As the cryptocurrency market is going through a bit of a rough time, news has emerged that another cryptocurrency exchange has been hacked. Relatively little-known South Korean exchange Coinrail has lost around $37 million according to reports. Whilst this latest incident seems to have had a substantial impact on the market price of cryptocurrencies and has been picked up by major news outlets, hacks on centralized exchanges have become very common and do not tend to cause big surprises anymore. However, it is clear that centralized exchanges are the weakest link in cryptocurrency security.
A History of Disaster
Since the invention of Bitcoin exchanges converting fiat money into crypto and vice versa has been an issue. Similarly, exchanging one cryptocurrency for another is not trivial, as the coins tend to “live” on different blockchains and use different technologies.
Companies were quick to see this gap in the market as a business opportunity. Centralized exchanges act as middlemen that buy and sell digital currencies and allow their customers to trade via web or mobile interfaces. They even offer APIs for application integration.
However, companies have seen the business opportunity, cybercriminals have also identified exchanges as ideal targets.
In the early days of Bitcoin, Mt. Gox was the only (or leading) exchange. When Mt. Gox went bankrupt due to alleged hacking activity, this was a major blow for cryptocurrency adoption. In fact, the impact on the market is still felt every time the Mt. Gox trustee releases seized funds onto the market, causing major price fluctuations.
Subsequent exchanges have not done much better, with one disastrous incident being reported after another.
Unlicensed Banks that Own Your Coins
Centralized exchanges are a major weakness in the current cryptocurrency ecosystem because they break the whole blockchain paradigm of decentralization by re-introducing a centralized trusted third party.
We have removed banks and have replaced them with a less trustworthy and unlicensed version. For all their faults, banks operate within a legal and regulatory framework. They are also insured and are tightly supervised. Instead, we chose to trust an unlicensed private company, possibly in a foreign country, that does not correspond to any financial regulatory body. We also have no clue what insurance or security measures are in place.
Some users might not realize this, but if you keep your coins on a centralized exchange you do not own anything. All you have is a promise from some website to give a certain amount of money when you decide to withdraw the funds allocated to you. Exchanges own your wallets. They keep your funds secured by private keys they own. Even if there is no external attack, what is there to stop them from claiming a hack and keeping your funds?
Solutions
It is clear that centralized exchanges in their current form are not the way forward. We might as well go back to traditional banking then. In fact, the largest cryptocurrency exchange, Coinbase, might just go this way. They have reportedly applied for a banking license.
Other alternatives include decentralized exchanges, such as those based on the 0x protocol for ERC-20 tokens. Atomic swaps between different blockchains can allow users to trade directly between different coins. Al this does not solve the problem of converting fiat to crypto. But maybe exchanging fiat for crypto is the wrong idea anyway. Why not just earn money in crypto? True adoption will mean running a closed system entirely in cryptocurrencies.