CRYPTOCURRENCY EXCHANGE VULNERABILITIES & THE POTENTIAL IMPACTS OF BLOCKCHAIN TECHNOLOGIES ON THE FINANCIAL SERVICES INDUSTRY
Jonathon Lawlor, Francis Cullinan, Peter O'Connor

CRYPTOCURRENCY EXCHANGE VULNERABILITIES & THE POTENTIAL IMPACTS OF BLOCKCHAIN TECHNOLOGIES ON THE FINANCIAL SERVICES INDUSTRY

Jonathon Lawlor Jonathon Lawlor

Jonathon Lawlor

IT Data Professional - Eli Lilly Inc.

Published Apr 19, 2018
+ Follow

“Blockchain - A blockchain is a digitized, decentralized, public ledger of all cryptocurrency transactions.” A blockchain is used to record transactions across many computers so that the record cannot be altered retroactively without the alteration of all subsequent blocks and the collusion of the network. Whereas traditional ledgers can be added to by anyone, and records on these ledgers can also be deleted by anyone. This reality has significantly hampered potential progress in business for one reason, trust. It is clear from looking back in history that in order for people to transact with one another and engage in financial business, a certain level of trust must exist. This has not always proven to be the case, as with the unreliability of traditional ledgers, foul play with ledger records has become a serious issue. This is where the blockchain comes in.

Bitcoin was the first major blockchain innovation. It was created as a digital experiment in a revolutionary paper by an idealist called Satoshi Nakamoto who aimed at creating a decentralised payment network. It was created during the global economic downturn as people had completely lost trust in the banking institutions. Blockchain was the underlying technology behind the bitcoin concept and people soon realised that this technology could be isolated from the bitcoin currency and used to revolutionize all kinds of organisations and industries. (Harvard Business Review, 2018)

It seems as if one mentions the word enough times all the worlds problems can be solved. The purpose of this piece is to investigate its security capabilities and that of its progeny “Crypto-currency exchange markets” (which are still technically more of a commodity) while also analysing its potential benefits in relation the financial services industry. It is imperative to note before any further investigation takes place, that Crypto-currencies, do not necessarily have a direct connection with Blockchain technology. Blockchain technology is the predominant technology which underpins these “coins”, however its success does not solely hinge on the success of such “coins”, which will be further eluded to throughout. The cost of cyber-crime breaches has quadrupled from 2013-2015, however a large portion of such crimes go undetected. Gartner Inc. reports the cost of cyber-crime is expected to reach $2 Trillion by 2019. 

Forbes reports that $4.5 Billion has been privately invested into blockchain based technologies in 2017, with such heavy investment into seemingly disruptive technology we aim to discern as to whether the technology has the capability to revolutionise cyber security and the financial services industry. 2017 seemed to be the year for Crypto-currency technologies alike, however all 2018 has brought to the table is a level of anxiety amongst investors that has been unparalleled since 2009.

Blockchain Security

A blockchain is comprised of thousands of computers around the world all trying to update this decentralised digital ledger. Put simply, it is basically a process of deciding how this decentralized ledger gets updated. Every ten minutes an update occurs. All computers (miners) compete against each other computing a highly advanced mathematical problem which is underpinned by the SHA-256 hashing function, in order to come to a possible solution. When a computer pops up and says that they found the answer to the problem. If more than 50% of the other computers agree with the solution, then that block of transactions are added to the blockchain. basically, the blockchain will completely change the way we trust. This transparency allows parties involved in a transaction to do business without having to worry about trusting each other. This will eradicate significant stumbling blocks as a result of this decentralized system. (TED, 2018)

Byzantine Generals Problem

With regards to security, the technology surrounding the blockchain has solved the long-standing problem called the Byzantine Generals Problem. A fundamental problem in distributed computing and multi-agent systems is to achieve overall system reliability in the presence of a number of faulty processes. (Konstantopoulos, 2018). With no central authority controlling these decentralised ledgers which contain high value, this gives rise to the presence of ‘bad actors’ who have significant incentive to try and cause faults. The use of the Proof of Work system in cryptocurrencies acts as a solution or means of tolerance to the byzantine fault problem. Here, a transaction added to the blockchain is authorised if 51% of the “miners” agree that the algorithm is correct. In this way, the system nullifies the effects of possible bad actors in the network who could be trying to post false transactions. 

