Don’t be a fearless warrior if you ever need to trust them with your money. Photo by on rawpixel.com Unsplash Digital currency exchanges and the question of trust Over the last 4 years, the digital currencies worth more than $1 billion have been disappeared in major thefts, all of which are accused of deliberate hacking attempt consequence. Many crypto enthusiasts will never forget the day exchanges like or halted their business. It’s when you woke up in the morning not seeing your familiar arbitrary chart but a plain “404 Not Found” section, a public apology, and sometimes a vague explanation for the so-called “theft”. Mt. Gox Coincheck Deterring asset theft scenarios as above from happening again is something we cannot achieve since the entire cryptocurrency market has been trapped in an infinite loop of securing a platform and hacking into it. Hackers are not going to stop, they have seen exchanges nothing but the holy grail of their life — whoever seize an exchange secures a millionaire retirement. The vast majority of exchanges wield ultimate control over our account, they know us, but we barely know them. We are in the market for money, so are they. We entrust our asset to them, on the other hand, they are not. Simultaneously, centralized exchange platforms especially unregulated ones are fragile. Firstly, it’s the limitation in design that makes them a : when hackers seize an exchange, they not only seize the asset but also information of thousands, even millions of people. Secondly, being unregulated means exchanges are not obligated to adhere to security best practices i.e. they don’t need to hold clients’ accounts. Single Point of Failure asset and their asset in separate Try to remember the last time your exchange asked you to fill out that Know Your Customer form, and you uploaded an image of your passport/ID. What if the exchange was hacked and not only your Bitcoin but also your identity fell into the wrong hands? You probably cannot imagine a stolen identity is selling for a mere $21.35 on the black market. Finally, have you ever wondered why you trust the exchange service you are using even if they are not willing to disclose their office address? What make us trust in them? Ten years ago, cryptocurrencies like Bitcoin disrupted the way we sent money and became a better version of bank wire. Bitcoin introduced blockchain concept to replace ( so we no longer need any trustworthy middle parties like banks to facilitate a transfer from A to B. distributed trust centralized instituions-based ) trust Centralized model and Distributed model. Image courtesy of regisburin People were so excited to adopt the new technology. Then the demand to exchange between fiat money and cryptocurrency surfaced, so did the wild speculation trend. Almost everyone wanted to own Bitcoin but not everyone know how to maintain their own and , furthermore, trading between parties was too risky and inefficient because it happened (off-chain) of any particular blockchains. wallet address private key outside the scope On-chain transaction: a Bitcoin transaction was signed using the private key & broadcasted online, irreversible in the blockchain. To resolve the issue, society have to utilize the one more time by sending our trade intentions to an exchange service who then among counterparts. An essential part in such process is we have to deposit our asset under their umbrella for them to facilitate the transaction. Therefore, willing or not, we put our trust in them from there, assuming they will fulfill their obligation as the middleman. centralized trust model aggregate the prices and match them Will our trust ever be exploited? Since “trust” is purely about belief, I would argue that anything involve trust could be exploited in many ways whether it is a computer system or a relationship. There is a reason that any formal deal need a contract, isn’t it? We fill our mind with cautions as we experience the dark side of life, y, at the same time, we are weak at defending ourselves against similar risk in the new contexts. For instance, given no difference between and , a person who got phished by an anonymous online investment scheme in the past is still likely to trust an anonymous exchange who does not even reveal their leadership identity. Theorists have been investigating such phenomenon for years and here is what they found in layman’s terms: we fail at the same trap all over again because . most of us do not get to adulthood without having been burned by people who we regarded trustworth anonymous unknown identity we feel guilty if we don’t trust people In regard to our the relationship with an exchange as client, let’s take a deeper look. In hacking accidents Aside from hacking accidents are unfortunate and often come with a catastrophic loss, you should have noticed the following “format” appears in almost news reports: exchange platforms being portrayed as victims. Hacked exchanges are the first ones to announce on What, When, Where, and How the thefts happened, but most of us will never figure out the real Why. They make all sort of claims like . which mean we may interpret as they have de facto immunity in the accident. hacker identity is anonymous, traces are limited, stolen funds are transferred to an wallet whose owner is unknown..etc Check out the BTC-e case to gain an extra example on how they blame in such turbulent times. However, if you have ever been in the same case, try to recognize this truth: Make no mistake, I am not implying that hacked exchanges are lying, but the right to give a doubt on something is an essential step to keep your asset safe in foreseeable cases. clients often have no solid evidence to validate all information the hacked exchange is giving out . Volume manipulation Irrational is embedded in human gene and it influences our preference regarding anything. Just like we often believe that brand-name aspirin is more effective at treating headaches than generic aspirin (disclosure: It isn’t so), when it comes to commit ourselves in new services we tend to trust our instinct by going with the bigger names. It turns out many exchanges also share the same view with us. . But instead of pursuing organic growth, unethical exchanges aggressively inflate themselves with non-existent volume using the tactic known as . To address the massive new comers — who often have no prior investment experience but willing to invest their entire saving into the crypto market, exchanges try positioning themselves as established names wash trading , Sylvain Ribes goes in depth to reveal how exchanges fabricated their volume using a mathematical model. He called the phenomenon “a crypto-plague” and just as much as I do, a predictor of future unsavory behavior. OKex — an exchange platform which is the