Industry News What can we learn from the DMM Bitcoin “leak”?

Having an MPC is simply not enough to protect your digital assets

In face of the growing threat of cryptocurrency theft, institutions handling digital assets are seeking effective ways to keep hackers at bay. It’s a cat and mouse game, involving multi-million dollars: each […]

In face of the growing threat of cryptocurrency theft, institutions handling digital assets are seeking effective ways to keep hackers at bay. It’s a cat and mouse game, involving multi-million dollars: each time a bank sets-up a new layer of cryptographic defense, hackers seem to find a way to crack it.

In the cryptocurrency economy, hackers are going after customers’ private keys. These keys authorize transactions to the blockchain, and since all blockchain transactions are irreversible – once you have control of someone’s key, you can essentially steal all of his or her Bitcoins, Ethereum, Ripple or any other digital currency that person is holding.

So how can these previous keys be protected? The mainstream solution employed by banks, exchanges and custodians dealing with digital assets today are MPCs: a Multi-Party Computation process, in which several independent and remote PCs are involved in the signing ceremony of any blockchain transaction.

MPC security is based on dividing each private key into shards: only by piecing together all shards, the key is revealed. The main rationale here is making life difficult for the casual hacker: break into one PC, and you have just a fraction of the key, which on to itself is useless.

MPCs seem like an effective way of protecting private keys, and various types of MPCs are indeed offered by quite a few companies operating in the blockchain cybersecurity arena. However, all MPCs share a few common vulnerabilities. Let’s take a quick look at these weaknesses that enables hackers to slip through the cracks.

The first vulnerability stems from the somber reality that any PC connected to the internet can potentially be hacked. Regardless how sophisticated its encryption is, with enough effort and persistence – a skilled hacker will eventually find an attack vector on this device. Adding one or two more PC to the MPC network simply requires hackers to add incremental effort to break into the MPC network. Once they’re in, the private keys are compromised. Game over.

The second vulnerability is related to the way MPCs manage the bank’s policies and rules. In order to approve a transaction, each of the PCs involved in the signing ceremony needs to comply with the policies and rules governing the account. These rules set the transaction cap, the frequency of maximum daily transactions allowed, and the list of recipients eligible to receive funds from the account (“whitelist”). If any of the PCs involved in the signing ceremony send out a transaction request that deviates from these rules and policies – the transaction is aborted, and the bank is notified about a possible breach. This sounds like a pretty robust safeguarding mechanism, doesn’t it? But if we look deeper at the policy mechanism, we see that policies are set by one PC in the network and communicated to all other PCs involved in the signing ceremony.

That’s the MPC’s single point of failure. All hackers really need to do is identify that “master co-signer” and simply change the policies that immediately affect all other components of the MPC network. Regardless of how elaborate and sophisticated the MPC is, once the policies are hacked, the entire system collapses like a house of cards. The hacker can, for instance, change the transaction cap from 100 bitcoins to 2,000 and add himself to the whitelist. From that moment on, he can simply drain the account and vanish into thin air.

With this inherent vulnerabilities in all MPCs in mind, GK8 takes a radically different approach to securing digital assets: it’s based on a truly air-gapped vault, which is never connected to the internet, and simply cannot be hacked (even the sharpest hacker can’t break into something that’s off the grid.) The vault is where the keys for the vast majority of digital assets are stored, with MPCs controlling just a fraction of the assets. The vault is connected with a unidirectional cable to the MPCs. This means that data can only go out from the vault, never in.

Here’s the real beauty of the solution: the policies are set within the vault itself, isolated from the outside world, and communicated to the MPCs. What this means is that there’s no one single PC controlling the transaction policies and functions as a “master co-signer”. From the hacker’s perspective, having the policies generated at the vault eliminates the single point of failure that enables him to break into the signing ceremony.

Even without the vault, GK8 has a few patented solutions to its MPC offering that makes it truly unique. MPCs are typically programmed to follow the “majority rule”: once the majority of PCs in the MPC network (usually 2 out of 3, or 3 out of 4) provide their shard of the key, the request to execute the transaction is authorized. What this means for hackers, is that they simply need to hack into one or two additional PCs to complete their takeover of the valuable keys. Yes, it takes considerably more effort, but in today’s lucrative crypto market – hackers will invest millions to steal billions. The equation is that simple. One would think, “OK, why not add 10 or 20 more PC to the approval ceremony?” While true on theory, in reality expanding the MPC network creates serious performance implications, making legitimate transactions to the blockchain slow and inefficient. That’s why the largest MPC networks in the market today typically don’t exceed 9 PCs. GK8 has a patented solution that enables to add dozens of PCs to the custodian MPC network – with no impact on network performance.

One more unique safety measure in GK8’s MPC network, is a patented solution that enables to define a mandatory signer in the singing ceremony. Our customer – a bank, an exchange or a custodian – selects one on-prem PC that has extra protection, which is required in the signing ceremony of any transaction – regardless of the number of other PCs that already provide their shard of the key. Once again, from the hacker’s point of view – this is a nearly unpassable hurdle: hack into all the PCs you wish, if you can’t get in into that one designated mandatory signer, all you’re left with is just a useless string of random numbers.

So yes, we should all work under the assumption that with sufficient effort and money, any PC can potentially be hacked. What GK8 really does is change the equation for hackers, setting up a wall so high, that climbing over it would by definition mean spending more than ever getting in return (remember: the vast majority of funds are accessed only from the vault, which is completely out of their reach).

Bottom line: MPCs are still the industry-standard for protecting digital assets in today’s cyber economy. And while MPCs come in all shapes in sizes, each offering slight variations in the way they’re safeguarding the signing ceremony, they all share common vulnerabilities: a single point of failure that controls transaction policies, and a “majority rule” that folds down all defenses once 3 out of 4 PCs are compromised.

Continue reading

GK8 Joins Forces With CaixaBank as Part of Its Innovation Program

GK8, a cybersecurity company that offers an enterprise-grade custody solution for managing and safeguarding digital assets, was selected from more than 200 companies and 28 countries by CaixaBank, the leading financial group […]

Make Your Crypto Work for You

A guide to passive income opportunities in the cryptoverse Part 1: Staking Global crypto adoption rose by over 880% in 2021, according to research conducted by Chainalysis. Prompted by low-interest rates, high […]

Cryptocurrency Crime Statistics: A Visual Guide

Ever since the pseudonymous Satoshi Nakamoto set out the case for a decentralized, trustless blockchain where everyone held their own account and transactions were verified by anyone who wanted to take part, […]