The cryptocurrency ecosystem has been time and again under major hacks which not only resulted in losses running into millions of dollars but greatly hampers trust of the users in this emerging industry.
This year alone major cryptocurrency exchanges including Gatecoin, ShapeShift and recently Bitfinex were hacked. In addition, the Ethereum community came under a major attack with the DAO hack which sent Ether price plummeting.
The cryptocurrency ecosystem is at a nascent stage and therefore susceptible to such attacks. Emin Gün Sirer, hacker and professor at Cornell, says that the nice thing about robbing a Bitcoin exchange is that it is fairly clean. The question arises that what more could be done so that such calamities could be averted.
Sirer has proposed solution which involves a specially-marked cold storage account – vaults. For making online payments, funds would be required to move out of the vault to a regular wallet, a process which would take, say, a day. These vaults come with two keys – one key is used to unlock the vault and move funds to a regular wallet and the other one – a recovery key – is used when a user notices that funds were hacked and moved out of the vault by a hacker. Users can then use the recovery key to undo the hack, Sirer said, adding that they will have 24 hours to notice and launch the recovery and get back all the funds.
“Further, the nice thing about vaults, of course, is that they work even if the theft resulted from an exit scam or insider attack. In fact, they make them less likely”, Sirer said.
Speaking on the recent Bitfinex hack, Lucas Cervigni, Managing Director of Agentic UK noted that the attack was not on a wallet device, but a large-scale institution that has many users. Agentic UK is a subsidiary Agentic Group LLC, a global membership-based consortium of Blockchain, Digital Currency and related companies providing education, consulting and development services for businesses, governments and nonprofits.
“I would strongly urge that cryptocurrency companies encourage their user base to use private bitcoin wallets and to only expose their assets when there is a need to exchange currencies. In addition, companies should never keep the wallet number of their customers so that information remains private and secure”, Cervigni said. “Incidents like this do cause short term effects like a drop in value or users migrating to other exchanges but Bitcoin has been the highest performing currency in both 2015 and 2016 so I have no doubt that the price will surge again”.