How to Secure Bitcoin Exchanges, or Why All Hope Is Not Lost

Last week’s

hack, in which Bitcoin’s leading exchange lost almost 120,000
bitcoins valued some $70 million USD at the time, represented a
depressing realization for the Bitcoin community. Where many had
hoped that multi-million dollar hacks and loss of customers funds
were a thing of the past, it became clear that storing bitcoins on
an exchange is still not as secure as it perhaps should be. In an
industry first, Bitfinex imposed an

Extraordinary Loss Adjustment

on all customer funds; re-opening balances this week show a cut of
about 36 percent per account.

But the hack also served as another wake-up call. Moving
forward, several technical solutions are being proposed to increase
security of Bitcoin exchanges, to hopefully prevent similar
scenario’s in the future.

Here is a brief overview of some of these possible


As of yet, it’s not exactly clear what caused the Bitfinex hack.
What is clear, is that a multi-signature set-up with

to secure customer funds failed to provide any meaningful security.
In theory, both Bitfinex and BitGo’s servers should have needed to
be compromised in order to steal any money. But in practice, BitGo
seems to have co-signed any and all transactions requested by
Bitfinex (or its hacker), offering no added security at all.

As a bittersweet gain from the Bitfinex fiasco, Bitcoin
exchanges will hopefully not make this mistake again. As pointed
out by several prominent exchanges already – including


– multisig security can offer benefits. But it must, at the very
least, be combined with other stopgaps, such as withdrawal limits
and cold storage solutions.


There are perhaps more interesting solutions on the horizon as
well. Bitcoin’s programmability in particular may allow for novel
solutions to prevent or revert thefts even after they have

This can be accomplished along several, slightly different

was an early proposal by Matthew Roberts and Elías Snær Einarsson,
while Cornell University researchers Malte Möser, Ittay Eyal and
Emin Gün Sirer very recently proposed ”



Bitcoin Vaults in particular could become a native part of the
Bitcoin protocol. To explain it in
slightly-imprecise-but-easy-to-understand-language, Bitcoin Vaults
are special Bitcoin addresses that lock bitcoins up along a
two-step security mechanism, with two different keys. Unlocking the
bitcoins would require a typical private key, much like any other
Bitcoin address. But after the initial lock has been opened, it
would take, say, 24 hours before the bitcoins can actually be
spent. And within these 24 hours, the transaction can be reverted
with a backup key, ensuring a hacker wouldn’t get the money. And if
the hacker gains access to both keys, the exchange could still
choose to “burn” all funds, thereby ensuring no one gets any money,
thus disincentivizing theft in the first place.

(Also see
this Development Mailing List thread

for more discussion on these types of solutions.)

Payment Channels


and a solution that would require no changes to the Bitcoin
protocol at all is for exchanges to set up payment channels with
their customers. Much like a Lightning Network hub, the exchange
would merely serve as a routing agent in between all users of the
exchange, with no access to customer funds.

Instead, all users would retain full control over any bitcoins
they “deposited” in the exchange. They would be able to withdraw
their balance at any time, even if the exchange is hacked. Trading
itself would require users to sign off on transactions, but since
it would be off-blockchain transactions, this could happen as
swiftly as centralized exchanges allow right now.

It should be noted, however, that this set-up would not improve
security from the perspective of the exchange itself – it would
arguably even make it worse in some ways. This is because the
exchange would have to open payment channels with all customers,
meaning they’d need to invest bitcoins in these channels. A
security breach, then, may still cost the exchange significant
amounts of funds.


Perhaps the most robust solution would be to entirely
decentralize exchanges in such a way that no company holds any
bitcoins (or fiat currency) at all; ensuring there is no single
point of failure.

While there have been prior experiments in this domain – like

– only one decentralized exchange has gained some level of traction
so far:

. Bitsquare is still very much a work in progress (the project only
launched several months ago), and some aspects are not yet entirely
decentralized; like the arbitration process. But it does offer the
Bitcoin community a working, usable and useful decentralized
exchange – with no company wallet to be hacked into whatsoever.

As a downside of Bitsquare, its usability is currently not quite
as slick as offered by centralized exchanges. The process of making
and taking offers is still somewhat clunky, and where bank
transfers are used, settlement is slow. Furthermore, in order to
prevent fraud, trading limits are lower than typical exchanges:
around one or two bitcoins depending on the type of trade. And
options for advanced trading strategies – leveraged trading, short
selling and the rest – are not available.

That said, as argued by Bitsquare developer Manfred Karrer
himself in a recent
blog post

, “There is probably much room for improvement as long as the
community focuses on the right problems to solve.”

mm – leading Bitcoin News source since 2012

Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. The information does not constitute investment advice or an offer to invest.