no.1 ranked by volume of several trading pairs is the main offender in the story. The following exchanges are also listed for possibly provided untruthful numbers: Huobi, Lbank, Exx, RightBTC, CoinEgg, Zb, BitZ, Bibox, CoinEx, BTC-Alpha, HitBTC, and Binance. In a recent story published on Medium You may not like doing math but the below table is an obvious evidence that you should take good care of narrative based on publicly unaudited data. OKex data, and estimated % fake volume. Flawed policy Since data under single entity control is if the custodian has poor internal policy, no custodian is perfectly safe to entrust our digital asset. One example is the recent in which 50 million profile data was breached. vulnerable Facebook scandal case (Cambridge Analytica) How Aleksandr Kogan leveraged Facebook to gather over 50 million profiles. Obtaining data of Facebook users without their consent from the outside is an arduous task given the are in place and Facebook hired to safeguard their database; but from the inside, Aleksandr Kogan had leveraged his position as the application developer to gather unauthorized data with ease. advanced security systems talented personnel Using the social network’s Requesting Permission function, Aleksandr Kogan requested his fellow users (who gave him permission to access their profile for a harmless quiz app) to allow him to know about the profile of their Facebook friends. The naive 270,000 people clicked on the button, and Facebook believed it was alright when someone was willing to share their friends profile to the third party so they lifted off the data restriction. As a result, Facebook handed over 49,730,000 profiles of people in its database to Aleksandr Kogan regardless they did not give permission to him. Allow The horrifying detail is but they did nothing about it. This is how trusting someone or some system in which you are not fully aware of how the system operate in detail could backfire on you — an eye-opening analogy for us to reflect on because Facebook knew about the loophole in many years digital currency and Facebook profile are equivalent in a common sense (digital data) so digital currency could be stolen in somewhat identical scenario. Strengthen our trust The confidence in most exchanges are at all time low. Selecting an exchange we can trust wholeheartedly is a tough job, and personally I have dropped that idea long time ago given many have been shown to be unethical. It also explain why there is a trend which people seek to trade while still maintain asset under control, but moving towards the decentralized exchanges (DEX) might not an answer yet. For now, DEX is not the feasible option for mass adoption because most DEX suffer severe constraints like lack of fiat support and poor liquidity. They are far less attractive compared to centralized exchanges. Even modest ones like CEX.io or could outperform any popular DEX in terms of volume. Qryptos.com 24h volume between some decentralized exchanges and smaller centralized exchanges — & CEX.io. Data source: Coinmarketcap (4.4.2018) Qryptos.com Since fiat and liquidity issues are multifaceted problems, achieving high liquidity & fiat support while forking from centralization is almost impossible, especially during the time no bank want to deal with anonymous brands. I believe for DEX to progress further, it needs another 1–2 years for new stakeholders to appear and help them unleash their potential, until then we could witness a robust DEX taking the main stage. After all, crypto enthusiasts like us cannot escape the reality that centralized exchanges are a clear dominance in our available options. It’s hard to imagine how the market will workout when people are obsessed with uncertainties once fund had left their wallet, and they realize most exchanges are dodgy; but I can definitively tell you that as time goes by, we will witness following problems of centralized exchanges continue to unfold: Questionable security system Fraudulent manipulation Flawed client protection policy Therefore, for an informed investor to trust, any trustworthy exchange should at least satisfy the following three criteria: Prudent security practices Reasonable intervention Audit-able policy The trickiest part of all, however, is how to objectively evaluate an exchange when we don’t have an insightful, insider view about their operation. In a broader sense, the criteria are only useful once it is enforceable on the exchanges. Perhaps the missing piece to resolve the issue is to check whether the particular exchange is regulated — . only then we could safely assume an exchange is operating in our best interest “When you have an unregulated exchange, the ability to manipulate prices goes up significantly,” said SEC Chairman Jay Clayton. Risk When making an assumption, how much risk we should embrace depend on the jurisdiction of an exchange. We need to consider the risk since regulatory agencies, despite having recognized their shortcoming in protecting the public against crimes make use of blockchain, were not able to carry out law in the same fashion. Thus, jurisdictions where regulation is not fully implemented mean that confidence in “regulated” status should be weighted accordingly. More specifically, among the G7 countries, only Japan has the comprehensive framework to regulate both ; even big guys like Uncle Sam is stepping in with his hands tied as he lacks to oversee from federal level but still has , or the E.U will not execute a full-fledged regulation program unless , but they do grant exchanges like Coinbase an license. cryptocurrency and cryptocurrency exchanges on a national scale coherence between SEC, FinCEN and CFTC state-specific law for businesses the threat is big enough electronic money institution Final words on attitude Last year, I were blown away when Japan reveal world’s first in-depth , and I’m in the same feeling again after FSA proves they are . According to most public report, Japan want to take above anything else. regulation scheme watching exchanges very carefully a proactive stance to protect the consumer, I have no concise explanation why they possess such attitude, ; but I believe having such attitude in the crypto world seems to work out in the long run when people shall invest more as they feel protected. may be after influential exchange hacks they are forced to calm the chaos, or may be it relates to the unique culture where they generally seek for sense of control before trusting a stranger Finally, even you don’t need a regulated exchange, always doubt the exchange you are using because if they have proofs for whatever they claim to be, it’s the sign they are in the game for the long run. Don’t be a fearless warrior. Don’t keep all of your digital asset on a single exchange.
