Shield Bitcoin Wallets From Theft Via Time Delay (#GotBitcoin?)
What if there were a mechanism that placed a time delay whenever someone spent bitcoin? Shield Bitcoin Wallets From Theft Via Time Delay (#GotBitcoin?)
The idea has been around for a few years now, and for good reason, it’s believed it could make it much harder for bad actors to steal funds from bitcoin users.
Basically, someone holding bitcoin primarily as a store of value could put it in cold storage, or hold it offline, with code that says it can be spent, but not immediately. The owner could set some pre-determined time delay on any attempt to move the coins. The fact that it has a built-in delay would give a true owner time to reverse a transaction if their private information had been compromised and someone tried to steal their crypto.
Malte Möser, Ittay Eyal, and Emin Gün Sirer proposed this feature, known as “vaults,” as a way to better secure bitcoin in 2016, but their proposal required a fork of the protocol codebase. That fork never happened.
But on Wednesday, Bitcoin Core contributor and crypto consultant Bryan Bishop sent out a design to developers to accomplish the same thing using existing code.
In an email titled, “Practical bitcoin vaults with theft-recovery/clawback mechanisms,” Bishop writes:
“Vaults are particularly interesting as a bitcoin cold storage security mechanism because they enable a publicly observable delay period during which time a user could be alerted by a “watchtower” that a thief might be in the process of stealing their coins.”
Kill Switch key
Under Bishop’s proposal, if an “unlock period” were initiated, an owner could choose to react or not react.
If the proper owner had initiated the transaction, he or she would do nothing because they actually did want to move the bitcoin to a less-secure “hot” wallet for use. But if it was a malicious transaction, the rightful owner could use another pre-determined transaction to force the bitcoin back into the cold wallet, under the same time delay.
In His Email, Bishop Writes:
“The idea is to have a sequence of pre-generated pre-signed transactions that are generated in a certain way. The basic components are a vaulting transaction that locks coins into a vault, a delayed-spend transaction which is the only way to spend from a vault, and a re-vaulting transaction which can recover/clawback coins from the delayed-spend transaction.”
Bishop’s proposal also has a number of options to address other scenarios, for more-sophisticated users.
He Told CoinDesk:
“The way I’m looking at this is there are a lot of people and a lot of exchanges that clearly cannot secure their keys. We’ve seen theft after theft. Having the ability to revoke or undo a transaction, even in this constrained environment, could be quite valuable.”
Indeed, this year has seen hacks at Bitpoint, Bitrue and Binance, among others.
“I don’t know if I’m willing to say it solves theft,” Bishop added. “That’s a strong statement, but it’s a very important tool in the toolbox.”
No Fork Required
Bishop said that his proposal would not require any kind of fork as the prior proposal did. It relies on existing time lock functions that are already built into bitcoin code.
That said, the software is not written yet. Before he makes this code available to the public, he needs to get feedback from fellow developers, write it and then test it thoroughly. So it will be a while before it’s available.
During that give and take with fellow developers, questions about making security more complex are likely to be revisted. When the prior proposal came up in 2016, one developer noted that such a proposal gives a bitcoin user more pieces of data that they have to secure.
On the other hand, since the approach requires no changes at the protocol level, it will be entirely up to the user to take advantage of it or not.
And Bishop is aware that his strategy imposes new responsibilities on users. If it gets built, his concept will also need to be delivered, he said, with a certain amount of public education material, about protecting these new tools, security practices and so on.
Once it is ready, though, the developer said he will make it freely available to any bitcoin holder who wants to use it.
Bishop said he is likely to secure much of his own bitcoin this way, once the software is ready.
Wallet Provider Blockchain.com Sees A String of Exec Departures
United Kingdom-based cryptocurrency data and wallet provider Blockchain.com has come under the spotlight after a string of exits by company employees.
Citing sources familiar with the matter, an article published by The Information on Oct. 2 claims that Blockchain’s longest-serving senior executives — COO Liana Douillet Guzmán and Chris Lavery, executive vice president of finance — are both expected to leave.
Their departures, if accurately reported, would be just the latest in a steady stream of team members calling it quits on the startup, The Information alleges.
A Series Of Swift Executive Departures
According to the report, several executives have previously left Blockchain within just 12 months of hiring. They include the firm’s head of institutional sales and strategy, its global head of institutional markets, the general manager of its flagship wallet product, global head of security and global head of policy.
In the wake of this apparent exodus, one of the Information’s sources revealed that Blockchain.com’s board had looked into what triggered the departures.
It reportedly concluded that some of the new hires — a number of whom hailed from the traditional financial sector — were a poor fit for the crypto startup’s culture. The board recommended changes to the firm’s hiring process and drawing on a wider pool of talent.
Others have claimed that despite Blockchain’s veteran position within the industry, employees perceive there to be a lack of growth opportunities and harbor doubts about the company’s business strategy.
Back on track for profitability, company says
Founded in 2011, Blockchain.com offers a free cryptocurrency wallet with a reported 40 million registered users. 14 million of these wallets have recently been active, according to a July 2019 Fortune interview with CEO Peter Smith. Yet the report alleges that raising revenue sustainably from this user base has posed something of a conundrum for the firm.
Insiders claim that initiatives such as Blockchain’s fall 2018 Stellar (XLM) airdrop and the launch of a new hardware product were both viewed within the firm as failures. A Blockchain spokesperson has firmly denied these claims.
