How to prevent the Bitfinex theft from happening again? The vault solution can do it

One of the largest Bitcoin exchanges, Bitfinex, was hacked, losing a total of 119,756 BTC, which is worth nearly $60 million. For reference, the largest physical bank robbery, the Dunbar armored car robbery in 1997, only cost $28 million in today's dollars. So, Bitcoin bank theft is what we are going to talk about today.

Some say the Bitfinex heist is the first major Bitcoin theft in a year and a half. This is completely wrong. ShapeShift was hacked earlier this year, and Cryptsy was hacked a little earlier. And of course, there was Mt. Gox before that, and Poloniex and countless others. The list of major Bitcoin heists is too long to list here.

It is clear that the default low-energy state of any exchange is a depleted husk, a graveyard of dreams, and a sad reminder of the unreliability and insecurity of our computing infrastructure. There is nothing special about Bitcoin - we have all seen banks, even central banks, being hackable. While regular banks can track funds and reverse transactions, the irreversibility of Bitcoin makes Bitcoin exchanges lucrative and soft targets. The resulting stories, such as someone losing all their savings of the past twelve years because their Bitcoins were stolen, are truly heartbreaking.

root cause

It is too early to unravel a chain of causes from the ashes of the Bitfinex disaster. No doubt there will be some who will blame government regulation for intervening, fining, and rectifying Bitfinex’s operations. But in my opinion, the government intervention was quite minimal. First, the government fined Bitfinex a paltry $75,000, equivalent to 3 months salary for a developer who didn’t develop some necessary key management structures for 3 months. Second, the government determined that Bitfinex did not hold their funds in a master omnibus account, but in multi-signature accounts registered by each user at Bitfinex. Essentially, the regulator wanted to see that each coin was sent to an individual, rather than all in one big pool. This little accounting was required by the regulator, who generally seemed to be clueless and disappeared from view when the security measures were implemented. Then, all decisions regarding the protection of private keys fell on Bitfinex’s side.

Based on its credibility, Bitfinex did transfer the funds to a multi-signature account protected by BitGo. Bitfinex placed the user's private key in BitGo and requested a second signature from BitGo when funds needed to be transferred.

If one were to make a blind guess, one would suspect that the hackers gained access to the private keys held by Bitfinex, plus access to BitGo’s API to instruct BitGo to sign the withdrawals. Additional subterfuge may have been used to circumvent BitGo’s daily withdrawal limits.

Robbing a Bitcoin exchange is pretty clear. You don't need to wear stockings, carry guns, and carry sacks to rob one of these modern fancy banks. You don't need to take hostages, shoot guards, or jump out of a plane in western Washington in a suit. The show is pretty simple, and the script kid can post a tag on the security mailing list with new targets and launch a new attack from his dorm room. Of course, some nation-state hacker groups (numbering in the thousands and with crack licenses) can launch such attacks while eating lunch.

What can be done

It looks like it's time to do something.

Bitcoin’s irreversibility is absolutely essential for its intended use case: merchants you don’t trust to engage in non-state-sanctioned commerce. So Bitcoin can never be forked, lest it lose its special and hard-earned reputation for facilitating the dark web.

One option suggested by bitcoin developers is to try a soft fork, where miners block the thieves from moving the funds and allow Bitfinex to double-spend the coins, reorganizing the blockchain so that the theft never happened. This is conceivable because bitcoin mining is so centralized today. But the idea doesn’t work because the math is biased in the thieves’ favor for a long time. Yes, bitcoin miners do control which transactions get into the blockchain, and yes, someone can bribe miners to reorganize the blockchain. But thieves can bribe miners more because they don’t have to pay for a retroactive reorganization of the blockchain. In the extreme, miners and thieves could split the loot. It’s like a bet that experimental psychologists like to play with college students, where the psychologist offers a student $20 if the student can make an offer to his or her partner, and if the partner accepts, the student gets to keep the rest.

Another option is to bargain with the hacker. This conversation has to happen in public, through social media, which will be very embarrassing. It is very stupid to negotiate with someone when you have no bargaining chips. The last time a hacker accepted such an approach, he ended up being sued. Just like the psychology experiment, if the hacker offers you $1, you should accept it, otherwise, you get nothing.

A real solution

Perhaps what is needed here is a scheme that does not undermine Bitcoin’s all-too-critical irreversibility when dealing with strangers, but allows someone to recover his funds in the event of a hack.

So how does this solution work? This seems fundamentally conflicting. There is no definition of a 'hacker', so an unlimited revocation mechanism will necessarily break irreversibility.

But there is actually a solution.

Let's say I designate some of my funds to be stored in a specially marked cold storage account, or let's call it a vault . When a payment is made, I need to transfer the funds from my vault to a regular wallet, and the time it takes for that transfer to happen is, let's say, one day. Merchants will never accept payments directly from a vault; they use regular Bitcoin addresses, and payments are made in the usual irreversible way. But what's special about a vault is that it has two keys. One is used to unlock the vault and transfer the funds to a regular wallet. The other key is called a recovery key, and it's used if you notice that your funds have been hacked and the hacker has moved them out of the vault. You can then use your recovery key to reverse the hacker's transfer - you have 24 hours to notice the hack, initiate a recovery, and get all your funds back.

Note that you cannot fool a merchant with this trick and recover a genuine transaction. All you can do is get your own money back from someone who tried to steal it. It's a very clever scheme if I may say so. Like someone should do a study on this scheme.

In fact, someone has already worked on such a scheme. That person is Malte Moeser, Ittay Eyal and myself. Our paper on this was presented at the peer-reviewed Bitcoin workshop last February.

But the world of Bitcoin is caught up in an endless block size debate. The idea of ​​a vault is barely discussed. Various groups have only worked on various roadmaps around scaling, which is considered Bitcoin’s Achilles’ heel. Well, a little-known fact is that Achilles has two heels, and so does Bitcoin: scaling and security. Vaults solve the latter problem, and they do it in a clear way that aligns with Bitcoin’s use case.

Additionally, the beauty of a vault is that even if an exit scam or insider attack results in theft, the vault will still work. In fact, the vault makes these attacks less likely to occur.

So, good luck to those who lost money on Bitfinex. Hopefully, we won’t see another Bitcoin exchange heist until we have security measures in place for Bitcoin.