Noelle Acheson is a veteran of company analysis and member of CoinDesk’s product team.
The following article originally appeared in Institutional Crypto by CoinDesk, a newsletter for the institutional market, with news and views on crypto infrastructure delivered every Tuesday. Sign up here.
Open pretty much any mainstream financial media source and it’s hard to feel cheerful. Economic growth is slowing. The yield curve is flattening. Trade tensions are tensing. There’s plenty for an institutional investor to fret about.
Yet none of those worries are top-of-mind for institutional investors these days when it comes to their crypto investments. Along with most of the blockchain sector, they’re more engrossed in the drama unfolding around the death of the CEO of a Canadian crypto exchange.
In case you missed the story on CoinDesk, the CEO of beleaguered Canadian crypto exchange QuadrigaCX, which was already in trouble because of frozen accounts, passed away unexpectedly in India in December. Leaving aside the suspense over the encrypted laptop, the debated existence of cold wallets and the exact role of the chihuahuas in all this, the attention-grabbing detail is that he apparently was the sole keeper of the password that could access client funds. When he died, he took the password with him.
On the surface, it doesn’t look like this has much to do with institutional investment. The exchange was not exactly geared up for rigorous checks and oversight. But its fate, and that of its clients, points to a fundamental truth about crypto investing for institutions, one that both colors allocation decisions and shapes emerging infrastructure.
It’s this: The crypto market is the only market out there at the moment where operational risk is greater than market risk. And this highlights both crypto investing’s weakness and its opportunity.
Readers of this newsletter know that every week there’s positive news about infrastructure development for institutional transactions. Sometimes it’s a listing or a launch, occasionally a partnership or merger, and the array of items usually comes together to create an impression of constructive evolution.
Often the news is security related. Licenses are sought after and awarded, which implies greater oversight; compliance processes are boosted, which reassures regulators; and new products and services stress tighter security, which addresses market concerns. The general tone is one of raising overall standards to meet institutional expectations.
Obviously, these moves (and plenty more like them) are necessary. The nascent crypto market is still largely unregulated, as official institutions around the world wrestle with the choice between fitting the new asset class into existing obligations, or creating new ones.
Meanwhile, institutional investors do not like ambiguity when it comes to processes. Few can afford the risk of fines or public embarrassment as a result of not having retroactively complied with rules when they eventually emerge.
What’s more, businesses built on new technologies are generally feeling their way along the development curve. As anyone involved in cybersecurity knows, it’s almost impossible to foresee and protect against all possible attacks. With traditional securities, there is generally some recourse or walk-back. But most cryptoassets are still bearer securities, which implies a whole different level of custody risk.
This unique condition of the crypto market is not a disadvantage. On the contrary.
First, the “progress principle” and its impact on motivation is well documented. The tangible and identifiable steps forward in sector development engender a constructive atmosphere, which brings in even more brain power and keeps the momentum going, regardless of price movements.
Second, the focus on security highlights the market’s youth as well as its potential. While improving the security of crypto holdings may seem like a basic beginner step, the chance to participate in the creation of a new asset class is rare.
What’s more, the risk-return profile of cryptoassets as a whole becomes even more asymmetric as the operational base of transactions – the technology, regulation and quality of market participants – continues to evolve. And the bear market is giving a much-needed breathing space for the construction to advance, the security to improve and investors to become even more familiar with the fundamentals.
This entry-level progress sets the stage for more sophisticated risks as the market matures.
To many this may rhyme with the well-known song of parenting: We focus on making our young feel secure, so that as they grow they have a solid emotional base from which to deal with what life later throws at them.
While extremely painful to many, the lessons learned from QuadrigaCX’s lax security and almost non-existent governance are an important part of this evolution. Beyond the unwelcome education, serious mistakes serve to highlight vulnerabilities, focus attention and hone priorities. This makes the sector stronger.
Meanwhile, crypto infrastructure continues to evolve, and any interest that has been scared away will return as the sector’s increasing professionalization calms concerns over operational vulnerabilities.
Eventually, institutional investors in crypto assets will be able to get back to doing what they do best: fret about market risk, and take positions accordingly.
Collapsing house of cards image via Shutterstock
If hackers felt like it, they could split bitcoin in two.
It wouldn’t even be that hard, according to research from 2017. Thanks to insecure technology underpinning the internet, someone with the right credentials could exploit the Border Gateway Protocol (BGP) by faking their identity and confusing the network into sending floods of data somewhere it shouldn’t. “The internet’s biggest security hole,” as it’s been called, has been used for everything from snooping on government emails to stealing cryptocurrency.
As far as splitting bitcoin, the attack is as bad as it sounds. If executed successfully, one chunk of the network would be completely sliced off from the other. No one could communicate and send transactions to people who are a part of the “other” network.
That’s where researchers from the prestigious Swiss university ETH Zurich hope to help. As described in a new white paper, they’ve invented a relay network called SABRE that they hope will one day be built on top of bitcoin.