Double Spending

Then comes the long-standing issue of double spending with digital currencies. There were many attempts made for digital currencies before the invention of Bitcoin. However, none could solve the ever-looming problem of double spending. The blockchain and Bitcoin have solved this problem. if a situation occurs whereby two transactions spend the same input into a block, the blockchain automatically rejects both in order to stop one Bitcoin from going to two different ends. Furthermore, a rejection also occurs if two different blocks receive inputs from the same Bitcoin. The blockchain automatically flags this as accounting fraud and the transaction fails (Ross, 2018). Having said this, double spending is still technically possible if at least one party does not receive payment. However, the responsibility of this lays with all parties involved.

The ethics of Proof of Work & Proof of Stake

There are certain ethical issues surrounding certain aspects of the Blockchain. One such issue involves the techniques of the Proof of Work vs. Proof of Stake. Proof of Work is the process of validating a transaction or block in a network by the process of complex algorithms to prove the correctness of the transaction. The ethical issues surrounding this process include the copious amounts of energy needed to continuously run such complex algorithms. One mining centre in particular currently has an electricity bill in excess of $1 million per month. This has a very negative impact on the environment and has drawn criticism to the process. In order to deal with this ethical issue, the concept of Proof of Stake was introduced. This is an alternative way of validating transactions. Here, a Validator is picked by the amount of stakes a validator has and the respective age of the stake. The amount of coins an individual has will have an age attached to it and if they move their coins to another address, the age resets. This encourages loyal Validators as the ones who have the oldest stakes are more likely to be chosen to validate the transaction and thus receive reward for their efforts. This process allows the building of a trusted and distributed network with loyal validators, making the network much more secure (Radhakrishnan, 2018). Furthermore, this process uses far less energy than Proof of Work. However, there is a concern that a small number of validators holding a large majority of coins may not be a healthy situation in the network.

Cryptocurrency Exchange Markets

The surge in popularity as a form of investment of cryptocurrencies has increased the market price of such coins emphatically. The repercussion of this however, is the incentives for criminals to target the exchanges where the digital assets are traded and commonly held in storage within centralized infrastructure or servers of said exchanges. Having such heavy trading being performed over relatively new platforms where governmental oversight was minimal being the reason cybercriminals who hoped to exploit these factors for their own gain have been incentivised to pursue devious methods of deception. Since their inception there have been attacks cryptocurrency exchanges with hackers believed to be probing every crypto-exchange at all times to detect a vulnerability and while some of these were successfully fended off, others resulted in theft of hundreds of millions. (Brown, 2018)

Over the years, there have been some notable hijacks of platforms, such as Mt. Gox in 2014 which was the largest hack on an exchange back in 2014 with the total loss accruing to almost 850,000 Bitcoins that were valued at $473 Million at the time.

Many large exchanges are choosing instead to outsource their security functions. Over 70% of exchanges secure their systems with the help of external security providers, including external code reviewers, multi-signature wallet service providers and two-factor authentication (2FA) service providers. Most exchanges use two-factor authentication in order to allow users gain access. 2FA is an access control mechanism that requires the user to input two “factors” or private codes such as a password and a unique one-time code, to gain access to the system or network they intend. It should be noted that this is not compulsory, it is the user’s choice whether they avail of the feature or not. Multi-signature validation is similar to multi-factor authentication (MFA). The risk in using external providers regardless of their capabilities, is the lack of control that comes with outsourcing the functions and with that the release of information to the security provider and therefore increasing the risk of the information being leaked.

As has been highlighted frequently, the human element of a security system is often the weakest-link. Often emphasizing the fact that even the most sophisticated security systems are not without their vulnerabilities to breaches. The “Coincheck” hack which took place on the Tokyo exchange, amounting to $536 million, is likely to become the seminal action in the process of increased security and regulation across the industry.

Disaster Recovery or Security Breach Policies - “Only 53% of small custodial exchanges have a written policy outlining what happens to customer funds in the event of a security breach resulting in the loss of customer funds, compared to 78% of large custodial exchanges” (Hileman and Rauchs, 2017)

Exchanges such as Poloniex hold assets within their infrastructure and servers, however they do hold both organisational and customer funds in cold storage. Cold storage can be defined as storing information or assets in such a manner that they are physically detached from the network which they are associated with, contra to Hot Wallets, where they are still connected to the network or the internet and thus inherently more susceptible to being assailed. Hileman and Rauchs, 2017 report that 92% of exchanges indicate that they are using some type of cold storage system (i.e., generating and keeping keys offline) to secure a portion of both customer and their own funds. However, they do not indicate what this portion of funds is, therefore could vary from very miniscule portions to 99%. The 8% of exchanges who are not utilising cold storage systems are still apt targets for criminals and vulnerable to attacks are always present as long as storage is connected to the internet.

