ShapeShift has recently announced that Michael Perklin has joined the team as Chief Information Security Officer.
Cointelegraph has caught up Michael Perklin and Erik Voorhees, CEO and Founder of ShapeShift, on their way from Satoshi Roundtable and asked to elaborate on some key security concerns that come with Blockchain technology.
Coming back stronger
Unfortunately, hacks are still inevitable, and ShapeShift suffered a breach in April 2016. A significant sum from the company’s hot wallet was stolen but not a cent of customer funds was lost, stated Erik Voorhees, the company’s CEO the day following the breach.
Michael Perklin was the one who conducted the digital investigation and authored the subsequent postmortem report. His successful investigation allowed ShapeShift to establish cause and secure the platform, enabling the instant exchange service to relaunch the following month. Voorhees says:
“When ShapeShift was hacked in Spring of 2016, we worked with Michael to audit and investigate,” says Voorhees:
“His expertise was matched only by our enthusiasm for working alongside him. Following the investigation, he decided to invest in ShapeShift and we are thrilled to bring him on board full-time as CISO.”
Perklin has over a decade of experience in performing digital forensic examinations, cyber investigations and incident response postmortems. He is well-known in the Bitcoin and Blockchain sector for co-authoring the CryptoCurrency Security Standard which secured hundreds of millions of dollars worth of Bitcoin, Ether and other digital assets. Now he takes over ShapeShift’s information security architecture to ensure that all of the company’s services are operating with the best practices in Blockchain operational security.
Blockchain can remove the ‘God mode’
As the digital currency movement continues to gain in scope and speed, this particular breach signified an important learning moment. It certainly allowed reconsidering models for improvement of security and preventing criminal acts making a significant contribution to the advancement of digital currency.
So, how can we secure operations and transactions over a Blockchain technology? Michael Perklin says:
“The key security measures that must be implemented in any system that uses a Blockchain all revolve around the private keys for the accounts. A lot of work needs to be done to ensure these private keys are created securely, stored securely, accessed securely, used securely and by personnel who are thoroughly vetted. These points are spelled out in the CCSS, our Industry’s own security standard that is akin to the PCI standard for credit cards or HIPAA for patient information.”
Blockchain is often considered as a game-changer having the potential to bring benefits to a variety of industries and achieve technology value outcomes that we couldn't achieve before. A number of sectors are taking advantages of Blockchain’s transparency, immutability, ability to cut out the middleman and security to develop effective solutions for sectors’ operations and processes.
Voorhees believes that Blockchain technology can fit into general discussions about security in other industries. “Security in other industries is generally achieved by someone having “god mode” or the ability to reverse transactions, change databases,” he explains. “This is what any bank or government can do with their fiat currency. Unfortunately, though entirely predictable, they abuse this power and have institutionalized theft through inflation/debasement. Both the governments and banks are complicit in this crime. To solve this problem, Blockchains remove the “god mode” such that nobody has ultimate power.”
In his opinion, however, this can create other problems, which society and technology are just now starting to solve. Thus, removing the overseer would mean that the rule-making needs to exist on a code level, which is a challenge but one which the Blockchain industry is proving can be done.
“Blockchains guarantee the integrity of data within an information system by preventing edits by other parties,” Perklin elaborates:
“Every change is tracked in a fully auditable way that ensures every change to a system’s data is atomic. This is incredibly useful for auditors and compliance officers of any type as well as accountants and investigators. Those with access to data can no longer edit it without consequence.”
Blockchain is still maturing
Many banks, financial institutions and public authorities have been exploring the potential of Blockchains for a few years now. The majority of them playing around with Blockchain and taking advantage of some of its characteristics have been very cautious using this type of ecosystem, therefore we still haven't seen any working application.
Certainly, the daunting scenarios when several exchange platforms have faced breaches and hacks might have taken at least one feather from Blockchain’s cap. Is it what is hindering a more confident adoption of the technology?
“Banks and financial institutions, as well as government agencies, move slowly,” says Voorhees. “They are just now understanding the power of Blockchains, and are beginning to work with prototypes and proof of concepts. It will take them one to five years before any of this work starts to be seen publicly. Meanwhile, a thousand fast-moving Bitcoin startups are innovating and releasing products rapidly.”
Michael Perklin argues that security is definitely one factor that can slow down the adoption of technology. However, in his opinion, it is more of a symptom than a cause.
“The fact is, Blockchain technology is very new and is still maturing. The first databases did not have proper security either but now each of them has entire suites of security features to lock down their data. Blockchains are being better understood by developers and software engineers which will eventually lead to more products with embedded Blockchains but these things take time. It took 20 years before companies realized that databases could be used to improve their business. The same is happening now with Blockchains.”
How to make digital assets unstealable
To this day, Bitcoin Blockchain, despite being open source has been running steadily with no major security problems. However, there are several components in this chain, each and every one of them deserves a special attention. Holding cryptocurrency in a digital wallet is just the same as holding a cash in a physical wallet, therefore it implies the same security concerns.
Erik Voorhees says:
“The biggest security concern is of course just the ability to make assets “unstealable” or as close as possible. Multisig technology and hardware wallets have helped immensely. We at ShapeShift are also trying to pioneer better security by simply not holding customer assets in the first place and as other companies find ways to replicate that principle the industry as a whole gets safer.”
The cryptocurrency exchanges or digital wallets are where major security breaches are most likely to happen. They manage large amounts of money on behalf of their customers so the risk here largely depends on the ability of a platform to securely hold and manage these large amounts.
Besides, you are protecting your crypto fortune with a password and it has to be secure. There is no way to reverse the fraudulent transaction to recover your savings. Is it even possible to create the most-secure-password ever?
Perhaps the better option is indeed to eliminate the need to have one. In this sense ShapeShift is a truly revolutionary platform in the Bitcoin space. As exchanging Blockchain tokens does not require creating an account, sign-up processes, emails and passwords.