Crypto is fragile
Hi frens,
If you’re interested in investing crypto assets, you should have heard a saying of “not your keys, not your coin.” However, most people still love using CEX (Centralized Exchange) and assume it’s as safe as New York Stock Exchange (NYSE). No, it isn’t.
Bybit Exchange suffers from the most devastating hack in history, losing $1.5 billion. The vulnerabilities lie in supply chain attack at Safe Wallet (multisig with smart contract wallet) and poor internal controls with blind signing of Ledger hardware wallet. You may wonder, how come smart contract wallets and hardware wallets become vulnerable? Isn’t the “decentralized” blockchain supposed to protect our crypto assets?
To understand how decentralized blockchain and security work, you just have to go through each step of sending a transaction.
Using the DApp through web or native app interface. In this step, you trust the interface without being compromised. There are all traditional web security.
Signing a transaction, with private key inside crypto wallet. That’s why private key or mnemonic phrases are the only proof of ownership. In this step, you trust the wallet provider, including generating, storing and using the private key of the wallet, and showing the messages to be signed correctly.
Broadcasting the signed transaction to the blockchain, with RPC (Remote Procedure Call) node provider configured in the crypto wallet. In this step, you trust and delegate the jobs to the RPC node provider.
Blockchain nodes execute transactions or smart contract functions. Only here we have the decentralized blockchain ecosystem that ensures transactions are processed correctly. However, this applies whether the execution aligns with your true intent or is manipulated by bad actors to produce unintended outcomes.
See? It looks like trusting the tool for crypto assets is more difficult than trusting some people from the banks or CEXs would do all the customer services or recover the losses for you.
Ultimately, people in the modern society often need to trust and delegate some jobs to make their lives easier. Trust forms brands. However, trust should be earned, relentlessly. In the crypto market, there have been some dominating players, ex. Safe Wallet in the multisig smart contract wallet market, MetaMask in the software wallet market, Ledger in the hardware wallet market. We deserve a more competitive market.
Your friend,
Denken