From Single Key to Sophisticated Computation: The Evolution of Crypto Exchange Custody

From Single Key to Sophisticated Computation: The Evolution of Crypto Exchange Custody

When the first cryptocurrency exchanges sprung up in late 2010, multisig wallets had yet to be invented. As a result, a single private key was commonly used to control all customer funds. Today, multisig has been complemented by sophisticated solutions such as Unbound Tech’s CASP, which uses secure multi-party computation. Despite these innovations, many exchanges have been slow to adapt, and are still using outdated tools to control billions of dollars of customer funds.

Also read: Bitmain Unveils 2 Bitcoin Miners With Max Speeds Up to 110TH/s Per Unit From Single Key to Multi Key

When Mark Karpeles sent 442,000 BTCbetween Mt. Gox wallets in 2011, purely to show that he could, it demonstrated the dangers of single key custody. Having one individual in charge of thousands of customers’ assets was a recipe for disaster. On that occasion, the transaction passed off without a hitch, but four months later the Gox boss was to lose 2,609 BTCdue to a scripting error. The dangers of relying on one man were further reinforced in 2018 when Quadriga CEO Gerald Cotten died, taking his private keys with him, and leaving 115,000 customers out of pocket.

Crypto exchange custody has come a long way since the days of Mt. Gox, but as the fate of Quadriga, Mt. Gox and their ilk shows, there’s still room for improvement. Hot and cold wallet management remains a delicate balancing act for exchanges, which require the liquidity to expeditiously process customer withdrawals, while minimizing risk in the event of the hot wallet being hacked.

The year after Mark Karpeles lost a week’s profits through a scripting error, BIP16was introduced to Bitcoin, enabling P2SH (pay-to-script-hash) whereby coins could be sent to a script that contained specific spending conditions. As a result, it was possible to create wallets that required more than one private key to spend the funds. For example, a 3-of-5 multisig requires three of the five signatories associated with the script to sign the transaction with their private key for the funds to move.

Multisig was a major step towards securing the crypto exchanges that were now springing up as bitcoin’s value began to climb in 2013 and traders flocked to the cryptoconomy. Despite this innovation, however, exchange thefts proliferated. Multisig cannot prevent exit scams from occurring; nor is it suited to protecting more complex crypto assets, such as monero. Moreover, with the emergence of smart contract-based networks, starting with Ethereum, more complex scripting capabilities added more vectors for hackers to exploit.

From Multisig to Multi-Party Computation

While many exchanges still rely on multisig to secure crypto assets, meticulous management is required to airgap cold wallets, as well as strict controls on how and when employees can sign transactions. The next major breakthrough in exchange custody came in the form of multi-party computation, popularized by tech developers such as Unbound Tech. The firm’s Crypto Asset Security Platformis designed to strike a balance between security and usability, and comes with the invocation to “Secure like it’s cold, transact like it’s hot.”

Secure multi-party computation (SMPC) is a branch of cryptography that enables multiple parties to jointly compute any function while keeping their respective inputs private, and is used to protect private keys and transactions for digital assets held by a custodian or exchange. It ensures that cryptographic keys never exist anywhere in complete form, and is more adaptable than multisig, as it can be deployed to protect a broader range of crypto assets. Similar technology is used by Zengo in its keyless crypto walletthat relies on “mathematical secret shares.”

The Future of Crypto Custody

Aside from the technological advancements that have been made in locking down custodied assets, there have been improvements in disclosure and communication, and the addition of failsafes that prevent wallets from being drained.

Disclosure: Pressure has been mounting on exchanges to prove they are solvent through disclosing balances on hand. There is no universal standard for doing so, however, and exchanges have been slow to adopt Proof of Solvency.

Communication: It is now common practice for exchanges to inform the public ahead of moving significant balances between cold wallets.

Insurance: A number of regulated exchanges, such as Gemini and Coinbase, have insurance to cover the assets in their care.

Failsafes: In addition to using airgapped vaults to secure private keys, conscientious exchanges have added safeguards such as timelocks, which prevent BTC wallets from being emptied before a certain block height, or which limit the maximum amount that can be withdrawn at one time.

Despite all of these improvements, 2019 saw a greater number of exchange hacks than ever, adding to the $11 billion that has been stolen from crypto exchanges to date. Custodial solutions may keep improving, but for so long as fallible humans are in charge of them, exchanges will remain vulnerable.

Do you think there will be more exchange hacks this year than in 2019? Let us know in the comments section below.

Images courtesy of Shutterstock.

Did you know you can verify any unconfirmed Bitcoin transaction with our Bitcoin Block Explorer tool? Simply complete a Bitcoin address search to view it on the blockchain. Plus, visit our Bitcoin Chartsto see what’s happening in the industry. Share this story: Tags in this story Cold Storage, cold wallet, custodial, custody, Exchange, Hack, Insolvency, Mt Gox Related Bitcoin in INR: Binance, Wazirx, Cashaa, Zebpay Announce New Offers for India EXCHANGES | Kevin Helms

Several cryptocurrency exchanges in India have recently stepped up their offerings as they wait for the supreme court"s decision on… read more. Currency.com Accused of Exploiting KYC to Withhold Customer Funds EXCHANGES | Kai Sedgwick

Know Your Customer (KYC) and Know Your Transaction (KYT) are ostensibly deployed by exchanges to combat money laundering. In practice,… read more. Kai Sedgwick

Kai"s been manipulating words for a living since 2009 and bought his first bitcoin at $12. It"s long gone. He"s previously written whitepapers for blockchain startups and is especially interested in P2P exchanges and DNMs. Please enable JavaScript to view the comments powered by Disqus.