The $220 billion-dollar cryptocurrency market could be subject to the biggest heist in history. Worse, it’s already under way.
That’s the thinking of cryptocurrency security expert Kara Coppa, who sees holes in cryptocurrency wallets as a massive vulnerability already being exploited by hackers and thieves. BlockTelegraph caught up with Coppa to find out the latest on how to protect your wallet.
1. You have your own fun background in tech. Share that.
I like to solve hard problems. Hard and complicated problems must have a complex and complicated solution. Same order of magnitude is required.
For fun, I started looking at the security problems with cryptocurrencies, exchanges, wallets and Blockchains — both public and private.
I’m happy to say that after four years, I identified the security problems and the pain points of the crypto economy. I came up with over 18 novel ideas for which I filled for patent protection and I started building the next generation of ultra-secure Blockchain, exchange, wallet and token.
At BLΔKFX we are solving the cryptocurrency crisis with patent-pending cryptographic technologies and differentiates itself from the competition with five layers of encryption, including two layers that provide quantum computing attack immunity. Making advancements in blockchain and the crypto-currency space, BLΔKFX has developed a comprehensive secure ecosystem that offers pioneering levels of crypto-asset security to support the $220 billion cryptocurrency market. Our secure software helps strategic partners launch crypto coins by reducing operational and liquidity costs and build trust with superior security, while providing faster transaction speeds and liquidity.
2. What makes security concerns in Blockchain so unique?
This is a great question. It’s mostly because most of the people don’t know how Blockchain technology works or even what Blockchain is and that there are different types of Blockchain, with many implementations.
But the fact that people think the data of transactions is safe in a Blockchain is actually the biggest threat to the adoption of this technology. The reality is that the data is not safe inside Blockchain and many people can actually read it and manipulate it under certain conditions.
3. What conventional wisdoms about cryptocurrency security are wrong?
It’s the encryption. People thing that the crypto currency is encrypted when in fact is not. Digital signatures are used for non-repudiation of transactions and hashes are used for integrity check but encryption for confidentiality, is not used. The content of transactions, amounts, wallet addresses, etc are all public for everyone to read. People would never allow that with their FIAT bank accounts.
Another idea that is wrong is that crypto currency exchange are purely peer to peer, server less and it’s controlled by the people. While there is a large component that us distributed, every crypto currency runs on top of s Blockchain that is installed on a network that pretty much controls most of the operations. In case of crypto currencies that require mining, the people (miners) that use their own computing power to participate in the mining and hashing generation process are the ones that compete for the right to write the transaction on the next block and earn crypto rewards in the process.
But even here, if people collude with each other and they exceed 51% of the hashing generation power of that Blockchain, they can actually hijack transactions, double spend cryptos , reorder transaction or even denying them. In other words a bunch of people or nation state with enough computing power could potentially hijack every transaction to their own benefit
Another myth about cryptocurrencies is the fact that smart contracts are safe. Far from that. Recent attacks have successfully replaced the original transaction wallet addresses with their own, or changed the outcome of a contract.
Most exchanges are not secure and 99% of wallets are not safe either. In fact the biggest money theft in human history has come from exchanges being hacked as well as from wallets being compromised either by bring restored on to another devices/computers or from compromising of user credentials and/or the factor SMS authentication.
4. How bad is the crypto theft situation now?
It represents the biggest money theft in humans history. The fallout from the crypto exchanges hacks of this year has been almost $42 Billion. That adds to the value of cybercrime which is already at $3 Trillion in 2018 and on it’s way to $6 Trillion by 2021. We haven’t seen anything like this until now
If we don’t fix the crypto theft problem, they won’t become main stream or reach institutional investment and trading level.
5. What’s hot in the crypto security space in terms of solutions?
We are at the beginning of this. There are a few companies and products in the space trying to mitigate the theft problems. For example, the cold storage wallets, some privacy coins like Monero and some distributed exchanges. But none of these companies or products solve the security problem. They are Band-Aids, when in fact the problem needs an open-heart surgery
We need a comprehensive end to end secure solution. For everything: exchanges, wallets, Blockchains and coins.
6. Which crypto wallets or other tools have the biggest holes today?
Everything that is purely web -based present the biggest problems. If the user accounts don’t have two factor authentication (not SMS based) and if the web accounts are not protected with traditional security solutions like device authentication, security questions besides password, etc. users should avoid using these systems.
Users should stick with wallets recommended by their exchanges and also research if those wallets have had any security incidents or have been compromised.
They should use multiple wallets for different cryptos, keeping the most valuable ones on cold storage wallets only.
Users should be careful and write down their recovery words provided by each wallet and store the information in a safe place or safe.
7. How can investors best protect themselves?
Security has become the number one concern for the people and investors. In order to have a secure crypto currency the coins, the ledger, the wallet and the exchanges all must be secure in transit and have end to end encryption. The exchanges must be distributed rather than centralized, and they should not have the wallets private keys
Post-quantum encryption and quantum-resistant hash algorithms must be used for security of the coins but also of the hashes used in the protocol. Mining needs to evolve from POW to POS and to future POA (proof of authentication) and POO (proof of ownership)
But until all these changes can happen, a more practical solution would be for users to register with 2-3 or more exchanges and split their cryptos between them and between multiple wallets. Only cryptos that are actively trading should be stored on software wallets, the rest should be in cold storage.
Users should also use a dedicated device(s) for trading cryptos, something that is not used to play games, browse the internet or download various executable content (like applications).
I would also highly recommend the use of a proxy/VPN software to further secure the connection to/from exchanges or wallet to wallet. An anti-malware app/program should also be used to identify any malicious activity that might appear on user’s devices.
Users should exercise cyber security good practices with all their devices and in particular with the devices holding their cryptocurrency, trading apps and banking apps in general. One of the things to remember is that when traveling, one should avoid charging their devices via USB ports from untrusted or public places like hotels, airplanes, airports or malls.
Hackers know that exploiting some of these charging stations would give them direct and unrestricted access to the devices charging.
Another good idea is to set your email to allow only text email (rather than HTML enabled emails). I know users will lose the ability to click on links in the emails but that’s the point. Emails are the number one way for phishing to take place where users are socially engineered to click on links in emails from hackers. It only takes one click and the device could be compromised with malware that potentially could record everything users type on their devices. That could lead to wallet and exchanges account compromise and to crypto theft.