The Evolution Of Crypto Security: Searching For The Best Protection Against Online Threatsbr>
Ever since Bitcoin was created in 2009, cryptocurrencies have held the promise of building a fair and open financial system. Virtual coins were supposed to make it easy to send and receive money, doing away with the power of central banks, state regulators, and stock markets. And while the ‘crypto dream’ has gained considerable traction, there are serious obstacles on the road ahead.
For one, security remains an ongoing problem. Criminals have stolen $2.5 billion from crypto wallets in 2018, and this figure rose to over $4.5 billion in 2019, according to the blockchain forensics company CipherTrace. From Binance and Bitpoint to Bithumb and Electrum, malicious actors targeted both small and large wallets. And despite companies improving their technologies, security problems are only getting worse.
To understand how this challenge can be solved, we need to take a step back and look into how the crypto security solutions evolved, where are we now, and what security solutions could allow the industry to leap forward.
Security pitfalls of crypto exchanges and online wallets
Two innovations have fueled the rise of the crypto ecosystem in the past decade. The first one is the crypto exchange platforms that offer fiat-to-crypto and crypto-to-crypto exchange services. The second innovation is online wallets, also known as hot wallets. Accessed through a mobile app or browser extension, these systems create a private-public key pair that allows users to manage their digital coins.
The two inventions enabled millions of individuals to store, move, and trade their crypto money easily. But as with all things that go online, exchanges and online wallets eventually fell prey to hackers who keep finding their way even into the most protected networks.
What made this problem worse are various security and operational pitfalls. Exchanges, for instance, only share public keys with their users, while private keys are stored in various ways that are still opening them up to potential theft. This not only contradicts the decentralized nature of blockchain, a technology that underpins cryptocurrencies, but without private keys, users don’t really own their funds. Furthermore, exchanges are not only getting hacked and funds siphoned away, but some of them simply disappear in what many presume are pre-planned frauds, commonly referred to as “exit scams”.
Online wallets aren’t much safer either. Like exchanges, they’re also accessed online and users are vulnerable to phishing, screen scraping, Trojan horses, and many other types of attacks. Another issue is that users have no control over the key generation process. A private key is displayed on the screen, leaving wallets exposed to hackers, and there’s no guarantee that the platform itself isn’t keeping track of all the generated codes. And users back up their keys either on computers or offline on a piece of paper, neither of which is an ideal method.
To tackle this challenge, crypto enthusiasts came up with another option – hardware wallet technology. But could this be a solution the community needs?
Hardware wallets are a better, yet flawed alternative
Hardware wallets are currently the best crypto security solution money can buy. These electronic devices generate a private-public key offline and sign transactions without ever exposing the private key during the process. But they, too, have security weaknesses.
Malicious actors can execute middle-man attacks in which a party in the supply chain can reprogram the wallet to direct coins to another blockchain address. Moreover, hardware wallets generate keys in a take-it-or-leave-it fashion. There’s no guarantee that each key isn’t stored in a database or that the chip used for key generation isn’t compromised with third-party backdoors.
These wallets initially need to connect to an internet-connected device to become functional, which exposes them to online attack vectors. And many hardware wallets offer merely a piece of paper as a back-up option. So it comes as no surprise that few if any companies offer end-to-end services that cover instances when the device fails, the back-up is lost, an owner passes away, and more.
Secure multi-party computation is still a mostly experimental technology, where private keys can be split into separate portions, encrypted, and distributed among different parties or servers to remove the single point of weakness. Moreover, where traditional cryptography protects from adversary parties outside of the communication channel (known as “eavesdroppers”), MPC aims to protect against malicious actors on the inside. MPC and similar related cryptographic protocols such as Threshold Signature Schemes (TSS) are very powerful in theory and on paper, yet can prove very fragile in practice and a lot of advances are still to be made.
Ways to improve hardware wallets
Notwithstanding their security flaws, hardware wallets remain our best chance to protect crypto funds. But for this technology to fulfil its potential, there are several key features it needs to embrace.
First, devices should never have an online touchpoint. Their security is compromised the moment they directly or indirectly connect to the internet through Wi-Fi, USB, or Bluetooth channels. The initial setup needs to be done differently. Then, hardware wallets have to be tamper-proof against physical attacks and 100% air-gapped. As the value of cryptocurrencies grows, an array of actors will be motivated to attempt middle-man attacks. Users are also demanding better back-up and recovery options. Like any other asset, digital coins should be recoverable and inheritable, and this need can no longer be ignored.
Providing security solutions users demand
The existing crypto innovations have gotten us this far. They deliver a certain degree of stability, trust, and growth in the otherwise volatile global economy. But moving forward, the crypto world needs new technological leaps. Robust security improvements and advanced hardware wallet technologies must put an end to, or at least significantly limit, crypto hacks. And this is no time for half measures. Crypto enthusiasts deserve to enjoy end-to-end solutions that offer protection and full ownership of digital assets.