Taipei: Last week, before news broke about the hacking of Japanese cryptocurrency exchange Coincheck Inc., I conducted a little Twitter poll.
The results were enlightening, and somewhat disheartening.
At the end of last week, someone stole 523 million NEM coins, worth around $500 million, from Coincheck. It took about eight hours for the exchange to even notice that its wallet had been siphoned. Google the term “crypto hack" and you’ll find plenty of listicles highlighting some of the most infamous breaches, including that of Mt. Gox, which in 2014 lost around 850,000 Bitcoins.
The reason that the results of my informal survey are confounding is that the correct answer is “0." I suppose we should be happy that 30% answered correctly, but the fact that 50% chose “1 BTC less fees" shows confusion about how centralized exchanges work.
When someone buys cryptocurrency from a centralized exchange—I’m going to stick with Bitcoin (BTC) as an example—they swap fiat money for the nominated BTC. But that coin doesn’t get sent to the customer. If it’s bought from a non-exchange seller, then it comes into the exchange’s own wallet, and gets held there. A ledger entry is made, and the customer gets an IOU. If the seller is on the same exchange platform, no BTC even needs to be shifted, the exchange simply changes its accounts to note one less BTC for the seller, one more for the buyer.
The customer only actually holds the BTC if they then go through the process of sending it from their exchange wallet to another wallet, for example on their smartphone, and that usually incurs fees. Given the large amount of BTC held by just a few wallets—likely owned by exchanges—it’s clear many customers don’t bother to take possession of the BTC themselves.
That’s why hacking is such a problem. Centralized exchanges are acting as custodians for a commodity that can’t be copied or double-spent, in an environment where possession is nine-tenths of the law, and using infrastructure that offers a certain amount of anonymity.
Since exchanges, generally speaking, can’t lend out BTC, there’s no leverage. One BTC on the ledger needs to be backed by one BTC in the wallet. That’s why the Mt. Gox breach ended in the bankruptcy of what was at the time the world’s largest exchange. Coincheck plans to use its own capital to reimburse customers. To return the NEM, they’d need to go into the market and buy it back, so they’ll probably hand out fiat instead.
One obvious solution is to boost security protocols. The use of a cold wallet—one not connected to the internet—is now a common tactic. But clearly not all exchanges are practicing good digital hygiene.
Instead, I see decentralized exchanges becoming more popular. As with equity trading, such a platform is merely the place for a buyer and a seller to meet, and for prices to be discovered. The exchange can play a certain settlement and custodian role, but with blockchain technology, this can be simplified to the point of virtual elimination—atomic transactions could come into play here.
And like equity trading, liquidity is a distinguishing feature of such markets, which means that an uptake in decentralization would likely lead to a higher concentration of trading on fewer exchanges. If we’re lucky, some smaller exchanges will merge, others will simply disappear.
The other upside to such a trend is that while centralized exchanges are relatively easy to use, they also act as a kind of dark pool in that you never really know who the counterpart to your trade is and whether or not someone is front-running your order or manipulating prices. A downside is that the burden of security gets put back onto the customer, and for sure hackers will start chasing individual wallets to get at the loot.
It’s up to traders themselves to move to decentralized exchanges. With major hacks continuing, it’s only a matter of time before they make the shift. Bloomberg Gadfly