In face of the growing threat of cryptocurrency theft, institutions that manage digital assets are seeking effective ways to keep hackers at bay. It’s a cat and mouse game, involving multi-million dollars: each time a bank sets-up a new layer of cryptographic defense, hackers seem to find a way to crack it.
In the crypto economy we live in, hackers are going after customers’ private keys. These keys authorize transactions to the blockchain, and since all blockchain transactions are irreversible – once you have control of someone’s key, you can essentially steal all of his or her Bitcoins, Ethereum, Ripple or any other digital currency that person is holding.
So how can these previous keys be protected? The mainstream solution employed by financial institutions dealing with digital assets today are MPCs: a Multi-Party Computation process, in which several independent and remote PCs are involved in the signing ceremony of any blockchain transaction.
MPC security is based on dividing each private key into shards: only by piecing together all shards, the key is revealed. The main rationale here is making life difficult for the casual hacker: break into one PC, and you have just a fraction of the key, which on to itself is useless.
MPCs seem like an effective way of protecting private keys, and various types of MPCs are indeed offered by quite a few companies operating in the blockchain cybersecurity arena. However, all MPCs share a few common vulnerabilities. Let’s take a quick look at these weaknesses that enable hackers to slip through the cracks.
One would think, “OK, why not add 10 or 20 more PCs to the approval ceremony?”. The problem here is that expanding the MPC network creates serious performance implications, making legitimate transactions to the blockchain slow and inefficient. Hence, the largest MPC networks in the market today typically don’t exceed 5 PCs.
With these inherent vulnerabilities in all MPCs in mind, GK8 takes a radically different approach to securing digital assets: our solution is based on a truly air-gapped vault, which is never connected to the internet, and simply cannot be hacked (even the sharpest hacker can’t break into something that’s off the grid.) The vault is where the keys for the vast majority of digital assets are stored, with MPCs controlling just a fraction of the assets. The vault is connected with a unidirectional connection. This means that signed transactions can only go out from the vault, never in.
On top of the unique vault, GK8 has a patented solution that enables to add dozens of PCs to the custodian MPC network – with no impact on network performance. This is far more than just safety in numbers: the ability to add dozens of automated co-signers to any MPC network changes the equation for hackers, setting up a barrier that climbing over it would by definition require spending more than ever getting in return.
In recent months, cryptocurrencies are becoming a mainstream asset, held by a growing share of households around the world. One sign for this trend is the overall increase in the value of Bitcoin and other major digital coins, fueled by regulatory changes that authorize banks to start offering crypto-based services.
Despite growing customer demand for digital assets, many banks still hesitate to jump on the crypto bandwagon. It’s understandable, considering that as much as $4.5 Billion in crypto were stolen in 2019 alone. That’s exactly why it’s so critical for banks to implement a robust end-to-end platform that mitigates hacker attacks that can result not just in loss of digital assets, but also in severe reputational damage.