Former CEO Mark Karpeles warns Mt. Gox's US$500 million loss of funds could happen again, just as BitFinex announces its own possible solution.
As Mark Karpeles expressed his concern that digital currency exchanges are still holding customer deposits, BitFinex has announced a new system designed to verifiably hold each account's funds separately on the blockchain.
'Another disaster waiting to happen'
The scale of the problem both are addressing is huge with 818,000 bitcoins being reported as stolen between 2010 and early 2014. With Karpeles being CEO of the Mt. Gox exchange when it lost US$500 million of customer deposits, his interest in finding a solution to the security issue is understandable.
Writing on his blog, Karpeles expanded on this June 1 tweet, taking time to explain more about what he sees as possible solutions to the issue of exchanges holding enormous balances of customer deposits. The Tokyo based businessman, however, also admits that this isn't a simple or straightforward problem to solve. He writes:
“I know how difficult it can be for an existing exchange to switch to a new process in terms of settlement of trades, however the current situation is nothing but another disaster waiting to happen (and that’s the last thing anyone wants).“
As well as the technical challenges of switching the how an exchange works to a whole new system, the digital currency companies involved also face increasingly strict financial regulations. In the US, the Financial Crimes Enforcement Network (FinCEN) warned that it was planning to investigate a string of these digital currency businesses for failing to comply with existing financial controls.
One solution Karpeles suggests is having some exchanges focus exclusively on trades between different digital currencies (think Shapeshift.io), thus avoiding the regulations around fiat currencies. Once free from those rules, Karpeles suggests that having an exchange's customers prove they have funds ready to trade through a signed blockchain message, could be enough evidence to open a trade whilst never having to trust the exchange with those coins.
“The crypto-currency entity could, instead of holding bitcoins, track liabilities and have their members provide proof of holding by signing messages from their addresses - or by running a wallet software where the customer-side holds the private keys.”
This decentralization of funds would prevent the type of thefts seen recently, when BitFinex lost US$330,000 of customer deposits in May from a compromised hot wallet.
BitFinex Announces 'On Blockchain' Customer Segregated Wallets
Karpeles' discussion of exchange security may have come at an opportune time for the company however, as BitFinex and
Keen to move the conversation on from their hot wallet loss, Zane Tackett, Director of Community & Product Development at Bitfinex, explains why he thinks the company's new concept may help secure customer funds more securely than other exchanges. Tackett:
“The era of commingling customer Bitcoin and all of the associated security exposures is over.
The trading community has long sought individually verifiable accounts without sacrificing security or performance. With the help of BitGo’s multi-signature technology, the Bitfinex team is very excited to be the first exchange in the world to automate Bitcoin settlements using ‘On-Blockchain’ customer segregated wallets.”
By giving customers the ability to check the exchange's reserve funds and by using a system that generates “unique set of keys for each user, and [which] separates each user’s funds on the public blockchain” BitFinex could go some way in reassuring its users that their deposited funds are safe and protected. Each customer will have their deposits kept in a segregated wallet, verifiable through the blockchain.
Stopping short of Karpeles' suggestion for a truly decentralized exchange, BitFinex's approach does however give customers the reassurance that their deposits are held separately from the exchange's main funds. A compromised wallet key would only threaten a single user's funds, although the security of the exchange's wallet generation and fund distribution system could still be problematic.
The size of BitFinex as an exchange is important to this question of improving the security of user deposits generally, as the exchange currently processes around 15% of the total global bitcoin trading volume. At the very least, having such a large player publicly address the issue and release a better solution to user fund security will increase the speed with which other exchanges make similar efforts.