Boosting security through a DEX system
North Korean crypto hacks continue to create a need for a proper Decentralised Exchange network
By Gerald Fenech
Last week, a UN Security Council panel reported that North Korea has “amassed upwards of $670 million worth of bitcoin and other currencies”, a large portion of which was sourced from cyber-attacks on low-security crypto exchanges. For example, last year, North Korean hackers targeted bitcoin exchange Youbit, stealing around $72 million in one sweeping attack.
To those in the crypto space, this news comes as no surprise whatsoever. Crypto exchanges have become notorious for security risks – particularly for users who choose to forfeit their private keys in order to make trades. Crypto enthusiasts believe that exchanges undermine several of crypto’s goals, i.e., a society without middlemen, total control of one’s wealth, etc.
It’s not a secret that hackers working for the North Korean government have a long history of targeting cryptocurrency exchanges for high-value attacks. In 2017, experts speculated that North Korean operatives were responsible for a number of exchange hacks, including two separate attacks on the South Korean exchange Youbit. Hackers stole over $70 Million in crypto from Youbit in April and attacked again in December, forcing Youbit into bankruptcy. North Korea was widely thought to be responsible for both incidents.
According to Nikkei Asian Review, the UN report noted that the North Korean government targets cryptocurrencies because they “provide the Democratic People’s Republic of Korea with more ways to evade sanctions, given that they are harder to trace, can be laundered many times and are independent from government regulation.”
While it is obviously a major concern that a violent and repressive regime like that of DPRK is able to steal more than half a billion dollars in cryptocurrencies, this is really just a symptom.
The root of the problem is that cryptocurrency exchanges typically hold massive amounts of wealth in a small handful of centralised accounts without adequate security measures in place. This system makes it easy for hackers to make off with billions of dollars in wealth if they can gain access to a few key pieces of data. In fact, research groups estimate that hackers stole somewhere between $877 Million and a smooth $1 Billion from crypto exchanges in 2018 alone.
Whatever the exact figures may be, the point is clear: existing security measures are inadequate, and hackers are exploiting these vulnerabilities to amass fortunes in stolen crypto.
The good news is that there’s an easy way to eliminate liability for exchanges and allow users to keep their assets safe while trading. The solution is a decentralised exchange (DEX) protocol.
I spoke to Kadan Stadelmann, CTO of Komodo an open-source blockchain project that lets users avoid storing their crypto in vulnerable centralised exchanges entirely through the use of a “decentralised exchange” (or DEX).
“Before getting into the particulars of decentralized exchanges, it’s worth pointing out that many blockchain projects with talented development teams are working hard to increase decentralisation and security in crypto trading. Each of these projects can rightfully call themselves a decentralised exchange.
At the same time, not all DEXs were created equally. While virtually all DEXs are less centralised than traditional crypto exchanges, they are still centralised to varying degrees. It’s helpful to think of centralisation and decentralisation as a full spectrum, rather than a simple black-and-white distinction. Most DEX projects lay somewhere in the middle”, Stadelmann explained.
For example, many DEXs use proxy tokens to execute trades. Users must first send their assets to a wallet that they do not control. Then, in exchange for the real assets, users are given proxy tokens—worthless tokens that act as a stand-in for the real funds. The proxy tokens are traded for other proxy tokens. When a user is finished trading, they must return the proxy tokens to the DEX and wait for the real funds to be released to their wallet. The trading may be peer-to-peer, but users’ funds are still held in a centralised account that the user does not control.
Stadelmann said that other peer-to-peer exchanges use escrow accounts to ensure security between two traders, in which users are prompted to send funds to an escrow account called a “trade wallet.” Only after both parties send their funds to the trade wallet will the trade be executed. Users must also pay a security deposit prior to making each trade.
Another class of DEX focuses exclusively on Ethereum-based assets (ERC-20 tokens and ERC-721 tokens). These DEXs use smart contracts to execute peer-to-peer trades. This method is similar to escrow service DEXs, in that users must relinquish control of their assets, but smart contracts are used in place of escrow wallets.
So, after all of this, the question remains: what exactly makes an exchange decentralised?
“In short, a truly decentralised exchange is one that never touches or controls users’ funds. In that sense, a decentralised exchange isn’t really an exchange at all. It’s just a technology that allows two traders to swap digital currencies with one another. They agree on a price and the trade is executed. The funds are never sent to a centralised wallet or server for any reason”, Stadelmann explains.
This method of exchanging digital assets is called an atomic swap. It is atomic in the sense that either (a) the trade is processed and both parties receive the funds they wanted, or (b) the trade is not executed and both parties retain control of the funds they began with. If the trade fails, it may be a disappointment, but the users are never at risk of losing their funds. The coins and tokens, along with the private keys that control them, stay inside the users’ wallets at all times.
Komodo’s BarterDEX is the world’s only DEX fully powered by atomic swap technology. Unlike token-based DEXs, BarterDEX supports any digital asset natively— Bitcoin and all Bitcoin-protocol coins, Ether and all Ethereum-based tokens, as well as every other digital asset in existence.
BarterDEX increases the security of crypto trading exponentially. In reality, the security risks of trading with BarterDEX are no greater than the risks associated with storing one’s coins and tokens in a “hot” wallet. The only way to store one’s assets more securely is to keep them in an “cold” wallet, meaning that they are stored on paper or on a device without internet access.
The atomic swap protocol that powers BarterDEX is an open standards effort. It has a free, open API with which any project can build. It also has a shared liquidity pool, compounding the network effect and allowing all projects to benefit from increased adoption of the technology.
Centralized exchanges looking to bolster security can integrate to the BarterDEX framework, just as startups striving to build new DEX products can. The goal is to make the entire industry more secure and accelerate the global adoption of blockchain technology.
Currently, the new version of BarterDEX is an internal alpha testing phase.