Zero Outage and Security in Bitcoin Exchanges
In light of recent hackings of the biggest bitcoin exchanges, there has been a great issue regarding cybersecurity. In order to gain more insight into the subject we will now take a specific scope and focus on the security of bitcoins or as one may call it, Blockchain 1.0.
Bitcoin, the peer to peer electronic currency has recently gained such popularity which has driven the prices over $4,000. It is evident that with the growth in its price and circulation, it will become even more attractive to the dark web, leaving it more exposed to hackers.
Bithumb, Bitfinex and Mt. Gox are three major bitcoin exchanges which experienced the largest hackings within the industry. Keep in mind that apart from the accounts being compromised, customers have been breached of confidential information which leaves the exchange with a much greater cost…loyalty. I believe that the risk is always there, but how to deal with the aftermath plays an important role to decide the future outlook of your company. Putting a complete end to the issue is not possible, however, reducing the chances to 0.01% is a possibility.
At the Zero Outage Industry Standard (ZOIS), we put at the center People, Processes, Platforms and Security. Given that these incidents are related to at least one of the following, it would be interesting to take a closer look at the root causes.
On the 29th June 2017, Bithumb, the largest South Korean based Bitcoin exchange has experienced a detrimental hack. An employee computer was compromised which enabled them access to the information base of highly respective clients, and steal funds in the amounts of up to $800,000. This leads to the question of…how certified and qualified is the workforce within the company? Is there a training academy for security and quality standard that is adopted throughout the industry?
An important issue that major Blockchain based exchange, Bitfinex, have is the holding of confidential private keys, which essentially is the key to your account. It is usually recommended that this private key is kept away from any online database, best approach is to write it down physically and keep it stored in a vault or safe. In this case, the private keys were held online in databases which were vulnerable to cyber-attacks. Note, that your trade account is only as secure as your private key is, it is the only way to retrieve your account. Private keys tend to be trusted to the company as authorizations protocols, but whoever has access to this specific key can take advantage of this account. In May 2015, Bitfinex experienced a hack in the amount of approximately $66m dollars, equivalent to BTC 120,000 at the time. Leading up to the question, was this the best process to maximize our security? How can we produce more security-proof processes?
Mt. Gox, the world’s largest bitcoin exchange at the time, faced severe platform issues. The software at the time was in its early initial stages and could be overrun by colleagues working on the same documents. Also, any adjustments made to the source code had to be accepted by the CEO. These time delays may have led to small bugs and errors to develop into more serious concerns. This weak platform lead to such a disruptive hack which left the company to declare bankruptcy. A total of $460m or equivalent to BTC 850,000 at the time was reported to have been stolen from the exchange. It is crucial to prioritize the quality of your platform as this tends to be the heart of your service. The better and sophisticated the platform, the less the likelihood of a security breach.
At ZOIS, IT-security is at the center of attention. We believe the principles of ZO should be perfectly aligned with IT-based companies. Therefore, we have developed the Enterprise security architecture for reliable ICT services (ESARIS). The ESARIS which serves as a fundamental security standard throughout the company, may be just the approach Blockchain based exchanges may require. ESARIS provides a step-by-step security protocol ensuring the best practice of security for a company. Giving the opportunity to firms with less developed security standards to become introduced to quality industry level security procedures.Although it may seem that ESARIS as its current model is not completely matching to bitcoin exchanges, however, it can be adjusted in such a way making it adaptable for companies. Remember that with new technologies, and especially financial technologies, security will decide the fate of the innovation. Therefore, adopting a safe and high standard of security is one great way to secure the future of this exciting new technology.
By Max Djamgarian
The information contained in this document is contributed and shared as thought leadership in order to evolve the Zero Outage Best Practices. It represents the personal view of the author and not the view of the Zero Outage Industry Standard Association.