Are your cryptocurrency tokens safe? Part 3 of 3: Online wallets and exchanges
Why choose an online wallet, what is the role of an exchange, and how does a decentralized exchange work?
Part 1 of 3: The basics
Part 2 of 3: Hot and cold storage & Splitting and sharing keys
Part 3 of 3: Online wallets and exchanges
Online wallets and exchanges
So far, we have gone through how to store cryptocurrencies on your own. However, there are also companies that offer to protect cryptocurrencies for you, in so-called online wallets. An online wallet is exactly like a regular wallet, except it is stored in the “cloud”.
The wallet can be opened in your browser or in an app. There are many different providers of wallets. Some reputable ones are Copay, MultiBit HD, Bitcoin Core etc. You must log in to get access to your wallet. The provider stores your keys and sends code that executes all operations to your web browser/app.
Your keys are encrypted with a password of your choosing, and you have to trust that the provider does not steal your key or gives it to somebody else.
The advantage of online wallets is clearly that they are highly practical. You do not need to install anything at all, and it works on all devices.
The disadvantage is obviously that not only do you have to trust the provider; you also have to trust the security of the provider. Should anyone hack the provider’s service and steal all of the keys, you will lose all the funds you had in your online wallet.
Using online wallets, therefore, is a little bit like putting all of your eggs in a honey jar. A provider of wallets is in a way a money bin with thousands of wallets - in other words, a fairly attractive target for attackers. Thus, it may be a good idea to do some research on how the provider operates prior to choosing the online wallet. Ideally, the provider should have a solid team of security experts, even though that in and of itself does not guarantee that your funds are safe. An online wallet can be regarded as a hot wallet. Therefore, store small amounts that you would be comfortable having in cash in a physical wallet.
Common wallets
Hardware:
The Trezor is designed to enable signing of online transactions and to function as a cold storage device at the same time. This makes the Trezor a highly practical unit that gives you the best from both worlds: high security and good usability.
Mobile:
Copay was originally developed for BitPay. It supports personal and shared wallets, and it also has its own testnet. Copay has Bitcoin Wallet Service, which supports multisignature. It also has a simple and user-friendly user interface. The weakness is that you have to trust that Copay actually shows you real transactions and not simulated ones.
Desktop:
MultBit is a simple wallet that quickly synchronizes against the network and thus can “get to work” quickly. It has an easy user interface and supports multiple languages. It is ideal for the not-so-technical user. It is vulnerable if the PC on which you are storing your wallet is compromised by malware or becomes compromised in the future.
Web based:
Coinbase focuses on user-friendliness and is web based, which means they are also easily accessible. They also have an Android app as well as integration with several American banks. Be aware that by using this service, you are handing your private keys to Coinbase.
Online Exchanges
Exchanges let you trade Bitcoin with fiat currency (USD, GBP, EUR etc) and in many ways function as banks. They accept Bitcoin deposits against a promise that you will get them back when you ask for it, also called IOU (I owe you).
On an exchange, you can:
- Send and receive Bitcoin
- Buy and sell Bitcoin for fiat currency
- The exchange matches people who wish to buy Bitcoin for fiat with people who wish to sell Bitcoin for fiat.
- The quality of price is determined by how big the spread is between buy and sell orders. A good exchange has good liquidity and a low spread.
Buy orders and sell orders. The current price is always where these two meet.
So, what happens when you buy Bitcoin on an online exchange?
Let’s say you have an account on a Bitcoin exchange and you have 10,000 USD and 20 BTC. You then place an order to buy 2 BTC for 2,500 dollars each = 5,000 dollars in total.
Your buy order will now hopefully be matched with a corresponding sell order, and if everything works out, your new balance will be displayed as 22 BTC and 5,000 USD.
Notice that at this point there have been no changes taking place on the blockchain. The only thing that has changed is that the promise to give you 10,000 dollars and 20 BTC is changed to 5,000 dollars and 22 BTC.
One advantage of using an exchange is that you can easily exchange from fiat to crypto currency and vice versa. The disadvantage is the same as with any bank, but primarily is comes down to the following three layers of risk:
1. Bank run: When everyone runs to the bank to take out their money at the same time, the bank does not have enough liquidity to cover all the withdrawals. You thereby risk not getting back your bitcoins when you ask for it. In such cases, it is also a risk of a panic outbreak and that a snowball effect makes the situation worse. Worst case, the bank goes bankrupt and you lose all of your values.
2. It is a scam or a Ponzi scheme. The owners could potentially be dishonest and are only trying to build a good reputation in the short term, so as to acquire a solid base of customers. When they reach a certain point and have enough money, it may become worth it to try and run away with all of it in the right moment. The owners may also have good intentions to begin with, but become corrupted by the allure of big money right in front of their noses.
3. A hacker attack from external or unfaithful people: Attackers could break into the systems and steal the keys and all the bitcoins. Now, even though you are promised to receive 22 BTC upon request, the bank has 0 BTC and cannot hand BTC to anyone. It is often these incidents that are referred to as “Bitcoin has been hacked” in newspapers and so on. It is not the Bitcoin protocol that has been hacked, but a Bitcoin exchange that has been hit by a hacker attack and lost all of its bitcoins when the hackers got access to the keys.
All of these things have already happened to one or more exchanges, and it will happen again. Therefore, be careful how much you store on an exchange. Remember that Bitcoin exchanges are not regulated and insured the same way as a bank. For instance, the authorities will often give support to banks who become insolvent and even guarantee to cover large chunks of the depositors’ money. This is not the case for Bitcoin exchanges!
