A Case for Decentralized
Cryptocurrency Exchanges
If 2017 taught the cryptosphere anything, it gave it a lesson in
security. The sheer number of hacks throughout the year–and
the millions of dollars in coins stolen as a result–sent a clear
message: cryptocurrency trading needs a makeover.
The foundation for this makeover? Decentralized
exchanges.
2017: A Year Plagued by
Hackings
2017 will likely go down as the year that put crypto on the map.
With attention, however, comes vulnerability, and the same
year that saw crypto prosper was the same year that drove it into
the hands of malicious individuals.
More than a dozen separate attacks
occurred throughout the course of the year. From exchanges to
wallet services to ICO funds, hackers feasted on system
vulnerabilities. Factoring in current market prices, the
total value of the year’s stolen funds is somewhere in the ballpark
of $500mln. This figure doesn’t even accommodate pre-2017
hackings, which includes Bitfinex and Bitstamp, among others, and the infamous Mt. Gox breach that drove the
market into hibernation. Add these to the tally and over
$12.5bln worth of cryptocurrency has been filched over the
years.
In the thick of the trouble, wallets have had their fair share
of run-ins. Back in July, hackers compromised Parity, a
popular Ethereum multisignature wallet, running off with 153,000
ETH (worth nearly $200mln at its current exchange rate).
In November, a Tether treasury wallet lost
$31mln to an attacker linked to a 2015 Bitstamp
exchange hack.
Overall, however, cryptocurrency exchanges bore the brunt of
malicious actors in 2017, and South Korean exchanges in particular
were on hackers’ hit lists. Youbit, formerly known as
Yapizon, lost 3,816 Bitcoin in April of 2017.
Valued $5mln at the time of the hack, the total cost of this
attack now tops $50mln. To make matters worse, Youbit was hit
again in December, forcing it to file for bankruptcy after losing
17% of its funds. further, in July, news broke that 30,000
user accounts on Bithumb, South Korea’s largest exchange, were
exposed in a data breach that left billions of won stolen. In
current market prices, customers suffered a collective loss of at
least $10mln.
Decentralized Exchanges May
Provide a Solution
All of these compromised exchanges–Bitstamp, Bitfinex, Youbit,
Bithtumb–are centralized. This is nothing out of the
ordinary, as most all major exchanges are centralized. There
are obvious reasons for this, the most apparent being convenience,
but these reasonings often overlook security concerns.
When an exchange is centralized, this centralization comes in
two forms: asset control and system management. With asset
control, exchanges operate much like trusted institutions such as
banks; when you use a centralized exchange, you agree to let the
exchange hold your funds and private for you until you wish to
withdraw your currency. Exchanges will often hold customer
funds in a hot wallet reserve (online) and cold wallet reserve
(offline).
The other form of centralization refers to how an exchange
stores its data and the infrastructure it uses to support itself.
Larger exchanges have to outsource server space, often to
cloud services, in order to accommodate website traffic, and this
usually means that hosting servers are allocated in a single
source.
Starting to get the picture? If a hacker wants to hit a
centralized exchange, they need only to go through a central
entryway, usually a third-party hosting server. Once in, the
hacker then has access to a central source of funding, the
exchange’s hot wallet reserve and private keys.
Of course, major exchanges have a number of security features in
place to insulate themselves against malicious actors. But as
precedent has shown, these measures don’t always go far enough.
This is why we need decentralized exchanges. They pick up
the slack that centralized exchanges, because of their inherent
design, can’t. As such, decentralized exchanges (DEXs, for
short) offer a number of enhanced security benefits.
No central point of entry or
control
Unlike their centralized counterparts, DEXs are not controlled
by a single entity. The domain server that people access to
use the exchange is centralized, of course, but no one entity
controls the marketplace, nor is the exchange supported by a single
server.
As they currently stand, most decentralized exchanges are built
on the Ethereum blockchain and are supported by a network of nodes
rather than a centralized server. This means that an attacker
would have to compromise half of the nodes that support an exchange
to control it, a practically impossible feat.
User controlled funds
Since there is no one entity that owns a DEX, there is no
central hub that controls user funds. Decentralized exchanges
are trustless, meaning users are always in control of their assets
and all trades are peer-to-peer.
To accomplish this, DEXs manage currencies using
Ethereum-powered smart contracts. Once funds are locked into
a smart contract, only someone with the corresponding private keys
can touch the funds. Under a centralized system, you
relinquish your private keys, and they are all pooled into a single
ledger that reflects the exchange’s hot wallet reserve. If a
hacker gets its hands on these keys, your funds can be swept away.
Under a decentralized system, you’re always in control of
your own private keys, and so long as you don’t reveal them to a
malicious third party, your assets are safe in a DEX’s smart
contract.
Integration with Hardware
Wallets
This is perhaps the biggest benefit a DEX has to offer.
Most decentralized exchanges, such as Ether Delta and IDEX,
can sync up with the Ledger Nano S or Trezor hardware wallets.
Alongside cold storage, hardware wallets are the safest
options for storing and managing personal funds, as they are
impervious to the same malware that can compromise software
wallets. Using a hardware wallet compliant DEX, you can plug
in your Ledger or Trezor and send funds directly into the
exchange’s smart contracts. This is preferable to manually
entering your private keys, as manual entry is vulnerable to
phishing and keylogging attacks.
DEXs Still Have a Ways to
Go
While they’re a better option than more popular centralized
options, decentralized exchanges, as they currently operate, are
far from perfect.
As EtherDelta taught us last December,
they’re still prone to phishing attacks through the exchange’s
domain name server. Still, as I argue here, the security features
inherent to the exchange minimized the damage done. Accounts
that used Meta Mask or Ledger to manage funds were completely safe
even if they used the fake site, and if you never revealed your
private keys on the fraudulent domain, your coins were safe in
their smart contracts. By today’s rates, over $500,000 worth
of funds were nabbed, and while this number isn’t laughable, it’s
much less than we’ve seen stolen through centralized exchanges.
To continue with DEX downsides, there’s a reason centralized
exchanges are more popular: they’re easier to use. Newcomers
may get frustrated with the maze of smart contracts they must
navigate to begin trading. Sure, you don’t have to sign up or
get verified to use a DEX, but you have to transfer funds back and
forth from your personal wallet to an exchange wallet every time
you want to trade. You’re also at the mercy of the Ethereum
network everytime you want to move funds or make a trade. If
the network is congested, you may face, at best, higher transaction
fees or, at worst, a buggy, unresponsive trading system.
There are a number of projects looking to ameliorate these
issues. 0x, for example, is implementing an off-chain
ordering system in conjunction with an on-chain trading system.
In theory, this will give the DEX the quick order matching
system of a centralized exchange without sacrificing security.
Blocknet is another DEX that hopes to bring cross change atomic
swaps to streamline decentralized trading and make it even more
secure.
I believe decentralized exchanging will be the future of
cryptocurrency trading, as it is necessary for the ecosystem’s
financial health and future survival. Hopefully, 2018 will
bring a slew of innovations for this unrefined system, and
hopefully, these innovations will help to mend the losses suffered
under the current centralized standard.
Ethereum (COIN:ETHUSD)
Historical Stock Chart
From Mar 2024 to Apr 2024
Ethereum (COIN:ETHUSD)
Historical Stock Chart
From Apr 2023 to Apr 2024