Category: cryptocurrency

The Bitcoin Binance Hack And The Lessons Learned

At the time of this writing it is the start of blockchain week In New York City. One of the hot topics that will be discussed has to do with the most recent Binance hack that led to $40.7 Million of stolen Bitcoin (worth 7,000 BTC at the time of the incident). This is actually not the first time Binance has been hacked, they have a track record. Despite their concern for cybersecurity, it seems their system is not really that secure. This is not to say that Binance does not take cybersecurity seriously, because they do. They implement a 2FA type of authentication which requires using either an authenticator that generates a random code or the code is sent via an SMS text message to a smartphone. It is pretty secure after the fact, yet it was foiled time and time again. At this point the best that Binance can do is to track the stolen BTC and get the cooperation of other digital exchanges to freeze the funds. We actually know which address moved the coins (The transaction was traced from this link).

Fortunately, Binance has what it calls a SAFU (Secure Asset Fund for Users) which is a way of providing an insurance to users on the exchange in case of emergency. Changpeng Zhao or CZ, Binance CEO, has guaranteed that those who lost Bitcoin from the hack will be compensated for their losses. That is good to know, but will this be the end of these type of hacks? It has already happened before, so there is likelihood that it can happen again. That is unless Binance will add new security measures that tighten their systems even more. Then that gives hackers a new problem to deal with.

Now here is what is concerning. In an official statement made by Binance regarding the hack:

“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.

The fact that it “passed our existing security checks” is a cause for concern that is what they are working to improve. According to this Coindesk article, Binance is going to do a revamp of their security system. They will certainly look into improving their API for 2FA as well as their withdrawal validation process. If a hacker can easily hack a user’s API key or 2FA credentials, you don’t really have a secure system. It was probably not an easy feat for the hackers, so now Binance should make it even more difficult to decrease the likelihood of any successful breach.

Phishing attacks are one of the exploits hackers use to get information from users. Once they trick a user to giving them that information, the hackers then use it to access the exchange. That is really all you need to do to get past Binance’s security check. Binance implements withdrawal limits for unverified users but for those who are verified, the hacker can wipe out their entire balance on the exchange.

Other ways a Binance user account was compromised can be from spyware, keyloggers or remote viewing software like VNC. Having an antivirus and cyberbsecurity software installed on a computer can help detect these malware. Another way to foil these attacks is to not keep funds stored on an exchange. Using a cold storage (not connected to the Internet) on a hardware wallet provides more security. In fact, some smartphones like the HTC Exodus and Samsung Galaxy S10 provide hardware wallet support for cryptocurrency now. For the strictest security, keep your digital assets safe in cold storage and not on hot wallets or custodial services like digital exchanges.

According to CZ:

“We are working with a dozen or so industry-leading security expert teams to help improve our security as well as track down the hackers.”

That’s right. Binance is definitely going to need more help in cybersecurity to fix this problem. Remember, it is not the blockchain that got hacked, it is Binance’s system. Binance also announced support for hardware devices with 2FA, a more secure way to connect to Binance. A system like that would require hackers to have possession of the actual hardware device. Think of this as a sort of physical key, that only gives access to the user who owns it.

The risk of a more digital world is computer hacking. Binance has been successfully hacked in the past. A user lost 2 BTC when a hacker used the credentials from their hacked e-mail address. Another hack occurred in July 2018, which was a “potential” hack that led to the theft of $45 Million of Syscoin and dumping of BTC. It was not Binance’s direct fault, but more on the Syscoin wallet. Regardless, it was a system anomaly that Binance admins detected. Binance immediately shutdown and then reset their API keys. That’s exactly what they did with the most recent hack. It seems that the answer to the problem is just shutting down and resetting everything. However, that does not solve the problem apparently.

Due to this large loss of BTC, someone from the BTC development community reached out to CZ. A suggestion was made to reorg the BTC blockchain and give back the stolen funds to their respective owners. Now the reaction to this was not good at all and thankfully, CZ decided not to do this. That would require Binance to use a “51% attack” to gain majority hashing power on the Bitcoin network to overturn transactions. The problem with this is an ethics issue because it would require Binance to get a consensus among miners and nodes on the network to support this plan. It goes against the main ideology of the blockchain, which is about decentralization and immutability. When you get a collusion of miners to provide Binance with majority hashing power, it centralizes the network to benefit one organization. This may also lead to inconsistencies on the blockchain if several bad actors try to mine on their own chain to gain control of the network. The idea that a consortium of miners with hashing power can overturn a trnsaction goes against immutability on the blockchain. It would be a terrible idea to do this.

