Published Jan 16, 2020
By Anthony Foy, CEO Qredo
Purchase of any asset entails a delay between transaction and settlement. While that isn’t usually a problem, when you’re trading digital assets it represents an unacceptable window of risk.
When a trade of just about any type is executed on the financial markets, there is a gap between the point at which funds are debited (or credited) and ownership of the asset is transferred. For stocks, the delay is generally T+2; for gilts, T+1. For cryptocurrency, it can be as little as a few minutes or as much as a few days. However, due to the unique nature of crypto assets, that delay – however brief – is one that invites catastrophic consequences.
The worst-case scenario for a trader is to deposit funds or even purchase digital assets, only for the exchange to be hacked before a withdrawal can be completed. This and other risks can be deal-breakers to institutional traders, preventing them from entering an otherwise attractive market.
Settlement speed vs security
Part of the reason for delayed settlement arises from the way digital assets are stored. Assets held in hot wallets can be withdrawn more quickly, but these are a honeypot for hackers. Cold storage is the digital gold standard for Bitcoin and other cryptocurrencies, but by design this prevents instant access. Moving funds securely from an air-gapped machine takes time and care. During that interval – whether funds are moving from trader to exchange or vice versa – trading cannot occur and opportunities may be missed. Worst of all, if the cold storage key is lost or compromised, as was infamously the case with Canadian exchange QuadrigaCX, all the funds are rendered permanently unreachable.
Another solution is multi-sig accounts, which distribute trust and provide another layer of security. Unfortunately, the history of crypto proves that multi-sig is susceptible to collusion, technical exploit and human error, as well as requiring that enough parties are available on demand.
“The MultisigExploit-Hacker ... exploited a vulnerability in the Parity 1.5 client’s multisig wallet contract. A fairly straightforward attack allowed the hacker to take ownership of a victim’s wallet with a single transaction.” – Hacking, Distributed
In short, even when they work, the means used to secure and transfer funds are anachronistic and clunky – and, as far as institutional traders go, barely fit for purpose. These problems span the virtual and offline worlds. No matter what measures are put in place to deter online hackers, a growing number of exchange employees and crypto holders have been targeted in person, in real-world examples of the ‘$5 wrench’ meme. Private key storage is the most vulnerable link in the chain of digital asset management and trading.
The cost of delayed settlement
While stolen or burned coins are the worst consequences of the way private keys are conventionally stored, there can also be significant opportunity costs associated with settlement that is delayed for as little as minutes or even seconds. Sudden fluctuations in the crypto markets are commonplace, and double-digit daily moves are still regular occurrences. Then there are the occasional flash crashes, like the October 2019 event on Coinbase and Deribit. That crash saw bitcoin drop and recover by $1,400 on Deribit within a single 5-minute candle. Making the most of this volatility requires moving fast – something that is impossible when funds are securely stored off-exchange.
Even an algorithmic trading bot cannot take advantage of such opportunities unless funds are held on an exchange, with all the risks that brings. And even with the fastest cold storage withdrawal processes in place, traders are held back by the limits of blockchain throughput and confirmation times. Most exchanges require three confirmations for Bitcoin before crediting funds – an average of 30 minutes (aside from the fact that unusual exchange activity often coincides with blockchain congestion, for one reason or another). This makes arbitraging between exchanges or capitalizing on such movements either dangerous or impractical.
All existing approaches to crypto settlement therefore butt up against the risks associated with handling private keys. But what if there was a way to square the circle? Why shouldn’t it be possible to apply the same model of decentralization to the storage of private keys that we do to the funds these keys secure? By rethinking the way we deal with private keys, we can close the settlement gap – and with it, the risk of lost funds and trading opportunities.
The idea that underpins every conventional crypto storage solution is that private keys must be held securely. This is a reasonable assumption, but one that is incorrect.
Cold storage aims to put keys beyond the reach of hackers; multi-sig is intended to distribute keys and therefore trust. Multi-party computation (MPC) and Zero-Knowledge Proofs can be used to build a system in which keys literally do not exist in a form that is useful to an attacker.
The Qredo Network provides a decentralized approach to cryptocurrency safekeeping. The solution offers the performance of a second-layer infrastructure to any blockchain through novel application of cryptographic primitives, run on a separate, private blockchain network – without forming a payment channel or exiting the consensus model of the underlying blockchain. This approach also provides a new and more secure approach to safekeeping, escrow and transfer by applying patented cryptographic methods that eliminate the attack surface presented by long-term storage and transfer of private keys.
To find out more about how Qredo’s new approach to crypto asset delivery can eliminate settlement delays, improve security and open new trading opportunities, download our yellow paper.