Editor's Note: This article has been deleted without altering the author's original intention.
When the first cryptocurrency exchange appeared in late 2010, a multisig wallet was not yet invented. Therefore, it is common to use a single private key to control all customer funds. Multisig is now complemented by complex solutions. Despite innovation, many exchanges are adapting slowly and still using outdated tools to control billions of dollars in client funds.
- New Russian Prime Minister: New crypto currency tax likely to be adopted this spring
- The five most noteworthy aspects of the Facebook cryptocurrency white paper
- Why does cryptocurrency spread like a virus?
- The SEC filed a lawsuit against Kik, which may be a war between the cryptocurrency world and US regulators.
- Analysis of the market on June 20: The Fed’s inflation expectations are rising, and what is the mainstream currency market?
- Babbitt column | Investment opportunities in the secondary market are greater than the primary market
From single key to multisig
In 2011, Mark Karpeles sent 442,000 BTC between Mt. Gox wallets purely to prove that he could do it, which proves the danger of single key storage. One person responsible for the assets of thousands of customers is the root cause of the disaster. At that time, the transaction went smoothly, but four months later, the Mt. Gox boss lost 2,609 BTC due to a script error. In 2018, the death of Quadriga CEO Gerald Cotten and carrying his private key with him brought 115,000 customers out of pocket, further exacerbating the danger of relying on one person.
The escrow of cryptocurrency exchanges has come a long way since Mt. Gox, but there is still room for improvement. Hot and cold wallet management is still a delicate balancing act for exchanges, which requires the ability to process customer withdrawals quickly while minimizing the risk when hot wallets are hacked.
In the second year after Mark Karpeles lost a week of profit due to a script error, BIP16 was introduced to Bitcoin, enabling P2SH (Pay Per Script) to send coins to scripts containing specific spending conditions. Therefore, it is possible to create a wallet that requires multiple private keys to use funds. For example, three-fifths of multi-signature requires that three of the five signers associated with the script sign the transaction with their private key in order for the funds to flow. As the value of bitcoin started to climb in 2013 and traders flocked, cryptocurrency trading is on the rise. Despite this innovation, theft is increasing. Multisig cannot prevent fraud; it is also not suitable for protecting more complex crypto assets such as monero. In addition, with the rise of smart contract-based networks, starting with Ethereum, more complex scripting functions have provided more available carriers for hackers.
From multisig to multiparty computing
Although many exchanges still rely on multisig to protect crypto assets, they still need to be carefully managed to isolate cold wallets and strictly control how and when employees sign transactions. The next major breakthrough in exchange regulation is the emergence of multi-party computing, a technology that has been popularized by technology development teams such as Unbound Tech.
Secure Multiparty Computing (SMPC) is a branch of cryptography that enables multiple parties to jointly calculate any function while keeping their respective inputs private, and is used to protect the private keys and transactions of digital assets held by the custodian or exchange. It ensures that the encryption key will never exist anywhere in complete form and is more adaptable than multisig because it can be deployed to protect a wider range of crypto assets.
The future of cryptocurrency custody
In addition to the technological progress made in locking escrow assets, there have also been improvements in information disclosure and communications, and added fail-safe features to prevent the loss of wallets.
Disclosure: Exchanges are under increasing pressure to require them to prove their solvency by disclosing the balances on hand. However, there is no universal standard for doing so, so exchanges have been slow to adopt proof of solvency.
Communication: It is now common practice for exchanges to notify the public in advance to achieve a significant balance between cold wallets.
Insurance: Many regulated exchanges such as Gemini and Coinbase have insurance to cover the assets they manage.
Failure insurance: In addition to using air-tight vaults to protect private keys, serious and responsible exchanges have added protection measures such as time locks to prevent BTC wallets from being emptied before a certain block height, or restricted once The maximum number that can be extracted.
Despite these improvements, there are more exchange hacks in 2019 than ever, and regulatory solutions still need to be improved.
Do you think there will be more hacks on exchanges this year than in 2019?
Disclaimer: This article is translated from news.bitcoin.com's official website. If you need to reprint the content, please contact the official WeChat: BitcoinComChina, and mark the original link at the end of the article. Thank you for your support.