The result of a reorg may lead to more factions in the Bitcoin community. There might even be a fork and this is not going to be good for the price of BTC as a store of value. It may even ruin the market leading to turmoil and massive sell offs as users collect their money. There needs to be a clear direction for BTC and a reorg is probably not in everyone’s best interest since it really only benefits Binance and the hacked accounts. This is not a consensus of the network’s interests.

The good thing is that the hack did not affect BTC prices. FUD didn’t lead to any massive dump or sell off, proving that there is confidence in the market. Taking care of the real problem, which is cybersecurity, is what needs to addressed. Binance vows to increase their security which is the most important feature right now for any digital exchange. Users need their funds to be safe from hackers, so this is going to be the responsibility of digital exchanges.

The Smartphone, Your Next Digital Wallet

The smartphone has become our digital Swiss army knife. We use it not only to make calls, but to send text messages, check the latest traffic conditions, get update on the weather, read the news, make electronic payments and take photos. I know people who would not survive a day unless they have their smartphone. In the Digital and Information Age, it has become a necessity of modern living.

What if you were told that smartphones can also use cryptocurrency for making payments and transactions? That would make it your digital wallet. The integration of cryptocurrency with smartphones are a precedent for mass adoption and this allows for more convenient ways to manage digital assets. It makes perfect sense if you think about it. Currently you would need a hardware wallet for fully securing your cryptocurrency from online hacking. Applying that same device on a smartphone adds more convenience and utility since it is integrated with something you use everyday rather than being separate.

Bringing cryptocurrency to smartphones is happening in different ways. All these products are targeted at mobile users. They are either directly wired as part of the smartphone’s electronics or can be installed as a DApp (distributed application). Let’s go over some of those applications.

HTC Exodus 

HTC has a special smartphone that integrates with the blockchain, to protect your digital assets called Exodus. The phone itself is great, but it is the cryptocurrency support features that is really the selling point for it. The Exodus provides the Zion Vault Trusted Execution Environment that allows users to hold their own private keys. It tries to remove the hassle of creating your own digital wallet so this is really good for beginners. You start by entering a 6-digit pin, then get a 12-digit recovery phrase and you are all set. The recovery phrase is very important in case you get locked out or forget your pin. Write it down on a piece of paper or take a screenshot of it and store it safely and securely. The Exodus also has a way to allow your social contacts to help in recovery in case something really serious happens using a feature called Social Key Recovery.

The thing to know here is that your Zion Vault is not tied to a personal account like Facebook or Google. You are your own sovereign identity of your account. Not even HTC controls it. This means that you are in full possession of your digital assets, which is why it is important that security features are in place to keep it safe from hacking or vulnerable situations. Your private keys are stored in hardware, not software, much like using a hardware wallet. This makes it harder for hackers to steal since it cannot be targeted on the network.

The Exodus is also a device compatible with Web 3.0 applications. This takes us from the semantic web to a more intelligent web. Since the Exodus is also blockchain-centric, it brings a world of innovation at your fingertips. A more secure way to trade is certainly a benefit for using the Exodus. You can be anywhere that has a connection to the Internet and use your smartphone to trade and make payments at your convenience. The added layer of security that HTC has put in place is what gives peace of mind while using it.

Samsung Galaxy S10

A cryptocurrency wallet feature has been available on the SamsungGalaxy S10model smartphone. I was confused at first at what Samsung was up to then I realized they were going to integrate a cryptocurrency wallet that will also hold private keys on the device. Much like the HTC Exodus, it aims to secure and protect your digital assets stored on your smartphone. Hodlers will be able to store their Ethereum private keys in a cold storage type of digital wallet. That means it is stored directly in the smartphone and not on the Internet. Your actual digital asset is actually always on the blockchain as a data value of your balances. Other coins the wallet supports are the Cosmo Coin and a gaming cryptocurrency called Enjin.

Samsung’s crypto feature uses an app called Samsung Blockchain KeyStore. It is limited in availability upon its first release. Not all countries where you can buy the S10 will have support for the wallet, though it is clear the feature will be available in South Korea and the US. How it expands this feature remains to be seen as it is going to be a competitor with other hardware wallets. Samsung has apparently investedin one of them, Ledger Nano as reported by Cointelegraph.

