Arguably, what made cryptos so successful in the first place is the possibility of having a recognised valuable asset without the hassle of complying with banking and legal regulations.
Sure, this wasn’t Satoshi’s main task when he published his whitepaper on the cryptography mailing list at metzdowd.com, but this feature caught much of the attention of investors trying to find new ways to make easy money.
Obviously this brought the ‘market wanna-be’ to be a nest of hackers, scams, and trading of many assets at best bordering on the limit of legality — if not utterly ending up in the drug cartel or worse.
Today, however, the ‘cryptomarket’ has overcome much of the initial suspicion and is adjusting itself to a newly founded sector of alternative finance, with trading platforms where to exchange virtual coins in a regulated manner.
Big exchanges, as CoinBase, Binance, or Bitfinex all provide a platform for trading, a private and a public key, and a depository where to store your coins, the so-called wallet. Comfy, isn’t it? After all, one wants to have all the features of a trading platform with the security of blockchain.
Well, it doesn’t actually look like this.
Having a chat with Tim Weiss, CEO of Digital BankVault, I realised that much of what we outsource to exchanges and company-backed platforms — in terms of trust — can be seen through the lenses of entrusting a third-party with sensible data, as the keys to our crypto-wallet.
“The problem here, is that the private key — the most valuable thing you have — is stored on some server a company provides you, if not on the device you are using. In this way, you don’t really have control over your private key! The convenience of having a key made and ready for you might actually represent a big problem when talking of big capitals, as encrypted as it can be.
“Hacking a device or a server, nowadays, is proved to be possible. It already happened to many exchanges, as CoinCheck or Mt. Gox, but also many others. Having your private key it’s easy to transfer the entire funds to one’s own wallet. This is one of the main reasons hacking has increased in the market.”
After all, even Binance, which is considered to be one of the most secure exchanges couldn’t avoid being hacked.
Exchanges are centrally operated systems, meaning that they are run like traditional companies and with a single database that stores all the users information owned by them.
Such central ledgers might be a good target for experienced hackers, i.e. tracing the traders’ activity or identifying your account information. As Tim was saying, such gigantic infrastructures proved to be wrong, as the Japanese exchanges learned at great cost.
“The problem here, after all, might be exactly what we think secures us the most: the private key,” in the sense that “registering your key is not always as secure as one think, unless you don’t write it on a physical agenda and then consult the agenda every single time you want to transact cryptos.
“However, this might be too much of a hassle. We should move towards more marketable ideas to enhance security in the sector for traders and investors.”
Tim and his team have developed an idea for which the key should not be known by the company providing the service — in this case the access to your wallet.
By means of a key derived from a ‘path trace’ (an everyday habit of yours, for instance) and a specific device to access your account, the central provider of the service (i.e. the company) should know nothing of your data as much as your device should store nothing on it.
“Let me explain better. Back in 2016, former President Obama stated how easy can the government enter into a device representing a pocketable Swiss bank. That is what should be tackled: to keep your digital assets rest still in a vault.
“The solution might then be a device the marketing value of which is comfortably and temporarily accessing your account. When you turn off the device all the temporary memory of the hardware is utterly deleted, leaving no trace behind. Every time you need to use your account you log in and then you can safely turn it off again, without fear of being robbed even if you leave your device on the bus.
“No trace means no leads to your account. It is as simple as that. Moreover, privacy today is a luxury. How good would that be to get rid of third-parties?”
Exchanges provided a great stabilisation for the crypto community and the growth of a possible market of reference. However, we all know the dangers of having someone with full access to our data.
Privacy might be a luxury, but not an inaccessible good. The crypto world is such a disruptive, developing market that even something perceived as secure as the private key — largely though unhackable in the early days — might constitute a problem.
But that’s also what the crypto world is: a constantly developing and adjusting market, strong in the entrepreneurial spirit of the humankind.
This article was originally published on HackerNoon.