In the light of the recent Coincheck hack which resulted in theft of over $500 million in NEM (XEM) cryptocurrency, the ongoing debate on the importance of decentralized solutions is taking another turn highlighting issues such as the vulnerability of ‘traditional’ centralized platforms and users having to sacrifice the control of their private keys in return for convenience and ease.
What is more, centralized platforms are not only subjected to increasing governmental regulations, but also heavily depend on the decisions made by those who run them.
One doesn’t need to go too far in search of proof: things like these can be seen playing out in countries like China, South Korea, or India with all that pressure from the state officials, or at popular platforms like Coinbase or Bittrex collecting tons of personal information and imposing strict verification rules.
Despite their own flaws, something the EtherDelta incident last December demonstrated, and the lack of liquidity compared to the more popular platforms, decentralized exchanges (DEXes) thanks to their nature seem to have an upper hand when it comes down to issues like privacy and security.
Surely, there are points for debate, like the domain server that people access to use some web-based P2P platforms could indeed be centralized and thus be vulnerable to censorship and other attack vectors.
However, a typical DEX can be accessed only after downloading a special client supported by multiple nodes. This way it is never controlled by a single entity – there’s no single person controlling the marketplace, nor is the platform supported by a single server. Instead, it runs on a network of nodes which means an attacker would have to compromise at least half of those nodes to control it.
Bisq, the platform formerly known as Bitsquare, is among the leaders in this growing segment, and if there’s a person who knows everything about what a decentralized exchange is about, that surely would be Chris Beams, a co-founder and one of the main brains behind the project.
ForkLog: Hello Chris, what is your take on the recent Coincheck story?
Chris Beams: Unfortunately, these thefts are quite predictable. Coincheck may be the latest and largest among them, but it won’t be the last. Their lesson is always the same: if you don’t own the private keys, you don’t own the coins. If your coins are sitting in an exchange account as you read this, let this be your wake-up call. Go download a proper wallet and withdraw your funds into it now. Buy a Trezor and educate yourself about how to use it.
Thefts like the one at Coincheck are perfectly avoidable for those who do the work to keep their funds secure. There are no excuses or second chances in the crypto world—don’t let yourself become a victim!
ForkLog: Are decentralized exchanges really important from that point of view and what role in your opinion they could play in the future of the crypto industry?
Chris Beams: Today, decentralized exchanges occupy a small but important niche in the larger crypto ecosystem. They satisfy the needs of users who understand the critical importance of security and privacy in bitcoin (and other cryptoasset) exchange transactions. The niche is small because the set of well-informed users is small by comparison to the very large number who have been getting involved lately.
As the number of people who understand the importance of security and privacy grow, so too will grow the niche for decentralized exchanges. Thefts and hacks of centralized exchanges are a part of that learning process. They help to educate newcomers—all too often “the hard way”—about these topics, encouraging them to find a better way to exchange. When they do, they find out about decentralized, peer-to-peer exchange networks like Bisq, and begin to use them.
In the wake of the Coincheck hack, we hear the usual calls for tighter regulations on centralized exchange companies to ensure that user funds are not at risk. Ultimately, though, the solution to the problems posed by centralized exchanges is not to make them more regulated, it is to make them obsolete. Decentralized exchange networks are how we do that, but it takes time. Building properly decentralized systems is hard—much harder than building centralized ones—but Bisq is one such system that already exists, and it’s growing and getting better every day.
ForkLog: Do you have any advice to the traditional players regarding security and other aspects of running a crypto exchange business?
Chris Beams: Not really. My understanding is that the NEM stolen was in a hot wallet, which is a classic mistake, and they don’t need me at this point to scold them into doing it differently in the future. There are plenty of things that can be done to mitigate the risk of theft, and Coincheck now has 500 million reasons to look into them. I’m sure they will.
But while security risk can be mitigated to a degree, what cannot be mitigated at all in most cases is privacy risk. Almost all centralized exchanges have to collect personally identifying information about their users in order to comply with financial surveillance laws like AML/KYC in the United States. There is no mitigation strategy here, because the companies are forced to collect the information, and are forced to hand it over to governments when they ask for it.
This is a fundamental and ultimately fatal flaw in the centralized exchange model. Today, users have even less awareness about the privacy problem than they do about the security problem, but that will change too as governments get more aggressive in their attempts to collect tax.
In most jurisdictions, there is no way to operate a custodial centralized exchange and protect users’ privacy while complying with the law. So if I were going to give advice to “traditional players”, I’d say get busy innovating and finding ways to preserve your business model without having to take custody of user funds. I wouldn’t envy that task, and I think they’d still be playing a losing game, but they might get to play it a bit longer that way.
ForkLog: How are things are going with Bisq in general? Recently, you’ve had the latest client release, what new does it bring? What other plans and hopes do you have for 2018 and beyond?
Chris Beams: Things are going well! Bisq has been in production for nearly two years now, and trading volumes have grown steadily throughout. It’s a great time to give Bisq a try.
We did recently ship a new release of the Bisq desktop client—v0.6.5—and we tend to ship them every few weeks now. Each release includes a variety of features and fixes, but a general theme lately has been around improving usability and the overall user experience. We now have dedicated contributors working on this area, which is really exciting.
Our most important effort right now is growing the community of contributors to Bisq. Bisq operates as a DAO, or decentralized autonomous organization, where contributions of all kinds—not just code!—are eligible for compensation. Contributors start out working on bounties, and can eventually take on dedicated roles. If you’re interested in getting involved, or just want to learn more, check out the document. It gives an introduction to Bisq, lays out our current challenges, and details how we’re bootstrapping the Bisq DAO.
Ultimately, Bisq’s mission is to provide a safe, private and censorship-resistant way to exchange bitcoin for national currencies. We think this this mission is vital to Bitcoin’s long-term success, and while we’re proud of how far Bisq has come in that mission so far, there is still a long way to go. So whether you simply want to use Bisq or also want to contribute to it, welcome! We hope to see you on the network soon.
Chris Beams was interviewed by Andrew Asmakov