Billions of dollars flow into Staking activities, these security risks cannot be ignored

In the past two years, cryptocurrencies have experienced the longest-lasting bear market, and it is not surprising that anxious investors are eager to find other strategies to continue to make profits during the downturn. “Staking” (PoS mining) is one of the hot trends.


Staking: A hot new trend in cryptocurrency investments

Staking refers to the fact that investors deposit the tokens they hold into a designated digital cryptocurrency wallet to verify transactions in the blockchain network. This process will generate new coins as a reward, increasing the amount of money held by investors.

Although similar to traditional bank interest-bearing accounts, the Prosperity Proof (PoS) process can generate a large amount of returns, depending on the currency and the amount of money held. A recent report said that in the PoS cryptocurrency system, the amount of funds pledged reached $4 billion.

Take Ethereum as an example. After birth, it is based on the blockchain of Workload Proof (PoW). Today, developers of the project are developing a PoS system that allows holders to deliver new services to Ethereum-based applications, allowing them to earn more tokens while building a community.

From the point of view of mining, Staking's transaction verification method is different, but its appeal is obvious. Last year, many mainstream cryptocurrencies fell more than 80%, while Staking tried to provide investors with a new game of “safe investment” and “long-term holding”.

Staking has 3 security risks

But Staking is not safe. On the contrary, it brings a series of new problems. There have been many reports pointing out the risks involved, but the main concern is financial risks. This is not the only thing that will make Staker (the person involved in Staking) unable to sleep at night. In addition to price fluctuations or the long-term development of cryptocurrencies, there are significant security risks, and most people are completely unaware of this. In fact, this threat comes from the increasingly serious problems of the entire cryptocurrency ecosystem: hacking, theft and data breaches.

In many ways, some people think that the safety of the blockchain ecology seems to be taken for granted. However, we continue to see attacks related to blockchains. In fact, Staking has introduced a number of security issues that have not been properly addressed so far. The following are some of the security risks that Staking may have.

Risk 1: The computer used as Staking needs to stay online

Normally, Staking requires the computer to stay online. This exposes the stoker's IP address and introduces the possibility of being hacked.

Once a computer is attacked, the hacker will immediately lock the stoker's private key, which will greatly increase the risk of money theft. In this case, Staking and PoW mining are completely different. In a PoW network, nodes can mine without the need to provide a private key, and the private key can be safely placed in the ice wallet. But in many Staking networks, the private key must be online.

Because hackers have the ability to collect IP addresses and other metadata, such as frozen amounts. Just like Staker puts cash at the window, the front door may be locked, but can this stop a determined thief?

Risk 2: The risk of the Staking pool being attacked

In addition, we also saw the emergence of the Staking pool, which can be used to manage Staker's funds.

However, this means that you need to trust the maintainer of the Staking pool. But such a pool of centrally managed funds is often vulnerable.

Even large enterprises such as Yahoo and eBay deploying professional security teams will be attacked. How can the security of the Staking pool be guaranteed?

Risk 3: The more transactions, the higher the risk of losing money and personal data

Decred is an example, the process of Staking can be done through the "always on" mode or the Staking pool. However, there may be security issues even if you do not need to stay online. The more transactions, the higher the risk of exposure to computers, IP addresses, and usage.

Even Particl (the concept of cold staking hardware recently introduced) recognizes:

Regardless of how secure the Staking process is, users still need to trade to spend or sell their Staking rewards or set up reorganizations. This means that the private key will still be exposed in plain text, even for a short period of time.

Staking rewards and security I want, what should I do?

So, is there any way to reduce the possibility of Staking transactions exposing IP addresses, locations and data? Historically, this is a tricky issue, because the tools and underlying network knowledge needed to properly blur traffic information is difficult to obtain.

Some people solve this problem by setting up a VPN proxy, but VPNs are notoriously complex, and even a wrong configuration can lead to security issues.

A blockchain-based relay network may provide a better solution. Rather than setting up your own VPN or trusting a third party, it's better to confuse the source of the transaction and always encrypt the data through internal hops. The key is to build your own small relay network that can proxy traffic to multiple servers around the world. This process is becoming easier with the power of high-quality, open source blockchains and peer-to-peer networks.

Imagine if you have 10 nodes, one of which is protected by a firewall (never publicly visible), while the other 9 nodes act as relay nodes, transferring data back and forth between servers. If your main server is in Russia, then this configuration looks like you are broadcasting there.

Furthermore, if you use multiple servers and have traffic from multiple nodes with little chance of tracking the location of the server, then the confusion of the transaction will be more successful. It's a bit like having your own TOR network, but the main difference is that you can control your own nodes. Of course, the speed of the TOR network is notoriously slow.

Today, even the most complex confusing topology is built, and it's made easy by the emergence of some emerging blockchain projects. If you're thinking about starting Staking, there's no reason not to research them.

The point is that everyone should understand the security threats of Staking. Blockchains are considered unbreakable, and sophisticated hackers will be discovered in a short period of time. This is almost a satire on human nature. People become paralyzed only when a large amount of money is exposed to danger. The key is that we are one step ahead as a regular user.