Centralized exchanges and services have increasingly been portrayed as insecure and flawed relative to their decentralized counterparts over the past few years. This is due to an abundance of hacks that have occurred including on Upbit, DragonEx, Mt. Gox, Binance, Coinbene, Cryptopia, to Fcoin (most recently); indeed the list of major exchanges that haven’t suffered a hack resulting in customer asset loss would be much shorter than the list of exchanges that have. This is because such exchanges and services are responsible for securing customers’ assets, resulting in a very financially lucrative target for hackers. Rather, people have considered decentralized exchanges and its counterpart, decentralized finance ‘DeFi’, to be the way of the future. But as we’ve seen, even decentralized exchanges like Bancor, EtherDelta, and IDEX, are susceptible to similar hacks, as are DeFi protocols like bZx which suffered 2 hacks last week, which as we’ll explore later weren’t really hacks at all.
Reasons for Failure of Centralized Exchanges, Services & Custodians
‘Not your keys, not your coins’ is the mantra seasoned cryptocurrency enthusiasts keep repeating time and time again. Having seen so many such services fail, little trust can be placed in such services; even many of the biggest and thought to be the most security have succumbed to hacks resulting in the loss of customer assets. But why do they keep failing? Haven’t they learned their lesson by now? To understand this, we must understand how such centralized services and exchanges fail in the first place, and it boils down to two main categories, which have some degree of overlap: Insolvency and Security.
First, centralized exchanges or services can become insolvent for a variety of reasons whereby they have more liabilities to their customers than they have assets. This results in not all customers being able to be ‘paid out’, and they descend into bankruptcy. First, there’s insolvency caused by a security issue or hack – this is arguably a category on its own we’ll discuss in more detail later.
Second is the so-called “Exit Scam” whereby founder(s) take off and run with people’s money. Sometimes, the exit scam is premeditated from the very beginning, while in other cases founder(s) realize it’s simply not going to work out, and elect to take the remaining funds for themselves rather than properly refunding investors. Sometimes it’s a single individual founder that elects to exit scam, leaving the rest of his or her team in the dark, while in other cases it’s multiple founders collectively deciding to exit together.
Third, is insolvency caused by the failure of their business as a whole. When expenses (inclusive of any losses) exceed revenue at an exchange or services and they are unable to obtain VC funding or financing and are unable to immediately make up that loss via increased revenue and/or lower expenses, the only option is for them to borrow against customer assets under their management, making them insolvent. Their degree to which they are insolvent gets worse and worse over time until there are very few assets relative to a much larger amount of liabilities.
It’s not difficult to understand why the vast majority of exchanges fail even if they never suffer an attack resulting in the loss of customer assets. The high amount of competition, incredibly low margins, increasingly high compliance costs, increasingly expensive security costs, and challenges gaining enough even minimal trading volume much less volume adequate enough to financially sustain operations are just some of the challenges centralized exchange startups face. Plus, what VC would want to risk an equity investment in such a high-risk low-profit business, especially when the terms like DeFi and DEX are so much sexier right now?
Insolvency can be caused by incompetence or negligence on the part of management as well, but in other cases, management really does try their best albeit to no avail; they fail financially and their customers either end up taking a major ‘haircut’ on any assets recovered if they get any assets back after all.
You may (or may not) be surprised to learn that many (but not all) cryptocurrency exchanges have inadequate and unsound security for the cryptocurrency assets they take custody of, despite being responsible for tens or hundreds of millions of dollars (or more) worth of cryptocurrency assets in many cases. The concerns can be subdivided between internal security issues and external security issues.
Security incidents resulting in customer asset loss are more often the result of internal theft or embezzlement than you might realize. Even when it’s not a case of internal theft, the hacker or thief may still have received assistance, intentional or not, from an employee or someone on the inside.
Adequate protection from internal threats and employees should indeed be a major concern for any custodial service or exchange. And frankly, most don’t have a sound security setup to prevent such breaches from succeeding.
To a large degree, it is more difficult for an exchange to implement a sound, secure, and redundant setup, than it would be for say a ‘crypto whale’. Exchanges are far more public-facing and well known, have are vulnerable via far, far more attack vectors. Furthermore, they need to implement a setup in a way that prevents a single person from being able to access funds, and also need to allow for contingencies, redundancy and emergency situations, such as the death of a founder, in a way that still allows access to assets in storage but in a way that doesn’t compromise security a tough time. Frankly, they are unlikely to design and implement a system correctly without the help of seasoned experts.
A lone founder running off with the funds or passing away whereby they’re the only one with access to cryptocurrency held in cold storage is absolutely unacceptable. This was alleged the case with QuadrigaCX – but just to be crystal clear the supposed assets in cold storage that only Gerald Cotten had access to never actually existed in this case. Crypto-asset storage and security for public-facing organizations who need frequent and ready access to said assets is considerably more complicated to implement security, thus it’s wise for such exchanges and services to consult security experts on such matters.
External theft by hackers is also another major issue exchanges and custodians need to grapple with. Given the value of the assets these exchanges and services have custody of, it makes them automatically a target by the best hackers and hacker groups in the world, as well as nation-state level attacks. The reasons for failure are too numerous to detail here, but again it ultimately boils down to unsound or inadequate setup.
Also, another thing to note is that a noticeable number of the supposed “hacks” aren’t actually hacks at all, but rather exit scams performed by founding team members or cases of embezzlement (which CipherBlade can and does track by the way). So when thinking about all the security incidents and hacks that have occurred over the past few years, be mindful that it’s not quite as frequent as it might first seem to those of us who have been in the space in the while; some of the hacks are most definitely “fake”. Threats are more often internal than you might realize, hence the need for solvency and security audits, which helps customers rest assured that there’s no “funny business” going on and that there is likely to be sufficient security to thwart even more sophisticated attacks and hacks.
