When hackers penetrated a secure authentication system at a bitcoin exchange called Bitfinex earlier this month, they stole about $70 million worth of the virtual currency.
The cyber theft—the second largest by an exchange since hackers took roughly $350 million in bitcoins at Tokyo's MtGox exchange in early 2014—is hardly a rare occurrence in the emerging world of crypto-currencies.
This rising risk for bitcoin holders is compounded by the fact there is no depositor's insurance to absorb the loss, even though many exchanges act like virtual banks.
Not only does that approach cast the cybersecurity risk in stark relief, but it also exposes the fact that bitcoin investors have little choice but to do business with undercapitalized exchanges that may not have the capital buffer to absorb these losses the way a traditional and regulated bank or exchange would.
The Blockchain Graveyard is a list of Bitcoin exchanges which have been hacked. It is growing constantly, not only sabotaging the general public trust in cryptocurrencies, but also ruining companies, customers and investors alike.
The root causes of these hacks are various and often complex, but most of these breaches could have been prevented — or at least severely limited — with a best practice security approach.
And when we say best practice, we are referring to what banking institutions, telecoms and governments have been relying upon for the last decades: secure hardware.
How secure are you Bitcoin? I would say it is as secure as your wallet. When you open an account with an Exchange or platform, they are responsible for the safeguard of your private (aka Wallet). So, if an Exchange is hacked and the intruder gain access to your private keys, your crypto currencies is as good as gone, forever, bye bye. Therefore, I would encourage anyone serious about cryptocurrencies to invest in a Hard Wallet. Use the link below to get $5 discount.
The below is an excerpt from an article written by Nicolas Bacca, the co-founder and CTO of Ledger, to give you an idea how hardware wallet works.
A hardware security module (HSM) is a physical computing device that safeguards and manages cryptographic keys, and provides secure execution of critical code. These modules come in the form of a PCI card, or an external rackable device which can be directly connected to the network. HSMs have built-in anti-tampering technology which wipes secrets in case of physical breach. They are architectured around secure cryptoprocessor chips and active physical security measures such as meshes to mitigate side channel attacks or bus probing. These devices are heavily used in the banking industry and in all verticals where critical secrets must be protected.
The only mission critical industry which is not using HSMs is… the Bitcoin exchange industry (with the exception of Gemini). For some unknown and mysterious reasons, hot wallets security architectures are based on ad hoc solutions built around off the shelf hardware and thus totally uncertifiable against Common Criteria or FIPS 140. When you deal with private keys that you cannot revoke, and whose compromise would result into massive losses, you just can’t have them on a regular server architecture.
Most of the exchanges keep the vast majority (97%+) of their assets in cold storage. The keys are totally offline, out of reach of hackers. This is the best protection you can have. However, to be able to automate payouts and function normally, you need hot wallets. These wallets are controlled through APIs and receive orders to sign outgoing transactions to pay customers wishing to withdraw their funds. Because you need to be able to automate these wallets, the keys must be live, and are therefore at risk.
In this section, we are going to present the Ledger recommended HSM based architecture to secure an exchange’s hot wallet.
Here are the different modules/services in play:
The HSM itself is architectured around the following units:
Initialization of the HSM and its modules must be done according to the following process:
Let’s say that a user wants to withdraw 50 BTC (all its balance) to a Bitcoin address of her choice. She logins on the exchange and fills a form with a withdraw request. The following process then occurs:
Let’s directly assume that the attacker would gain full control of the entire infrastructure of the exchange (like an inside job). By injecting false user pairing, the attacker can easily trick the 2FA user channel (which is more a protection against a local hack of the user itself). Still, injecting false market data into the HSM would require the attacker to proceed carefully — if the HSM fails its periodic consistency checks, it will shut down the signing plugin until reactivated by an administrator. The last line of defense is the rate limiter: the hacker won’t be able to withdraw more than the hard limit set in the HSM (which cannot be changed, the Leger Blue being out of reach). After a few hours, customers start to complain about empty accounts, and the security team can shutdown the HSM as an emergency response. The quicker the “community” detects something is wrong, the quicker the hack can be stopped.
The worst case scenario is a loss of what the rate limiter allows per hour, multiplied by the number of hours the hacker managed to stay undetected.
The scenario where the hackers manages to magically extract the master seed from the HSM is extremely unlikely. These security modules are carefully tested and most exploits have been limited to abuse or misunderstandings of the administrative interfaces. Of course, one can always say that nothing is unhackable, and this would be true; but the difficulty to achieve such a feat is a few orders of magnitude higher than “just” taking control of a full IT architecture.
Additionally, we could also factor situations where the Ledger Blue is in the possession of the hacker, or that he simply gets access to the seed backup. Because of the tendency of humans to do stupid mistake, this could in fact be the way it would go… That is why even the best of security technology is nothing without common sense and carefully audited internal processes.