Trustless Hackers 2019
By OAX Foundation on September 20, 2019
Going Trustless to Thwart Hackers
One of the factors which continues to discourage greater acceptance of digital assets is the steady cadence of hacking cases which maintain the notion of digital assets as risky and insecure. In all, since January, $4.26 billion in total has been stolen from cryptocurrency exchanges, investors and users. On exchanges alone, as recently as 19 July, a hack of Binance netted $40 million, while in the first six months of this year, there were seven hacks ranging from $5 million upwards.
Perhaps more damaging than these monetary losses is the impact hacks have on confidence in the exchanges and trading in digital assets themselves. Any exchange for trading financial assets requires users’ confidence to ensure growing liquidity, faith in prices, and certainty of execution and settlement. It’s a virtuous cycle which has fuelled the evolution of trading venues for centuries, over the long growth of centralized exchange models for assets from agricultural commodities to equities.
The London Stock Exchange’s motto says it all: Dictum Meum Pactum, or My Word is my Bond. In other words, the trust that needs to exist between the parties in a transaction is critical to its success. But the risk of hacking erodes that trust, and as a result greatly limits mainstream adoption of digital asset trading.
Nor are bad actors likely to go away - if anything, as crypto trading gains hold, temptation for hackers will grow in proportion with the increasing value of assets in play. This is particularly true for centralized exchanges and the large ‘honey pot’ of digital assets they create.
Many centralized exchanges have responded to this threat by creating compensation schemes, drawing on a percentage of deposited assets to fund repayment of users’ losses through hacking. While these schemes ensure users are protected from immediate loss, helping to shore up confidence, operators will feel the repercussions from a business perspective, while managing ongoing risks requires a high level of diligence to prevent repeated occurrences. It’s preferable to look at tackling the flaws in the underlying infrastructure to significantly mitigate the risk of hacks occurring in the first place.
A key vulnerability in many centralized exchange models is the need for users to deposit assets into the custody of the exchanges to enable efficient settlement of their trades. These funds are held by the exchanges as third-party custodian, often in a hot wallet, which defeats the principle of keeping assets on-chain to keep them safe and hackers have found these arrangements, which sit outside the users’ control, an effective gateway to access users’ assets.
The solution is to eliminate reliance on third parties. For example, by creating a way for dispute resolution to happen on-chain, OAX’s L2X protocol enables users to maintain control of their assets at all times without needing to put trust in third parties like custodians. In other words, we’ve made the process trustless.
During a trade, the atomic swap happens on the off-chain ledger, not on-chain, and users have final control over their funds through the dispute resolution process in the smart contract. A hacked or malicious operator therefore can’t steal users’ funds. We believe this approach tackles the issue of reliance on vulnerable third parties as well as issues of speed and scalability.
OAX doesn’t believe in never when it comes to hacking but the trustless L2X protocol removes a fundamental vulnerability and renders our model inherently safer. Having confidence in the exchange venues that create a marketplace is critical for digital assets to go mainstream, and minimizing the risk of hacking is critical for that confidence to emerge.