According to Samsung:

“Galaxy S10 is built with defense-grade Samsung Knox, as well as a secure storage backed by hardware, which houses your private keys for blockchain-enabled mobile services.”

It just didn’t seem to be that secure. It has reportedly been hackedalready. It wasn’t the actual digital wallet that was hacked, it was the fingerprint sensor. That does give bad actors a way to access your private keys should your smartphone fall into the wrong hands. That is some news for concern that Samsung will have to address, but the responsibility will rest on the owner of the smartphone eventually. Keeping their smartphone physically secure is still the best way to prevent this.

Sirin Labs Finney

Sirin Labs lays claim to developing the first blockchain-enabled smartphone, ahead of HTC. It just so happens that HTC was the first to release their product commercially. The Finney has a built-in hardware wallet for storing private keys safely and access to a DApp to manage your digital assets. Finney is also from an open source project that has its own coin called SRN which can be used to purchase the smartphone.

The main feature that Finney has crypto enthusiasts excited about is that it provides a Token Conversion Service, which enables automatic exchanges between supported tokens and coins. This removes the use of digital exchanges like Binance and Coinbase to convert from one cryptocurrency to another. The last I checked the supported coins on the Finney include Bitcoin (BTC), Ethereum (ETH) and Sirin’s own SRN.

Perhaps it is the robust cybersecurity features that make Finney a serious contender for blockchain smartphone. Sirin Labs claims military grade security with intrusion prevention and encrypted messaging features. This gives the Finney additional advantages in features that help in securing your digital assets.

Opera Browser

Perhaps it is the Opera browser which provides the easiest way to get cryptocurrency. It is the first major browser to provide blockchain integration with a digital wallet. At the moment it only supports Ethereum, but there are plans to support other cryptocurrency. It is as simple as installing the Opera browser on an Android device (supported) and coming to iOS devices as well. What I like about the Opera cryptowallet is its ease and accessibility. It is just one touch away from your Android screen. You don’t need to configure anything else, the cryptowallet has already been set up and ready for use.

The integrated cryptowallet in Opera is an example of a Web3 application. This brings the security of the blockchain to the openness of the world wide web. Even the web’s founder Tim Berners-Lee believes that Web3 applications are going to very useful. The benefits you get with using the Opera cryptowallet is direct P2P (peer-to-peer) payments to other people, merchants and trading on digital exchanges. You have your own bank in your browser on your smartphone. Another good thing the wallet supports are digital collectibles like ERC721 and tokens like ERC20. This makes it easy to use without having to code a smart contract on the Ethereum network.

Mobility On The Blockchain

All these applications are targeted for mobility on the blockchain. What better way than to implement it on a smartphone. There are other types of apps available now that you can install on your smartphone that provide similar functionality. They will either provide you with full ownership of your private keys, offer a cold wallet function or in some cases a custodial wallet service (your private keys are kept by the service provider). Depending on how much control you want, there is an app available for it.

It is important to remember that you cannot recover your digital assets on the blockchain if you forget your password or passphrase or do not know your recovery phrase. HTC provides different ways to recover it but on Opera if you don’t have the 12-word recovery phrase (you can find this by selecting the “Backup phrase” option) your funds are gone since Opera does not have a way to recover it for you. These are the drawbacks of having complete ownership of your cryptocurrency. 

Another use of these features are to access DApps, a collection of decentralized applications all over the Internet. Developers are building on top of the Ethereum platform in different ways. This is a showcase of the software that allows users to execute smart contracts that perform a service or to just enjoy playing games. So it provides a portal to access common DApps from Cryptokitties to DEX (Decentralized Exchanges). 

Ease Of Use

One of the main complaints new users have is that using cryptocurrency is not intuitive and user friendly. The HTC, S10 and Opera browser are providing an easy way to get on-board. It should be easy enough for everyone to use. Its usefulness can all start with being able to simply buy a cup of coffee. When more applications like these become available and easier to use, then we have greater adoption. 

New products that can quickly on-board users to cryptocurrency can lead to more liquidity in the market. As more people adopt it, there is also the growth in hype that can at times be misleading. Newbies to cryptocurrency may not fully understand how volatile the market is and what its real world uses are. For that reason, marketing these products is good for the hype. In the long run however, it is going to be whether cryptocurrency are going to be commodities needed for every day life. Then surely we already have a device we can use for it, the smartphone.

