In light of the recent events of two crypto-exchanges being hacked in less than 2 weeks, Ethereum World News managed to get the opinion of Dr. Robert Statica who shared his thoughts to our team. Dr. Statica is a cyber-defense, crypto, crypto-currrency, blockchain, Artificial Intelligence and technology expert, with over 25 years experience in both private and public sectors.
Dr. Robert Statica
The Q & A proceeded as follows:
Q: Perhaps we can start with your thoughts on the last two hacks…
A: After the latest hacking attack, the South Korean exchange Bithumb suspended all trading and moved the remaining crypto assets off line to cold storage. They will also cover the losses from their own money. While this is good news for the coin holders it doesn’t even come close to making the exchange more secure. More attacks will continue and the results will be devastating.
Similar for the Coinrail attack. Unsecured & centralized exchanges are a huge target and the barriers of entry for the hackers are quite low in technology, time and cost.
Others attacks like the 51% attack on ZenCash and the hacking of 500,000 computers that were used in a botnet mining pool attack for the Monero coin reflect both the weaknesses of the Blockchain protocol as well as the major security problems miners pose to the crypto systems.
Q: What does this mean for exchanges?
A: People don’t like to use unsecured systems and definitely do that like to lose their money. I think that people are smart enough now to recognize the power of secure systems and will pull their assets from those exchanges and either try to use others more secure or they will diversify their portfolio between 2-5 exchanges. Some exchanges will lose revenue while others will increase their revenue. Overall money won’t disappear in thin air but rather it will get redistributed.
Exchanges have to take immediate & drastic cybersecurity measures but also look at how the coins & wallets are protected in transit and at rest.
Unless changes are being made right away, the attacks and their magnitude will intensify both in frequency and volume.
Q: Is it time for decentralized exchange platforms on the blockchain?
A: Absolutely. Not only decentralized but also end to end encrypted. Decentralization does not equal security. Serious protection must be added for coins in transit and at rest and for wallets and users.
Wallets and exchanges should employ a strong 2-factor authentication (2FA) protocol on top of the end to end encryption of the communication between the user’s device and the exchange.
Wallets and Cryptocurrencies must be protected in a way that coins belonging to a particular user and wallet cannot be stored in another user’s unauthorized wallet. This type of protection would have solved all of the hacks that happened, so far, in which coins were extracted from exchanges or directly from users wallets.
Multiple layers of encryption (both in transit and at rest) combined with user and wallets authentication techniques and at the minimum 2FA enforced for all account holders are a must to reduce the attack vectors.
The exchange servers must also be zero knowledge servers and it must be impossible for them to decrypt user’s wallets without user’s decryption key(s). The decryption of one’s wallet should be done and only initiated by the user and never by the server.
No decryption keys should be stored on the server and no data in the clear should be stored anywhere.
Another major problem that we see is that cryptocurrencies could be used in any wallet without restrictions, whether the wallet owners are the legitimate owners of the cryptos, or not
Q: Should exchanges have bug bounties?
A: Absolutely, they should. It’s a very good way for the community and the hackers for good (aka the “white hat hackers”) to probe the exchanges from the outside without actually producing damages or stealing the coins. But that only identifies the problems and mistakes in the coding. Repairs must be made immediately and more testing must be done after that. After all, cybersecurity it’s a lifestyle. It’s not a project or a process. Threats are constantly evolving, and emerging, and the attacks will continue coming because….this is where the money is!
So a continuous bug bounty program must be carefully created and managed and, of course, the security researchers must be paid for their findings.
Q: Will the hacks ‘chase away’ institutional investors?
A: I would say probably not. Institutional investors are familiar and comfortable with a certain level of risk. But definitely they will think twice before putting all their money into a single exchange. Anywhere between 2-5 exchanges is probably a safer place to be.
Q: Will blockchain be a thing of the past with quantum servers which can ‘crack’ the encryption?
A: In the current design, yes. But there are chains like our BL∆KChain that not only is end to end encrypted with multiple layers and ciphers but is also truly immune to quantum computing attacks. Currently there is nothing in the world, personal, corporate or government that could break the encryption on the BL∆KChain, BL∆KWallet, BL∆KXchange and the BL∆KCoin.
Q: Please give any additional thoughts or opinions with respect to the blokchain industry
A: Blockchain is, despite all these problems, a revolutionary technology that will change the way we conduct business, the way we make payments & bank, the way businesses optimize their operations and the way governments become more efficient & distributed.
Blockchain via BL∆KFX has the potential to change the lives of the almost 3 billion people that are currently underbanked or not banked at all, by allowing them to enter the world’s economy, banking and payments. It has to be Fast Secure and Reliable (FSR). These conditions are well designed and implemented in the BL∆KChain, BL∆KWallet, BL∆KXchange and BL∆KCoin.
Today, without end-to-end security, you have nothing. Otherwise you are asking for trouble.