Cold Storage is not without its caveats however, holding currencies on physical servers are vulnerable to thefts. According to the NY Times“Some 600 computers used to "mine" bitcoin and other virtual currencies have been stolen from data centers in Iceland in what police say is the biggest series of thefts ever in the North Atlantic island nation.” Compounding the argument that often humans are one of the most dangerous threats to cyber-security.

Disrupting the Financial Services Industry

One such industry which has already begun to adopt Blockchain technologies are the banking institutions. According to IBM, banks and other financial institutions are adopting blockchain technologies at a significantly faster pace than initially expected, with 15% of top banks aiming to implement “full-scale, commercial blockchain products in 2017”. U.S. (2018). Furthermore, IBM states that over 65% of banks are planning on having Blockchain projects implemented within the next three years. (Reuters, 2018)

Along with exterminating the issue of trust, the blockchain will positively impact countless other areas of the way we go about our daily lives. For example, buying a house could go from taking 3-6 months in some cases to happening in one day. This will save enormous amounts of money. It will make all aspects of business more efficient, providing seamless integration and real time updates.

Enter Ripple (XRP), founded in 2012 in San Francisco. Ripple focuses on a clear business case, an open source, secure real-time payment infrastructure, to replace the current slow and arcane existing one. Which differentiates it from most cryptocurrencies as it seeks to compete in the international landscape. The innate advantages of speed, reliability, and transparency of protocols such as Ripple will see them win out over conventional payment networks. Banks are taking the opportunity to join their network “RippleNet” rather than attempt to beat them before the potential situation where Ripple becomes ubiquitous.

“RippleNet” can be described as a permissioned or private blockchain, where each bank shares the information about transactions made using the network allowing each node (Bank in this case) to validate each transaction, although this may seem at odds with the current system, it provides the banks with a greater opportunity to collaborate. Whilst also decreasing the risk of audit failures and the astronomical costs associated, as all records within the blockchain are immutable. Banks such as Santander, BBVA & Standard Charter are amongst those whom have joined, however oligopoly leaders such as JP Morgan have previously condemned the technology before backtracking on their statements as they explore modern solutions.

According to studies cited in the Harvard Business Review, Blockchain-based tools could eliminate billions in fees annually. On the order of $16 billion to $20 billion, which goes on to observe that streamlining the infrastructure of finance might not be the endpoint. “By reducing transaction costs among all participants in the economy, blockchain supports models of peer-to-peer mass collaboration that could make many of our existing organizational forms redundant.”

The key take-away here however, is that Blockchain technologies and FinTech as they mature may not completely change how the financial system operates, but one thing for certain is that they have the capability to change the way these services are delivered.

In conclusion...

It is important to note that these momentous advancements made within blockchain technology have developed in a miniscule period of time, ten years to be exact. The revolutionary technology that is blockchain was developed by a small group of elite scientists, mathematicians and cryptographers. These are still early days in terms of realising the full potential and benefits possible with the use of the blockchain and once it becomes mainstream in society it will change the way we operate in every aspect of our lives.

In relation to blockchain technologies by product, exchanges, a movement toward Decentralised or Peer-to-Peer Exchanges (DEx) would greatly improve the security, reputability and reliability of currency exchanges. The concept is an emergent model that facilitates currency exchanges between users without the necessity of using a centralised exchange operator. The wallet interface acts as a secure environment for a decentralised marketplace that connects buyers to sellers. The wallet provider does not act as a central counterparty, but only provides the infrastructure for the P2P exchange. (Similar to Cloud computing’s 5-4-3 model’s P.a.a.S in a sense that they are only provided as a service.) Some wallets offer to hold funds in escrow during the trade, while others offer a built-in escrow function based on the multi-signature feature or smart contracts. This means that in the former case, the ‘P2P’ element refers only to the marketplace aspect (users trading with each other), while the latter constitutes a true decentralised exchange that lets users in control of their funds during the entire trade process reducing the risk of the funds being stolen via an in-transit breach. 

Blockchain technology is quoted as the most important technological innovations since the internet. One of the most powerful impacts that the internet had at the time was that it decentralised information. Now, blockchain will decentralise everything else and it will impact everyone, in every business and every industry. The blockchain will become the infrastructure in the background, underpinning all aspects of both business and our daily lives. But first, there must be mass industry adoption and adequate security measure’s and policies in place to ensure the longevity and ultimate success of potentially the most disruptive innovation of our generation. As with all innovative technologies arises controversy, many sceptics make the case that disruptive technologies over-promise and under-deliver. The case may be true for blockchain technologies in over-promising, and not reaching its full potential, however it has facilitated the satiation of industry needs globally.

 

Bibliography:

 

To view or add a comment, sign in

Others also viewed

Explore content categories