Money Is Not Paper, It Is Electronic

The most common argument people have about cryptocurrency is that it has no intrinsic value, unlike fiat currency. You will hear people say that real money is “paper”. Cryptocurrency is virtual and therefore does not exist. However, there is so much more wrong than right to these statements. The truth is money is only paper as a medium of exchange. The fact is that not all money can be backed by paper. Is it possible for everybody to have a valuation of their money in paper when they suddenly decide to withdraw their funds from the bank. It is impossible since not every bank has enough supply to dispense.

During the recent financial crises that affected parts of Europe, like Greece for example, banks controlled the money supply limiting their citizens to how much they can withdraw. This is an example of not having enough cash or paper money to dispense, but also of how little control individuals have of their own funds. In Venezuela the government just keeps printing money which leads to hyperinflation and therefore a devaluation of the local currency. Suddenly you see the price of basic commodities go up by 1,000% or more and having a million amounts to no value whatsoever.

Money’s real value is not in paper. Paper is cheap, but also not sustainable you can argue. Imagine how many trees need to be cut down to make enough paper money to back up everybody’s valuation in their bank accounts.It is a physical object which people have associated with their funds. However when it comes to storage there is simply not enough for banks to hold and distribute. That is why banks will collapse if suddenly everybody decides to withdraw their funds. Not only will they not have enough paper currency but they also cannot allow that since it will deplete their supply. Thus banks implement limit and restrictions on how much withdrawals can be made. During times of financial crisis, people are at a disadvantage. What if that money was needed to buy food and medicine, basic things for survival.

The truth is, most money is just electrons now. They are digitally stored as bits in a computer when accessed. It is just the value of someones balances that is recorded in a database. According to the Economic Times, 92% of the world’s money is now digital. We use our debit cards and credit cards to make payments. It is now even easier with Apple Pay, Android Pay and other electronic payment services. We are just adding or subtracting balances to our bank statements but there is no actual transfer of physical paper currency during transactions.

So what about cryptocurrency? It is not paper money either. It is also digitally recorded, but in a cryptographically secured immutable and transparent database called a blockchain. Today banks and other financial institutions have also gone digital, but they don’t have the main feature of cryptocurrency which is decentralization. This is what prevents banks from restricting how much money you can withdraw and how you want to use it. Banks can even freeze your account, which is part of their policy, and there is not much you can do about it.

An important lesson from cryptocurrency is the benefits of decentralization. Money should be personal and totally under ones own control. That is option of course, because there are still people who prefer to trust their finances to a third party. However if you want to be your own bank, then you have that option too when using cryptocurrency. No limits, no minimum balances and certainly no hidden fees or charges.

Most of what we do with money is now done electronically since it is digital. You can pay online as well, when it comes to car payments, mortgage, rent and even retail. Many are already using Alibaba and Amazon to purchase items online and they don’t use cash. They use their credit card as the form of payment which is all electronic. Cryptocurrency is the same but is much better and more up to date in handling electronic payment systems.

Cryptocurrency is direct P2P (Peer to Peer) meaning there is no middle man. A customer can pay directly to the merchant without clearing and settlements with other parties like banks and credit card companies. This allows instant transfer of value. This feature also makes cryptocurrency ideal for remittances from overseas foreign workers sending money back to their home countries. Banks do feel threatened since they are slow in adopting these technologies. It can actually benefit them too once they integrate it with their systems.

The road to mass adoption is dependent on its utility and regulation. The SEC in the US is trying to regulate for the most part, but the system is decentralized. There is no actual company that makes cryptocurrency, these are all projects that were meant to be distributed to a large group of users. Cryptocurrency like Bitcoin and Ethereum have no owners. They are under a core development community and foundation that support it, but the SEC cannot really go after them. There is a grey area which regulators still need to address.

So cryptocurrency is just like any other currency. It has value that is determined by the market for its demand. Bitcoin is a store of value commodity which is exchanged not with physical cash but thru electronic digital exchanges. There are no Bitcoin paper currency, it exists on the blockchain. There are many benefits for the finance industry to adopt cryptocurrency. When the time comes for the world to go paperless and cashless, when all payments will be electronic, the features of cryptocurrency are a model to follow. When the time comes that you can pay for a cup of coffee easily with cryptocurrency, we can really say that adoption is finally here.

Note: Things are evolving fast in fintech and the world of cryptocurrency. We may see more adoption come when big business allow for payments and when government’s recognize it as a medium of exchange for all or most transactions.