The blockchain is revered for its privacy and security-focused architectures. A blockchain’s cryptographic foundation theoretically creates a universally shared source of truth which allows individual to securely interact with another party via the ledger without knowledge of the other party’s identity.
Blockchain remains an innovative solution to the challenge of trustless digital interactions, but the crypto world has had to learn several hard truths about blockchain security since Satoshi Nakamoto’s 2008 paper.
A 2018 report found that hackers and thieves stole $1.1 billion in crypto during the first half of the year alone. That’s a healthy chunk of the roughly $255 billion crypto market at the time of the report–and an even bigger piece of the current market cap of approximately $130 billion.
So what happened to that $1.1 billion? It’s a pressing question, partially because security challenges impede broader deployment of blockchain solutions and higher crypto adoption rates. Cryptocurrency needs to get more secure before true mainstream adoption happens. Here are some of the most significant security problems crypto users face:
Around the same time as Carbon Black’s report, crypto security firm CipherTrace reported that about $731 million was stolen from crypto exchanges over the same period. That means you’re more likely to lose your crypto through exchange hacks than any other type of theft. One reason that exchange hacks are so common is because a majority of exchanges are centralized; this means that the exchange stores users’ deposited funds in a central location controlled by the exchange. When an exchange keeps their user’s funds in a central location, that location is referred to as a “hot wallet”–and hot wallets make prime targets for hackers.
Smart Contract Bugs
Smart contracts let developers code conditional actions directly into the blockchain which unlocks a vast array of uses for the technology.
The problem? Coding bugs in those smart contracts invite malicious activity or even accidental activity; for example, a hacker exploited smart contract bugs to steal about $24,000 from blockchain gambling platform DEOS games. A Parity wallet user accidentally–or deliberately, depending on who you ask–triggered a flaw in the wallet’s smart contracts, freezing $150 million in Ether. However, smart contract auditing can help reduce the risk of similar smart contract exploits.
Phishing is a common scourge in the world of cybersecurity–and cryptocurrency isn’t exempt. Phishers have deployed tactics such as making near-identical copies of legitimate crypto websites to steal login credentials and redirect crypto transfers, hacking ICOs and other projects to change wallet addresses, and even impersonating celebrities on Twitter to harvest tokens (resulting in Crypto leader Vitalik Buterin going by the handle “Vitalik Non-giver of Ether”).
The solution–as it tends to be in email phishing and other non-crypto phishing scams–may be robust security education; teaching new and older users alike to type URLs rather than clicking on easy-to-spoof links and double-checking websites and emails that may initially seem legitimate. Security tools such as Cyberfish or Coral can help users detect phishing websites and wallet addresses.
Pump-and-dump schemes aren’t the result of hacking like many other forms of crypto fraud, but that doesn’t make them any less damaging. A recent study from Imperial College London found that on average, at least two pump-and-dump schemes appear in the crypto market every day, creating a whopping $7 million in trading volume. In these schemes, which unfold similarly on the traditional stock market, a crypto user (or a collaborating group of them) creates plenty of positive hype around a token to drive its price up, and afterward, they sell their holdings off en masse, depreciating the token’s market value while reaping profits. The study’s authors recommend screening for pump-and-dumps by checking if a low-volume, low-market-cap crypto’s trade volume is unexpectedly and inexplicably highly active.
How Amplify is Making the Crypto World Safer
The numbers show that exchange hacks are one of the most pressing security challenges that plague blockchain technologies–and most of those hacks happen to centralized exchanges who process large transaction volumes in centralized locations.
That’s why we went with a hybrid distributed/decentralized exchange at Amplify; the distributed exchange grants users the speed and accessibility of a centralized exchange, and the Amplify Bridgechain creates a corresponding, decentralized blockchain version of the exchange–Amplify Decentralized. Transactions are added to the Amplify Bridgechain across a decentralized network of Amplify node operators, who are rewarded with AMPX tokens to processing transactions.
Decentralized exchanges are far more secure than their distributed/centralized counterparts. Hackers attacking the Amplify Exchange can’t just make off with the contents of one hot wallet, instead; they would have to strike a dispersed, resilient network of Amplify Nodes.
Although decentralized exchanges are great for security, decentralized exchanges tend to run slower and feature fewer trading pairs than centralized exchanges–but Amplify is looking to change that. Amplify Exchange aims to be the first decentralized exchange to implement 100+ altcoin-to-fiat conversions.
Blockchain security is a complicated issue, but at Amplify, we believe it’s a surmountable one. The blockchain and cryptocurrency industry needs more user-facing, security and privacy-focused tools to make the blockchain space safer for everyone, whether they’re experienced traders or new adopters. And at Amplify, that is what we are looking to provide.