The Decentralized Alternative: Decentralized Exchanges and Finance
The initial and obvious solution to these problems with centralized exchanges and services is obvious: “Decentralize”. Make sure no one is in control of customer funds so there’s nothing to steal. But that’s easier said than done.
DeFi projects, despite what they might have you believe otherwise, tend to have multiple strong aspects of centralized, particularly when it comes to price oracles and the existence of “admin keys” which allow for a centralized individual or team to freeze funds or even take funds.
If your “defi” project has an admin key or a coordinator, a set of oracles, a group of validators or cosigners, a default trusted keys list, even if you “have plans to phase it out”, what you are actually doing is running a financial service. In other words you actually have no d
— Alex Bosworth ☇ (@alexbosworth) February 15, 2020
Admin keys, price oracles, potential code or smart contract vulnerabilities (e.g. The DAO), design flaws, reliance on other protocols (which also have their own vulnerabilities) and the threat of an attacker implementing a bug or exploit as part of software (as was the case with the IOTA Trinity Wallet hack) are just some of the potential security flaws in and decentralized or DeFi project and precisely why the term ‘decentralized should not be used synonymously with security.
Thoughts on the bZx ‘Hacks’
The attacker used multiple DeFi protocols to leverage trade using so-called ‘Flash Loans’ manipulating prices of assets in the process which wasn’t all that difficult given that bZx only utilized a single price oracle, and then exploited that in order to make a handsome profit of almost $1 Million USD. Utilizing clever tactics to manipulate prices to one’s own advantage can’t really be called a hack, but rather an exploit, and would probably be regarded as perfectly legal.
Granted, not all DeFi projects are the same, some are far more decentralized and/or secure than others, while some DeFi projects exist in name only, and are almost completely centralized, electing to merely utilize the term to help raise funding, much like the ICO-mania of 2017.
Centralized Exchanges Aren’t Going Anywhere
Like them or not, centralized exchanges are here to stay. Decentralized exchanges and services will likely increase in popularity, but centralized exchanges will not and frankly cannot disappear anytime in the near future for numerous reasons:
- Centralized Exchanges are cheaper to operate. Some people are cheapskates; they don’t want to go through the hassle or the costs associated with converting some of their ETH to WETH on an exchange then broadcasting each transaction on the blockchain, incurring more transaction fees along the way. Handling transactions on an internal centralized ledger is going to continue to be cheaper, quicker, and easier.
- Centralized Exchanges are faster and far more efficient and practical at providing liquidity. Ever wonder why liquidity is always so much better on centralized exchanges? They’re far quicker and more convenient to use; it doesn’t take minutes to place a trade, but seconds. And needless to say, it’s far more practical for market makers and trading bots to utilize centralized exchanges.
- Decentralized exchanges and services need to utilize smart contracts to be sufficiently decentralized. Obviously, not all cryptocurrencies have smart contract capabilities, such as Bitcoin as but one example. Hence why the majority of active decentralized exchanges utilize Ethereum primarily or exclusively.
- Fiat exchanges must necessarily be largely centralized. Fiat currency is a custodial financial asset. Unlike USD-pegged stablecoins, USD itself would be both impossible and pointless for any decentralized service, exchange, or organization to hold or to accept deposits from as they don’t have a place to store digital fiat currency; there’s no corporation, no directors or even employees, and certainly no bank account. Decentralized organizations are incapable of holding fiat currency. Generally speaking, P2P fiat-crypto exchanges like LocalBitcoins are not exceptions here; they might not take custody of fiat currency but there is a company that operates it, they do take custody of cryptocurrency, and thus cannot be considered decentralized.
It should be obvious that the vast majority of centralized services offering ‘interest’ on any investment should be regarded as scams, and likely a Ponzi scheme in most cases. This is particularly true for anything offering high interest or a large ROI e.g. 0.5% per day, or anything offering above ~12% ROI or interest annually likely fits this categorization. There are however a select few services that don’t appear to be scams nor fraudulent on the surface, but they suffer from the same potential pitfalls that centralized services and other custodians suffer from. By all indications, none of the major legitimate centralized lending services have suffered an attack resulting in considerable asset loss… yet… but it’s only a matter of time unless they take the proper steps to secure themselves.
Perhaps even more alarming is the tendency for some exchanges, particularly smaller ones in need of greater market share, to offer their customers the ability to ‘lock’ their funds in and earn a fairly generous (but not insane) interest rate, often in the 8-12% of range annually. This option makes it far riskier than it already was to store funds on that given exchange; not only are they susceptible to the same security and solvency concerns as previously discussed, but any depositor now needs to rely on the exchange making an even greater return given their increased costs associated with customer interest payouts. This opens up even more room for failure and begs the question just how safe and secure the investment is, much less the supposed ROI the customer is to receive.
Thoughts on Security and Possible Solutions
This post isn’t meant to suggest centralized financial infrastructure is superior or more secure than their decentralized counterparts; far from it. But we do want to dispel the notion that decentralization is necessarily synonymous with security (and that centralized necessarily means there are security vulnerabilities) ]. Centralized exchanges, services, and custodians can arguably be just as secure as even their most well-tried decentralized counterparts but only with the help of credentialed experts who are able to conduct necessary security and solvency audits ‘Proof of Reserves’ or ‘Proof of Funds’, Pentesting, and Red teaming. Exchanges and platforms like Kraken, Bitbuy and Shakepay have gone through such audits and testing and have never suffered a breach resulting in the loss of customer assets. It’s time others step up to the plate and do the same.