Cryptsy, Shapeshift, Gatecoin, Bitfinex.
What do all these exchanges have in common? More than 130,000 BTC ($73,818,875 at today’s prices) has collectively been stolen from them in 2016. Hacks and heists at bitcoin exchanges happen so often that it’s becoming less surprising when a new one takes place.
However, just because the routine has dulled the impact doesn’t mean it isn’t being felt. When a heist does happen, investors still face significant losses, negative news continues to drive away consumers and new pressures emerge for entrepreneurs looking to launch new products.
Jerry Brito, executive director of Coin Center, told CoinDesk that these sorts of events make his organization’s job harder. The non-profit cryptocurrency research and advocacy group, he said, is forced to explain the differences between a compromised intermediary and the security of the core network.
“Major hacks put pressure on consumer protection regulators who haven’t yet acted on digital currencies to do so, and that pressure can make them less receptive to arguments for a light touch approach.”
And with headlines suggesting that bitcoin itself is hacked, it can continue to be difficult for entrepreneurs and advocates to educate regulators.
Because of the immutable nature of bitcoin transactions, though, and the public nature of the blockchain, bitcoin continues to be an appealing target for hackers, scammers and criminals. Bitcoin’s blockchain makes it easy to track how much bitcoin is stored on any single exchange and almost impossible for these funds to be confiscated once they change hands.
Although that’s not to say there hasn’t been research conducted into how these issues could be resolved.
To help minimize the impact of these hacks, researchers Malte Möser, Ittay Eyal and Emin Gün Sirer have come up with a proposal called the “Bitcoin Vault” that they believe would make bitcoin heists more difficult.
Sirer told CoinDesk:
“Once criminals get the idea that they might not get away with thefts, we might see a reduction in bitcoin-targeting hacking attempts.”
Inside the vault
The proposal’s primary function is to give its users the ability to pull their bitcoin back in the event of a hack.
The way it works is actually straightforward: a user sets up a new address for storing bitcoin, which has been nicknamed “the vault”. This is an address like any other address, except for one difference: users cannot spend the bitcoins stored there quickly.
What a user gains by limiting the speed at which they can move these bitcoins is like a second key, which the team has called the “recovery key”. In case of a hack, the owner of the vault can essentially undo the transaction, reverting the bitcoins in question back to the owner.
When a user a decides they want to spend their bitcoin, they initiate a transfer. They then have to wait a predefined amount of time – set by the user at vault creation – for the bitcoin to become spendable.
It’s during this period that recovery key can be used.
Assume that a hacker gains access to the wallet and initiates the transfer of bitcoin. They’ll have to wait for the predefined time – which is different for each person – before they actually have access to the bitcoin.
So long as the victim uses their recovery key during that time, the hacker loses out on the bitcoin. And every time the hacker tries to initiate the transfer again, the user can use their recovery key, thus making it improbable that the hacker would gain access to the bitcoin.
The ability to reverse transactions, though, has bothered many of the technology’s enthusiasts, because bitcoin was specifically built not to allow transaction reversals.
The team behind the vault proposal has no issue with this. With their solution, while the bitcoins are in vaults, they cannot be spent. This prevents a user from buying something with a vaulted bitcoin, receiving the item and then reversing the transactions.
This will force users to first un-vault their bitcoin (waiting a specific amount of time), transfer the funds to a ‘hot wallet’ and then buy the goods.
But while this may sound like an easy way to prevent exchange thefts, the negative media articles and all the baggage that comes with these events mean implementing the proposal is not so simple.
Because bitcoin was built specifically without transaction reversals, its core software would need to be updated to accommodate the feature. Specifically, there would need to be an addition to the code called CheckOutputVerify.
In a blog post earlier this year, Eyal explained that while a soft fork could implement the change, maximum security would only be attainable through a hard fork. A soft fork, he said, wouldn’t be enough, as other means of coercion could be employed by those seeking to conduct illicit actions.
“The hacker that got Alice’s private key can bribe a miner to accept a high-fee vault-spending transaction that does not respect the covenant. The miner is motivated to accept the transaction, and then all other miners accept it, too.”
However, even if Bitcoin Core wanted to implement a hard fork for this purpose (a move that remains a sensitive subject in the community), there are simply not enough resources to do it.
Sirer said that he had exchanged a few messages with Greg Maxwell, one of the leading core developers, after issuing the proposal. The reality was that the team was swamped. While accepting the answer as reasonable, he argued that it was time for the Core team to start prioritizing security.
“It’s true that scalability is bitcoin’s Achilles’ heel, but Achilles had two heels, and so does bitcoin – scalability and security.”
The team is currently working on a pull request that they expect to submit in a few weeks. However, that is only the first step.
Not all are convinced that enacting this change to bitcoin’s code actually creates a safer environment as Sirer and team believe.
Eric Lombrozo, a Bitcoin Core developer and CEO of blockchain security company Ciphrex, said that the technical implementation would not be difficult. Utilizing a soft fork, the new codes could be easily added to bitcoin’s scripting language, he explained.
But, while he said the vault idea was interesting from an academic perspective, he argued that the change makes it far more complicated for a user to manage their bitcoin.
Lombrozo explained that a user goes from protecting their private keys to protecting a vault key and a recovery key. Further, they have to then constantly monitor the network to be aware of a hack and have counter-responses in place for when a heist occurs.
The main function of Bitcoin Core, Lombrozo said, is the validation and relay of transactions and blocks. The focus is on ensuring that the network and protocol as a whole are secure and not how to secure bitcoin at the application level.
“The best tools for securing your bitcoins are dedicated signing programs that run on dedicated hardware.”
The result is that both sides have hit an impasse in discussions.
Sirer is confident that, had Bitfinex been in a position to use vaults, it could have saved the exchange from losing millions in customers’ bitcoins. But, Lombrozo said that the Bitfinex heist could have also been easily avoided if they had the correct policy and procedure in place.
He explained that if these policies are built improperly, there can be loopholes or burdens that result in the account operators ignoring them.
“The weakest link in the chain is not the computers nor the crypto, but the people themselves.”
The same could now be said of those with the power to implement the proposal.
Currently, hacking a centralized exchange is an easy way for a talented hacker to walk away with hundreds, thousands, or in the case of Bitfinex, over 100,000 bitcoins. By implementing a vault for each of its users, Sirer and his team believe such events would be less likely to occur.
Yet, with Bitcoin Core focused on relaying transactions and blocks, the security of bitcoin firms will now rest with their creators and users, who will have to learn proper procedures, create better policies and improve personnel training.
Broken clock image via Shutterstock