Saturday, January 27, 2018

Coincheck Hacked, NEM Stolen; Don't Keep Your Coins in Exchanges, Part 1

A few days ago the news came out that a hack occurred at the Japanese crypto exchange, Coincheck. The hack was directed at NEM coin holdings on the exchange, leaving other coins such as Bitcoin and Ripple untouched.

Naturally, this led to another decline in the price of Bitcoin, about 7%.

Any time an event like this occurs, the perception is that a crypto got hacked. Not an exchange, but the coin itself. There's an important distinction here to be made that makes a huge difference in understanding the risks involved in holding cryptocurrencies.

To understand the difference, simply think of this in terms of fiat paper notes in your wallet (U.S. dollars, British Pounds, Mexican Pesos, any of them). Let's say that you're walking down the street with your wallet in your pocket, and a skilled pickpocket fishes your wallet out of your pocket while you're distracted by something. She takes the dollars out of your wallet, and before you notice, slips it back into your pocket. You discover later that your money is gone.

Now, would you say, "my dollars were hacked?"

No, of course not. Your dollars were stolen from your wallet. Wherever it is that they've gone to, the dollars still exist, the wallet still exists, and neither of them have been altered in any way. It was just that the dollars being in your wallet, which was in your pocket, did not offer sufficient security to prevent the dollars from being taken out of your wallet against your will.

The problem wasn't with the dollars. The problem was with the location you had them stored and the level of security if offered.

Bitcoin and other cryptocurrencies work in the same way. The nature of the blockchains that back all of them eliminate the possibility that the system driving them can be hacked. This is due to the distributed nature of these networks and the insurmountable cost involved in taking over enough computers on the network to hack the blockchains, which makes it more profitable to join the network as a miner than to try and attack it.

What gets attacked are exchanges, which you can think of as a big closet full of wallets. When someone hacks an exchange, it's like they picked the lock on the closet door, and they simply have gained access to the wallets inside the closet, giving them the ability to remove money from those wallets and place it in their own somewhere else. The stolen coins, the wallets, and the blockchain behind them function like they should, there is no alteration to the code or an exploit of a bug within it. The problem was the "lock" securing the exchange, which is code that has nothing at all to do with the blockchain of the stolen coins, it is a completely separate system.

How do you defend against this? It's actually pretty simple to do, but I'm going to leave the details of that for tomorrow's post, basically because this could get pretty long, and because I haven't eaten breakfast yet and I'm starting to feel a little light headed.

Just to leave you with a taste, here's the address of one of my Bitcoin wallets. You can actually look into my wallet and see how many Bitcoins I have in it.



Why the hell would I show this to the world, you might be asking. Well, because the world can already see it, if they have the "wallet address" (which you now do), and there's no way for anyone to take anything out of it anyhow. All anyone can do with this information is put more Bitcoin into my wallet (and doing so will make you feel awesome!). Because of how I have these Bitcoins stored, no one can access my wallet to send Bitcoins from it to somewhere else.

How this works I will explain tomorrow.

No comments:

Search Paul E. Zimmerman.com

Disclosure Policy - Privacy Policy
jenna jameson chasey lain tera patrick briana banks sunny leone lanny barby stefani morgan savanna samson monique alexander cassidey