 2011, purely to show that he could, it demonstrated the dangers of single key custody. Having one individual in charge of thousands of customers’ assets was a recipe for disaster. On that occasion, the transaction passed off without a hitch, but four months later the Gox boss was to lose 2,609 BTC due to a scripting error. The dangers of relying on one man were further reinforced in 2018 when Quadriga CEO Gerald Cotten died, taking his private keys with him, and leaving 115,000 customers out of pocket.
Crypto exchange custody has come a long way since the days of Mt. Gox, but as the fate of Quadriga, Mt. Gox and their ilk shows, there’s still room for improvement. Hot and cold wallet management remains a delicate balancing act for exchanges, which require the liquidity to expeditiously process customer withdrawals, while minimizing risk in the event of the hot wallet being hacked.
The year after Mark Karpeles lost a week’s profits through a scripting error, BIP16 was introduced to Bitcoin, enabling P2SH (pay-to-script-hash) whereby coins could be sent to a script that contained specific spending conditions. As a result, it was possible to create wallets that required more than one private key to spend the funds. For example, a 3-of-5 multisig requires three of the five signatories associated with the script to sign the transaction with their private key for the funds to move.
Multisig was a major step towards securing the crypto exchanges that were now springing up as bitcoin’s value began to climb in 2013 and traders flocked to the cryptoconomy. Despite this innovation, however, exchange thefts proliferated. Multisig cannot prevent exit scams from occurring; nor is it suited to protecting more complex crypto assets, such as monero. Moreover, with the emergence of smart contract-based networks, starting with Ethereum, more complex scripting capabilities added more vectors for hackers to exploit.
From Multisig to Multi-Party Computation
While many exchanges still rely on multisig to secure crypto assets, meticulous management is required to airgap cold wallets, as well as strict controls on how and when employees can sign transactions. The next major breakthrough in exchange custody came in the form of multi-party computation, popularized by tech developers such as Unbound Tech. The firm’s Crypto Asset Security Platform is designed to strike a balance between security and usability, and comes with the invocation to “Secure like it’s cold, transact like it’s hot.”
Secure multi-party computation (SMPC) is a branch of cryptography that enables multiple parties to jointly compute any function while keeping their respective inputs private, and is used to protect private keys and transactions for digital assets held by a custodian or exchange. It ensures that cryptographic keys never exist anywhere in complete form, and is more adaptable than multisig, as it can be deployed to protect a broader range of crypto assets. Similar technology is used by Zengo in its keyless crypto wallet that relies on “mathematical secret shares.”
The Future of Crypto Custody
Aside from the technological advancements that have been made in locking down custodied assets, there have been improvements in disclosure and communication, and the addition of failsafes that prevent wallets from being drained.
Disclosure: Pressure has been mounting on exchanges to prove they are solvent through disclosing balances on hand. There is no universal standard for doing so, however, and exchanges have been slow to adopt Proof of Solvency.
Communication: It is now common practice for exchanges to inform the public ahead of moving significant balances between cold wallets.
Insurance: A number of regulated exchanges, such as Gemini and Coinbase, have insurance to cover the assets in their care.
Failsafes: In addition to using airgapped vaults to secure private keys, conscientious exchanges have added safeguards such as timelocks, which prevent BTC wallets from being emptied before a certain block height, or which limit the maximum amount that can be withdrawn at one time.
Despite all of these improvements, 2019 saw a greater number of exchange hacks than ever, adding to the $11 billion that has been stolen from crypto exchanges to date. Custodial solutions may keep improving, but for so long as fallible humans are in charge of them, exchanges will remain vulnerable.
Do you think there will be more exchange hacks this year than in 2019? Let us know in the comments section below.
Images courtesy of Shutterstock.
Did you know you can verify any unconfirmed Bitcoin transaction with our Bitcoin Block Explorer tool? Simply complete a Bitcoin address search to view it on the blockchain. Plus, visit our Bitcoin Charts to see what’s happening in the industry.