Secure custody of digital assets is an ongoing concern for crypto users everywhere.
Recent high-profile hacks, resulting in hundreds of millions of dollars of losses, have shaken the crypto world. Executives in police custody, withdrawals halted. These events are a calling for cryptocurrency exchanges to strengthen security measures.
Rest assured, on Liquid, our state-of-the-art MPC technology ensures assets remain secure at all times.
Big Hacks, Big Crypto Losses
One of the largest hacks in history belongs to an unregulated Tokyo-based exchange called Mt. Gox, which accounted for over 70% of BTC transactions. Hundreds of thousands of Bitcoin were drained from the exchange between 2011 and 2014. This series of attacks became the largest cryptocurrency heist that has ever happened, with customers losing an estimated $460 million in value at the time.
A more recent case involving compromised Bitcoin, Ethereum and ERC-20 hot wallets led to the theft of over $250 million of assets from the unregulated KuCoin exchange. This hack resulted in irreparable harm to many aspiring project tokens.
The Coincheck hack in Japan reported in 2018 was also attributed to poor hot wallet security, resulting in an estimated loss of $500 million at the time.
Hot wallets pose considerable risk. Traders must implicitly trust the exchange to safeguard their assets from external, and internal, threats. Unregulated exchanges provide few assurances around the security and integrity of their platform and staff.
Ask yourself these basic questions
- Is your exchange regulated?
- Does it have a physical address? Do you know where it operates from?
- Do you know who is operating the exchange, and does it suffer from key-man risk?
- Does your exchange make it clear how customer assets are stored?
Similar hacks to those mentioned earlier could have been prevented by improving wallet security to address both external and internal threats.
Encryption is easy. Key management is hard.
Private keys and Public keys are the foundation of every blockchain network. If you want to send cryptocurrency within your wallet to another wallet, you will need your private key. Exposing private keys is fraught with risk:
- The Private Key is stolen by a Villain or insider, granting unlimited access to funds in the wallet.
- The Private Key is misused by a Villain or insider in ways not intended by the owner of the digital assets.
- The Private Key is lost, or the key holder is detained. Funds in the wallet are lost, forever.
- Blockchain transactions are considered immutable and irreversible. There are no do-overs.
Safeguarding access to private keys is therefore of paramount concern to how an exchange operates and serves users.
Keeping your funds safe with Liquid MPC Technology
We are committed to continuously improving our security standards in order to protect traders’ interests on our exchange platform. Internally we measure wallet service levels in minutes and seconds. KPIs are reviewed on a weekly basis to ensure we continue to provide the best user experience possible while using the Liquid exchange platform.
We always strive to constantly improve our security posture by consulting experts and investing in leading technology solutions, while simultaneously improving user experience and service levels. Since 2018, Liquid has invested thousands of Engineering hours and substantial financial resources developing our native MPC-based crypto asset management platform. Along the way, we have consulted with leading figures in the field of cryptography, security experts & ex-government employees responsible for data security at agencies with 3 letters.
Improving wallet security while maintaining exemplary customer service levels at Liquid relies on incorporating secure Multi-Party Computing (MPC) wallet technology. In MPC, multiple parties participate in mathematical computations, but the details among them are never revealed to each other. MPC is also referred to as keyless technology: if the private key is never revealed then it cannot be stolen. A single private key is replaced by a distributed MPC key which consists of encrypted shards that are never reconstructed.
The inherent nature of MPC technology where the private key (PK) is sharded & encrypted means that PK material is never exposed in the clear. MPC technology leverages Shamir's Secret Sharing algorithm to solve the first problem. First published in 1979, this novel secret sharing approach has been battle-tested by governments and industry over many years.
The use of signing "quorums", which govern how many approvers are needed to authorize a transaction, effectively addresses potential misuse and key-man risk. Each quorum consists of a group of authenticated people and devices, all operating in isolation. Within each quorum, Liquid imposes multisig policies, which supports the use of risk-based policies for protocols such as Ethereum that do not natively support multisig.
Signing policies themselves have been cryptographically sealed, making it impossible for anyone — either inside or outside of the Liquid organization — to modify signing rules without consent from all quorum members.
Our MPC-based wallets have undergone rigorous internal risk assessments as well as external and internal penetration tests in order to evidence their high level of security. As we leverage state-of-the-art MPC technology, the private key does not belong to a single entity. Nobody has access to the reconstructed private key, including the employees & executives of Liquid, hence it is not available for a hacker to steal.
Compared to MultiSig, MPC technology has notable advantages in terms of technology and security. In addition to signing on-chain transactions, Liquid's MPC technology also enables applying quorum based signing to off-chain transactions. Furthermore, MPC allows for key shares to be refreshed on a regular and on-demand basis. With the "ledger agnostic" flexibility offered by MPC, Liquid's digital asset management platform can support rapidly evolving blockchain technologies with minimal interruptions and high service levels for our users & partners.
Your assets are safe with us and will always be. Start trading now on Liquid.
All guest authors’ opinions are their own. Liquid does not endorse or adopt any such opinions, and we cannot guarantee any claims made in content written by guest authors.
This content is not financial advice and it is not a recommendation to buy or sell any cryptocurrency or engage in any trading or other activities. You must not rely on this content for any financial decisions. Acquiring, trading, and otherwise transacting with cryptocurrency involves significant risks. We strongly advise our readers to conduct their own independent research before engaging in any such activities.
Liquid does not guarantee or imply that any cryptocurrency or activity described in this content is available or legal in any specific reader’s location. It is the reader’s responsibility to know the applicable laws in his or her own country.
Providing liquidity for the crypto economy.