With the same name as the curved blade common in the Napoleonic era, SABRE sounds like it would be used to slice bitcoin in half. Instead, it hopes to do the opposite. Rather, the planned network would (metaphorically) wield a saber against impending attackers, stopping them in their tracks.
Eth Zurich computer network researcher Maria Apostolaki told CoinDesk:
“SABRE is a small relay network whose nodes are strategically located such that they remain connected to each other and connected to as many regular nodes as possible, even in the presence of a AS-level adversary that hijacks traffic.”
This network would “render the partition ineffective,” she said.
When SABRE is used, the risk of a split goes down, the researchers claim. Without SABRE, it’s possible for an ISP to attack and partition bitcoin with only a “small” routing attack. But, according to the researchers’ simulations on a group of five nodes, there’s only a 3.1 percent chance probability of the attacker could hijack the network and partition it. The probability also decreases as the number of nodes increases.
To be presented at The Network and Distributed System Security Symposium this month, the proposed layer is the result of years of research. Apostolaki has been researching this specific issue since 2016 since “blockchain applications are very common nowadays making research on their routing characteristics very impactful.”
The attack strikes at the root of the internet.
Every time you click a webpage, you’re unknowingly using BGP, an internet protocol that helps get data from Point A to Point B. Say you want to get to CoinDesk.com. Your computer doesn’t necessarily have a direct link to the server storing that website, stored in, say, New York City.
Rather, millions of nodes make up the internet, which are divided into groups called “autonomous systems” (ASes), each managed by a single entity known as an Internet Service Provider (ISP). ISPs then connect companies to the internet, such as Comcast or the like. BGP helps your request for CoinDesk.com determine which ASes to jump through to get to get the webpage and pull it up on to your screen the fastest. (It sounds like a lot, but all of this happens in the blink of an eye.)
The problem is, hackers can trick other nodes using the protocol that they own certain resources they don’t really own in order to divert internet traffic essentially anywhere they want.
That’s why it can be used to access data the attacker isn’t supposed to be able to see – or to steal cryptocurrency, as hackers have done several times in the past, by using BGP to redirect traffic from bitcoin miners to themselves.
ETH Zurich’s researchers say it could be particularly harmful for bitcoin.
Apostolaki told CoinDesk:
“An [AS] level attacker can partition the bitcoin into two disjointed components by first hijacking and then dropping traffic exchanged between them.”
The paper explains that “any” AS-level attacker could isolate half the bitcoin mining power by hijacking just 100 prefixes.
But ETH Zurich researchers think they can prevent the attack with a so-called “relay network.” SABRE is a proposed network that would be managed by one entity, providing bitcoin nodes with an “extra secure channel” for moving blocks across the network.
This network would consist of a variety of nodes with IP addresses (an ID number that lets other nodes find and connect to them) that are publicly known. That way, any bitcoin node can connect to them. And a bitcoin node needs to just connect to one of them to take advantage of its capability for keeping it connected to other nodes.
So, why can’t the attack just switch targets and fool the SABRE nodes instead? The researchers propose a little hack: They only place the SABRE nodes in “cherry-picked” ASes with certain characteristics that make them harder to hijack.
“So, the [central] idea on their work is that if you run a relay network with nodes on diversely placed /24 announcements, it’s much harder for a route hijacker to disrupt it,” explained long-time Bitcoin Core developer Gregory Maxwell, discussing the idea in the IRC chat channel “bitcoin wizards.”
The research is convincing. Or, at least, reactions from at least one skeptical bitcoin developer have been rosy.
“At least it’s doing something different that makes sense,” continued Maxwell, who’s often critical of proposed changes that might have negative consequences for the blockchain.
In an email to CoinDesk, Braiins and bitcoin mining pool Slush Pool CEO Jan Čapek argued that “[SABRE] is an interesting insight into BGP hijacking issues. It solves the bitcoin network partitioning problem and can be applied to other [peer-to-peer] networks, too.”
However, he’s not convinced a “large-scale” attack is very likely, partly because “there are many redundant ways” bitcoin nodes are connected already. “Many nodes form global clusters interconnected via VPN channels. We now have Blockstream satellite that provides an alternative way of broadcasting blocks via a satellite link,” he explained.
He hopes the underlying problem – BGP – will also one day be addressed.
That said, Čapek said Slush Pool would be happy to connect to the SABRE network, should it get “industry-wide consensus.”
Since it would be immediately helpful for mining pools to adopt, it would prevent their miners from losing mining rewards, Apostolaki told CoinDesk, she expects to see some adoption soon:
“Given the practicality of routing attacks I do believe that SABRE will be at least partially deployed.”
Fencing image via Shutterstock
At an event in New York on Thursday, crypto enthusiasts broadly agreed that the ICO, as it was during the hype cycle of 2017, is no more.