A Difficult Work Environment
Several former employees moreover alleged that as CEO, Smith had created a difficult work environment — a claim that was again categorically refuted by both the company’s spokesperson and board member Jeremy Liew.
Two of Blockchain’s recent moves — the launch of a crypto-crypto trading product dubbed Swap, as well as the launch of its own crypto exchange, The Pit — are both now expected to put the company back on track for profitability by 2020, the firm’s spokesperson has claimed.
Formerly known as Blockchain.info, Blockchain.com is backed by notable investors such as Roger Ver, Barry Silbert’s Digital Currency Group, Lakestar, and Google Ventures, among others.
Back in fall 2018, Cointelegraph reported that Blockchain had been ranked within the top ten most “sought-after” U.K. startup employers in LinkedIn’s listings.
On Oct. 1, it is also become known that BlackRock and Goldman Sachs veteran Howard Surloff has joined Blockchain.com as general counsel.
There’s a New Way To Get Your Stolen Crypto Back
“My first loss was with CoinsMarkets. It happened when the exchange closed with our funds. I didn’t even try to contact anyone or alert any police.”
These are the words of an intrepid crypto investor – one of many who responded to a tweet asking about the lack of recourse people face when their assets are stolen in a hack, exit scam or Ponzi scheme.
There’s as much as $10 billion in stolen crypto out there in the market, according to Pawel Kuskowski, CEO of blockchain sleuthing firm Coinfirm. And he wants to give victims a fighting chance at getting their funds back.
Exclusively revealed to CoinDesk, Coinfirm has teamed up with global investigations firm Kroll, a division of consulting firm Duff & Phelps. The joint initiative being launched is called ReclaimCrypto, and combines the latest blockchain forensic techniques with the more established world of legal investigation and asset recovery.
Kuskowski Told CoinDesk:
“So far, there is no one place where victims can go and get help. It’s almost like they are pleading to get someone interested in their case. In the end, they have to work it out themselves; see about getting a lawyer, perhaps in some other jurisdiction.”
Figures on what is recoverable vary. For instance, CipherTrace, another analytics firm recently said some $4 billion in crypto has been lost this year. Kuskowski’s estimate includes historic (and as yet unresolved) events like Mt Gox, which in today’s money would account for about $1 billion.
Needless to say, Kuskowski and his team are not doing this only for the good of mankind – there are success fees levied on a case-by-case basis, he told CoinDesk, adding:
“Doing the market analysis for this product, we started by calculating the kind of top cases, where we know we could be successful and recover funds, which was about 200 cases.”
Those cases alone account for roughly $1.5 billion, Kuskowski added.
How It Works
Coinfirm’s bread and butter is anti-money laundering (AML) within crypto networks, done by analyzing the history of transactions using various smarts and big-data analytics. Similar to the likes of Chainalysis and Elliptic, it works with 50 or so exchanges and has built up a large database in this area.
Coinfirm’s partner, Kroll, takes a more “traditional” approach, which might involve producing court orders to get an internet service provider to reveal details about an IP address, or using former FBI and CIA operatives to scour the dark web for activity involving stolen funds.
It should be pointed out that Kroll is not new to crypto: The firm worked with the U.S. Securities and Exchange Commission (SEC) last year in relation to fraudulent coin offerings. Kroll also tells CoinDesk it helped track down the perpetrators in Europe of $27.8 million bitcoin theft.
If loss victims so choose, Kroll can potentially line up third-party litigation funding. This means firms that provide specialized finance to the legal market, such as Burford Capital or Therium, will shoulder the cost of people’s litigation. For this, they take about 30 percent of the recovered funds and return the rest to the victims.
Benedict Hamilton, A Managing Director At Kroll, Told Coindesk:
“From a victim’s point of view, where the police have failed to recover that money, they are not having to spend anything to get something. And no one recovers funds on their behalf without their permission. It makes the whole economics of recovering stolen funds very different – which is very exciting.”
Referring to Coinfirm as “a torch shining on the blockchain,” Hamilton said this can be extended by Kroll into the murky depths of the dark web. Kroll Cyber runs a specialist darkweb unit out of Pittsburgh, Pa., which is overseen by Keith Wojcieszek, the former head of the criminal investigations unit of the U.S. Secret Service’s cyber division.
This operation crunches petabytes of dark web data from peer-to-peer sites, said Hamilton, adding:
“With the ReclaimCrypto initiative in mind we have have been able to repurpose it so we can go into that database with a wallet string and look for any identifiers that are associated with that wallet name – perhaps a conversation over the selling of stolen credit cards or someone offering criminal services and providing that wallet as an address.”
Follow The Money
Hamilton explained that there are two paths that can be followed when it comes to a crypto investigation: figure out who did it or follow the money.
ReclaimCrypto’s objective here is asset recovery, first and foremost, since that’s what the client is paying for. But ultimately both paths lead to the same place, said Hamilton, adding:
“It is inconceivable that the investigative process would finish without us giving all the details to relevant law enforcement for them then to get the benefit of the work and lock the thieves up.”
The majority of ReclaimCrypto’s focus will be on bitcoin and ether, but will also cover XRP, BCH, LTC, NEO and DASH. Unfortunates who have lost assets can learn more here.
As for those who’ve had coins pilfered, some remain philosophical about it. “That’s life,” said the aforementioned investor, adding:
“It made me grow a lot and it’s part of my adventure in crypto.”