listen to this article:
Blockchain breaches and cryptocurrency heists continue to change in 2019 – from the exchange hacks we know to a new, scary brand of theft from rogue insiders.
The latest victim of the rogue insider trend is Bitthumb, which suffered its third hack in two years on Friday – this time, losing $20 million USD in stolen EOS and Ripple (XRP).
Exchange hacks are old hat, as the most common form of crypto theft of the $2 billion stolen since 2017. What stands out here, however, is the reason behind it – not just your typical private key mismanagement, but the work of rogue insiders, company officials stated.
This is the second major rogue insider scandal to erupt within the past 3 months – the first being QuadrigaCX.
Human behavior cannot be predicted – but it can be safeguarded against failures. In a real zero-trust environment, good crypto hygiene and additional security measures (e.g. HSM, Multi-sig, multi-party computation) are a must; whether they can overcome the human element of rogue insider hacks depends on implementation.
In this piece, I will explore how the proper MPC deployment provides a safeguard against malicious insiders and blockchain breaches – starting with a quorum authorization scheme.
A Matter of a Mindset
Let’s assume that every crypto environment in today’s climate is a real-life zero-trust environment. This is a matter of mindset; it’s the difference between looking at the overall safety of blockchain keys from the macro level (e.g. “Are my keys safe?”) vs. looking at the tactical advantages and disadvantages of that safety method (e.g. “Even if my keys are safe, are they safe in the event of a rogue insider/sudden single-system compromise/other unexpected event?”).
The crux of the rogue insider scenario is not how keys are stored, but with whom. Here, the single point of compromise would be the human participant – ergo, the solution is to expand the participant pool so that multiple people are holding the keys – and to decrease the odds that all of them are rogue.
Enabling a quorum authorization structure to any cryptocurrency or token management system ensures that no single participant in the transaction, whether human or bot, can steal funds. In layman’s terms, a “quorum” means that at least 2 people out of many are required to authorize a transfer of funds – also known as m-of-n.
Putting Theory Into Practice
Quorums alone will not prevent blockchain breaches; employing them with a trusted third party, and a little creativity, could.
Let’s take an epistemic rogue insider example: QuadrigaCX, where cofounder Gerald Cotten is suspected to have stolen BTC, and whose fellow cofounder Michael Patryn was revealed to have a criminal history of fraud.
In this real-life zero-trust scenario, a 2-of-3 quorum may not have been enough to prevent fraud – unless a third party was brought in and a multi-tiered quorum was set up to provide an extra safeguard.
Theoretically, this would include both co-founders, plus a keyshare representing a third-party organization that, in and of itself, includes multiple stakeholders in that organization (e.g. a custodial service with multiple administrators of the same account).
Choosing The Best Quorum Arrangement
If you’re choosing to implement quorums, you’ll want the most flexible, secure, and scalable option available that will allow for:
- Easy changes between quorum participants
- Easy changes in hierarchical structures (in the event of 2 quorums or more)
- Scalability – if your business grows, if new policies are implemented for transactions, etc.
Using Hardware Security Modules (HSMs) are usually the first thought for the security sector, which is still in the hardware mindset – but there’s a catch: HSMs can be difficult to scale (more people = more machines) and can take time to upgrade in the event of sudden policy changes.
Multi-sig is another popular option. With multi-sig arrangements, quorum authorizations can extend to 3 out of 5 people – after intensive development on the chain to allow for multi-sig to be placed over what is inherently a single-signature system. Multi-sig, too, has drawbacks – due to the intensive development involved, upgrading quorums or scaling is less simple, and development is needed every time a new coin or token is added to your system.
Multi-party computation (MPC) arrangements are the clear winner for quorum authorization structures. MPC quorums can extend to as many participants and authorizers as needed (e.g. 8 of 10, 10 of 15) – the possibilities are endless. They split keys into different shares, which produce a single signature on the chain; thus, there’s no extra transaction time or processing power needed like in multi-sig.
Whatever solution a business chooses, the key to keeping blockchain keys safe is remembering that the chain is built on a foundation of zero-trust – and to finding a security provider which can scale with your business’s needs and keep up with the ever-changing blockchain market.