by Liam J Kelly
There’s no shortage of surprise in the world of crypto: Massive price swings, big corporate sponsorships, layer two protocols, and, of course, hacks. Since Bitcoin’s inception, the space has been plagued by technical bugs, user inexperience, as well as malicious agents hoping to leverage a still burgeoning technology in their favor.
To get a better idea of who’s working against these individuals, BTCManager spoke with Ethereum architect Oleksii Matiiasevych from Ambisafe about ethical hacking, his history in patching vulnerabilities, and the case for decentralized exchanges.
Vulnerabilities in 8 Top-rated Cryptocurrency Exchanges
On March 22, 2018, a massive vulnerability was unveiled on the top 50 cryptocurrency exchanges. As it involved the Ethereum blockchain, Oleksii Matiiasevych and the Ambisafe team were a few of the first to react.
It began as a simple procedure to determine whether exchanges had adequately integrated the blockchain’s specifications. In this particular case, users interested in withdrawing ether would be pulling from a centralized exchange’s wallet. As such, the withdrawal wouldn’t necessarily be pulled from the first deposit, simply from the available stockpile.
Very little concern was placed on FIFO procedures, and from this lead, Matiiasevych determined that interested parties could fraudulently increase their account balances before proceeding to withdraw hefty sums of ill-gotten ether. With a background in software testing, Matiiasevych ran a handful of simulations to test his hypothesis.
“At first, I detected one possible way for accounts to be compromised. We notified all the exchanges where this vulnerability was found and, just in case, sent a report to around 200 other exchanges that might have potentially been affected by the same bug,” recounts Matiiasevych.
The responses from various exchanges were mixed. Matiiasevych explained to BTCManager that “A few exchanges reacted quickly and made the changes. Some didn’t believe us or said they just discovered the same bug on their own and others simply didn’t respond.”
The White Hat Group’s Charitable History
This swift action wasn’t the first that the group performed either; in July 2017 the group was also responsible for alerting, correcting, and ultimately helping to patch the Parity wallet hack. While malicious agents subsequently walked off with $32 million in spoils, the damage could’ve been much worse minus Matiiasevych and Green’s quick response.
The event generated such heat that claims for another hard fork paraded the Ethereum community leading Vitalik Buterin to comment on the matter.
Does anyone else notice how literally the only people calling for a hard fork or chain rollback right now are concern trolls? https://t.co/b1jL1UFX8a
— Vitalik "Not giving away ETH" Buterin (@VitalikButerin) July 19, 2017
I demand my ETH back. @VitalikButerin chain rollback is imminent. We must hard fork now!
— Joshua Unseth (@junseth) July 19, 2017
Decentralized Exchanges and Smashing the Honeypot
The Parity vulnerability was, of course, nothing more than a hiccup in the timeline of an emerging technology. Centralized exchanges, however, provide a much different solution: Instead of sitting on their fingers, investors, day traders, and amateur speculators have decentralized exchanges at their disposal. While this advent has only recently gained traction, it’s for good reason. Refer quickly to the Mt.Gox, Coincheck, and, most recently, the Coinsecure hack.
Each of these historic moments in the rise of cryptocurrencies could have been reduced to a blip on a security report if users were leveraging the same peer-to-peer technology underpinning the very asset itself.
Although Matiiasevych and Co. managed to deflect this most recent hack attempt, he agrees that this attack vector “was only possible via centralized exchanges” and that exchange operators “just want to get a coin listed rather than worry about how the technology works.” This latter point refers to the poor integration of Ethereum’s blockchain by the exchanges mentioned above.
Understanding decentralized exchanges like Ambisafe’s Orderbook, 0x, Airswap, WAVES, Cryptobridge, Radar Relay, and Bisq means understanding Nick Szabo’s phrase, “Trusted third parties are securities holes.”