Nick Chong · 23 hours ago · 2 min read
Answering Vitalik Buterin’s 7 Hard Questions For the Blockchain World Part 3: Hacks, Security, and Theft
Ethereum co-founder Vitalik Buterin put forward a series of open questions to the cryptocurrency community in a recent discussion with Mars Finance International WeChat group, postulating seven issues present within the current blockchain ecosystem.
Buterin’s “hard questions for any blockchain people” deal with some of the biggest obstacles that stand between the current state of blockchain technology and widespread adoption, highlighting hashpower centralization, the lack of “useful” large-scale apps, the high frequency of hacks, dApp scalability and latency, issues with consensus methods, and the inefficiency of on-chain governance.
Earlier in this series, we addressed Buterin’s concerns with the current distribution of hashing power and the ongoing scalability problem.
In this multi-part series, we will attempt to answer each of Buterin’s seven questions.
Question 3: The Problem With Security
“Why are there not yet good solutions to account security? When will the problem of account hacks and thefts be solved?”
Cryptocurrencies allow users to “be their own bank,” removing control over assets from centralized third parties and into the hands of asset owners. While this offers a wide range of benefits, with absolute control comes absolute responsibility. Hacks, security exploits, and theft are a common occurrence within the cryptocurrency sector — large-scale hacks such as the Mt Gox disaster have become enshrined in the mythos of the blockchain revolution, permanently reshaping the cryptocurrency landscape.
In order to “solve” the issue of account security, it’s important to distinguish the vectors via which hacks and thefts are executed. In the current cryptocurrency ecosystem, hacks can be generalized into those that target third-party institutions that hold crypto assets on behalf of users, such as exchanges, and those that target individual users, such as malware, phishing, hacks, and even physical strong-arm robbery.
Both of these security flaws, however, can be linked to a core feature of cryptocurrencies — the manner in which wallets are managed with private keys.
The Centralized Platform Dilemma
The cryptocurrency market is currently a target-rich environment for hackers seeking to “decentralize” crypto holders away from their investments. A centralized exchange is a prime target for hackers — typically processing hundreds of millions of dollars worth of assets in one convenient centralized location.
The list of centralized platforms that have been compromised with the result of a total loss of investor capital is extensive. In total, almost 1 million Bitcoin — about 5% of the total amount of all Bitcoin ever to exist — have been lost the 2013 Silk Road hack, the 2014 Mt Gox, Cryptsy, and Mintpal hacks, the 2015 Bitstamp and Bter hacks, the 2016 Bitfinex hack, the 2017 Nicehash hack, and four hacks in 2018 — Coincheck, BitGrail, CoinSecure, and Coinrail.
It’s clear that centralized platforms are the largest security flaw in the cryptocurrency ecosystem — but there is a potential answer.
Decentralized exchanges, or DEXs, provide an alternative to centralized exchanges, providing traders with the ability to exchange assets without the need for centralized asset governance. While there are still a number of issues with decentralized exchanges, such as the manner in which they are decentralized and the way exchange liquidity is managed, they arguably already provide an effective solution.
User Security is the Responsibility of the User
The security level of any given cryptocurrency holders is entirely dictated by the effort and awareness of the holder. Cryptocurrency holders are targeted by a broad spectrum of hacking attempts, most of which attempt to capture private key data.
Some common attacks that target individual cryptocurrency holders include malware such as CryptoShuffler, a small program that replaces clipboard data with incorrect wallet addresses. By November 2017, CryptoShuffler captured over $140,000 in cryptocurrency by quietly replacing wallet addresses — a simple method that is easily overlooked by inattentive crypto investors and traders.
Other methods are more obvious — bots on popular messaging platform Slack commonly reach out to users to notify them of a “security flaw,” attempting to capture private key data. Email phishing another vector via which hackers attempt to defraud private key data from users.
More malicious hacking attempts include WPA “krack attacks” that compromise the security of wifi networks, allowing hackers to view all data transmitted via a WLAN. However, there is a method of storing cryptocurrency in a completely secure manner — hardware wallets.
Hardware wallets such as the Ledger series allow cryptocurrency holders to store and transmit cryptocurrency in a completely secure manner, with private key data kept entirely within the device itself. Ultimately, a “good solution” to the issue of account security already exists — the vigilance of the individual cryptocurrency holder.
You can find all the answers for our “Answering Vitalik Buterin’s 7 Hard Questions For the Blockchain World” series here:
- Part 1: Hashpower Centralization
- Part 2: The Scalability Barrier
- Part 3: Hacks, Security, and Theft
- Part 4: DApp Latency
- Part 5: Proof of Waste
- Part 6: Proof of Centralization
- Part 7: Fundamentally Flawed Governance