One piece of advice, therefore, is to look at the exchange in question and find out if they can prove that they have the fraction in reserve that should function as a guarantee for your deposits, as well as how big this reserve is. Stay away if the fraction is too low, or if the exchange does not want to declare such information. By using the blockchain, a Bitcoin exchange can easily prove what its fraction reserve is, completely voluntarily and without any form of third party regulator,
Having said that, it comes with enormous risk to lend out cryptocurrencies due to its volatile nature. Most crypto exchanges thus have 100 % in reserve, but this is likely to change as the volatility becomes more stable.
Decentralized exchange (DEX)
BitShares, the technology behind BitGate, offers a decentralized exchange, which has big advantages compared to the traditional centralized version. A centralized exchange issues IOU tokens. Thus, you do not buy actual bitcoins; you buy a representation of bitcoins that the exchange promises to pay you when you request it.
The main tasks of a centralized exchange are as follows:
- Receive cryptocurrency and issue IOUs
- Receive fiat currency and issue IOUs
- Redeem IOUs
- Process the order book
The first thing that characterizes a decentralized exchange, is that the order book is moved to the blockchain, so that everyone can read it and update it. The purpose is to separate the issuer of IOUs from responsibility for the order book, as the combination of the two often leads to centralization and increased vulnerability. It usually comes with a lot of friction to move funds from one exchange to another, and what we see with Bitcoin exchanges is that “the herd” gathers where the order books have the lowest spread and the most depth.
When we separate the two, everyone will trade on the same order book, whereas issuers can operate through a so-called gateway. A gateway handles bullet points 1 - 3 in the list above, whereas the order book is handled by the protocol. As opposed to a centralized exchange, the IOU is transferred directly to the customer’s wallet. Thus, through different issuers/gateways, you may trade PoloniexBTC against KrakenBTC or PoloniexUSDT against KrakenBTC. Now how does one prevent the market from centralizing around a few IOU tokens? And how does one “translate” value from two tokens that have different regulatory considerations and trust profiles?
BitShares has so-called smartcoins, which are locked to the market price of a certain asset, e.g. a currency or a commodity such as oil or gold. For instance, bitUSD has a 1:1 relationship with USD and is secured by BitShares’ own currency BTS, in so-called credit for difference (CFD) smart contracts. Smartcoins are dependent on governments and centrally governed entities and are thus the link that can comprise a universal order book that everybody can use, without having to expose oneself to a counterparty risk.
Since there can only be one blockchain, there can only exist one global order book for a selected market. A global order book enables streamlining through a smaller spread as well as maximum liquidity, responsibility and revision. Coincidentally, BitShares is open 24/7 365 days a year.
On the BitShares platform most assets can be represented as a value. If someone wants to trade gold against truffles, the person who wants this market, can set it up without asking for permission from a centralized exchange. BitShares also supports stocks, funds and indices. A company can in fact issue their own shares if they wish to do so.
You can trade whatever you want, when you want, and as much as you want without withdrawal restrictions, as opposed to centralized exchanges where you often have to submit more and more documentation in order to increase the withdrawal limit.
However, the even bigger advantage is the security. When a centralized exchange gets hacked, this affects all users, and tokens worth millions get lost. If one succeeds with an attack on the decentralized exchange, only one user will be affected. Having said this, the user is the one mainly responsible for the security. You still need to protect your keys, but you can be assured that it is not going to happen due to bad data security on the part of the exchange.
BitShares smartcoins are secured 100 %, as opposed to banks and centralized exchanges, which only operate with one fraction in reserve as collateral. Every smartcoin is secured with BTS in smart contracts on the blockchain. Thus, there are no private keys that can be stolen or hacked. All orders are executed with the same speed. Therefore, it is not possible to prioritize some orders over others. This creates equal terms for all.
Conclusion
Blockchain is still a very young technology. Therefore, you have to be very cautious as to how much money you invest. Never invest money you cannot afford to lose!
Many blockchain projects sound very promising, and the developers can guarantee that all is safe and secure. However, the reality is that blockchain projects are a little bit like Space X projects. We are attempting to send rockets to space and get them to safely land on earth again. Many of these rockets will explode on the ground, and some will crash before they end up succeeding.
It takes time for a technology to mature and integrate into society. The Internet has been in development for several decades, and we are now reaping greater and greater benefits from it. Blockchain is still a technology in an early phase, and is perhaps where the Internet was in the early ’90s. Vi have just gotten email (Bitcoin), but it is still not quite intuitive … not until “Hotmail of blockchain” arrives in a few weeks/months/years!
There is a lot of room for innovation when it comes to user friendliness, bank services and insurance. One of the problems with Bitcoin and cryptocurrency in general is slow adoption of mainstream users. Before this happens, it must become easier to access cryptocurrency at the same time as the level of security is maintained. Purchasing a wallet for 150 dollars or learning techniques for moving transactions from an offline PC to an online PC, is not exactly enticing to the average Joe. However, we can be sure that this will be solved in the future. There are plenty of people working in the blockchain sector, and many exciting and promising projects are under development.
Internet was not user friendly in its early days either, but then came the web browsers, and then applications such as Hotmail, Amazon, Google and Facebook. For blockchain we predict a similar progression, and that companies equivalent to the ones mentioned above will emerge and revolutionize the industry.
By Pål Taule Bentebråten
Edited and translated by @Ola-Haukland
For @Bitspace AS