This year, several exchanges — including HitBTC, ProofIO, and RobinHood — froze account transactions ahead of the expected withdrawal rush, proving the point in the eyes of the pro-decentralization community. Skeptics, on the other hand, have pointed out not only that freezing accounts is typical for exchanges as part of AML and KYC procedures, but also that there is a conflict of interest involved; Meyers is a prime investor in Armory, a cryptocurrency wallet — and thus, he has a vested interest in the exchange vs. wallet war for customer cryptocurrency key control.
The Unbound CASP team works closely with exchanges to help secure cryptocurrencies. In light of increased debate over exchanges’ control over clients’ crypto-assets and the ongoing schism between the pro- and anti-centralization camps in the cryptocurrency world, we’d like to provide insight on what security measures exchanges can take to reduce risk of hacks — and one way to secure assets while also giving a measure of client control.
But to understand that, we need to understand how exchanges hold keys to begin with.
How Do Exchanges Hold Keys?
Like traditional banks that hold multiple account holders’ currency in one place, crypto exchanges typically hold assets from multiple accounts in a single, higher-level wallet which aggregates the funds for multiple customers (the co-wallet strategy).
In essence, the exchanges are the entity which truly holds the client assets; what the clients hold are means of access to their accounts — a password, two-factor authentication, biometric authentication, or other identifiers which verify them as account holders. Exchanges, meanwhile, hold the keys to two types of wallets; “hot wallets” (typically up to 5% of funds) used to fulfill customer deposit and withdrawal orders — and offline “cold wallets” which hold the remainder of the funds deposited to the exchange.
As such, “Proof of Keys” functions as both quality control for the exchanges, and a mass litmus test of the cryptocurrency investor landscape. Whether exchanges are ready to allow mass withdrawals (i.e. whether they freeze accounts ahead of, or in response to, PoK) tests their willingness to cede control to the customer — at least, PoK supporters claim. But the level of participation in PoK itself tests whether the cryptocurrency investor population is willing to break free of the mindset of the traditional financial system, which keeps assets by and large in exchanges, and to a new era — one with assets more readily available to the consumer.
Building Confidence with Security
Exchanges — both fiat and crypto-native — are not going away any time soon. But with the majority of cryptocurrency hacks in 2018 being from exchanges — and pressure piling on to provide clients with more control, and greater security — what can an exchange do to move ahead of the curve of public opinion?
The first step is to take measures to protect the private keys for the crypto-assets held by the exchange — specifically for hot wallets, which are connected to the Internet and therefore exposed. Multi-sig, arguably the trendiest option at the moment, provides high security than single-signature authorization — although there are limits, such as extensive customization needed to add additional ledgers to an existing multi-sig scheme. Exchanges looking to move beyond multi-sig in securing client assets will be able to provide bank-grade security to their clients without compromising on speed, asset access, or TCO. Secure multi-party computation (MPC)-based solutions (enable exchanges to reduce risk of attacks that result in theft from the exchanges (i.e. compromising the exchanges’ wallets) by protecting their private keys. And while consumers do not gain direct control through these new security methods, they can rest assured — first and foremost — that their assets are secured with the most cutting-edge and most cryptographically-enforced solution on the market.
A Happy Medium
But to really meet clients halfway, exchanges do have another option: allowing customers to hold their own wallets, and then using an MPC-based solution to secure private keys for individual consumers’ wallets by splitting them between the consumer and the exchange. Such a solution ensures that keys are not fully held in one place by the consumer, and allows the exchange to implement advanced, cryptographically enforced quorum authorization policies (i.e. requiring not just m-of-n authorizations for a transaction, but m-of-n + m-of-n authorization).
This method allows consumers to benefit from the institution’s services while maintaining full control over their assets, and safeguards private keys rather than giving the consumers sole responsibility for this protection.
For wallet providers — the path is already clear — and there are even open-source options available to experiment with two-party MPC for crypto-asset keys. For exchanges, time will tell if the exchange model will catch up to a financial system and a public mindset that are focused on privacy over primacy.