Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

  • Sophia Foster-Dimino
  • Connectivity

    What the Coincheck hack means for the future of blockchain security

    Half a billion dollars’ worth of cryptocurrency was stolen—that’s gotten people’s attention.

    The plunder of more than $500 million worth of digital coins from the Japanese cryptocurrency exchange Coincheck last week has added to a growing perception that cryptocurrencies are particularly vulnerable to hackers.

    It’s an expensive reminder that like many things in the cryptocurrency world, security technologies—and the norms, best practices, and rules for using them—are still emerging. Not least because of its enormous size, the  Coincheck hack could go down as a seminal moment in that process.

    This piece first appeared in our new twice-weekly newsletter Chain Letter, which covers the world of blockchain and cryptocurrencies. Sign up here – it’s free!

    First, hackers laid bare the fact that Coincheck had opted not to implement some basic security measures. The company’s executives told news reporters that the stolen coins had been stored in an internet-connected “hot” wallet. It’s far more secure to keep funds offline, in “cold” storage—often hardware specially designed for the task. Many exchanges already claim in their marketing material that they hold the vast majority of their users’ funds offline. Going forward, this will presumably become standard practice.

    With that taken care of, there’s a more weighty question on the table. Every public cryptocurrency address is associated with a private key; without it, money can’t be moved from that address. Someone who manages to acquire your private key, though, can send your money away. That’s what happened in the Coincheck heist. So how do we make the private cryptographic keys owners need to access their coins more secure?

    One answer, known as a multisignature address, is conceptually simple: a “multisig” requires more than one cryptographic key in order execute a transaction. It’s a bit like the multifactor authentication process you may use to access your e-mail account. Business partners can use multisig technology to, for example, create a wallet that requires each of them to sign off on transactions. That would make it substantially more difficult for hackers to access funds.

    Of course, multisig is not a silver bullet. In 2016, for example, hackers defeated a multisig system to steal $65 million from Bitfinex, one of the world’s largest exchanges. How exactly the perpetrators managed the feat isn’t clear, but it’s possible there was a flaw in the specific implementation.

    Should financial regulators require exchanges to use multisig technology to secure any funds they keep in a hot wallet? Japanese officials are conducting an emergency security review of the country’s exchanges, and that might be a measure they consider.

    Either way, a broader discussion about blockchain security is just beginning. Some say blockchains can revolutionize how we track a host of assets beyond just money, like land titles. Such a system might look different from the blockchain networks running today’s cryptocurrencies, but it would still rely on cryptographic keys that could fall into the wrong hands. The techniques and processes we adopt for securing them will be crucial for keeping hackers from running off with land that isn’t theirs.

    Learn more about blockchains and what they can be used for.

    Gain the insight you need on digital technologies at EmTech Digital.

    Learn more and register
    More from Connectivity

    What it means to be constantly connected with each other and vast sources of information.

    Want more award-winning journalism? Subscribe and become an Insider.
    • Insider Plus {! insider.prices.plus !}* Best Value

      {! insider.display.menuOptionsLabel !}

      Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

      See details+

      What's Included

      Unlimited 24/7 access to MIT Technology Review’s website

      The Download: our daily newsletter of what's important in technology and innovation

      Bimonthly print magazine (6 issues per year)

      Bimonthly digital/PDF edition

      Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

      Special interest publications

      Discount to MIT Technology Review events

      Special discounts to select partner offerings

      Ad-free web experience

    • Insider Basic {! insider.prices.basic !}*

      {! insider.display.menuOptionsLabel !}

      Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      What's Included

      Unlimited 24/7 access to MIT Technology Review’s website

      The Download: our daily newsletter of what's important in technology and innovation

      Bimonthly print magazine (6 issues per year)

    • Insider Online Only {! insider.prices.online !}*

      {! insider.display.menuOptionsLabel !}

      Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      What's Included

      Unlimited 24/7 access to MIT Technology Review’s website

      The Download: our daily newsletter of what's important in technology and innovation

    /3
    You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.