Masks meant something different one year ago when I posted the highly popular “Happy Halloween - Audit Status of Canadian Cryptocurrency Exchanges”. Since then,
- We’ve had 20 more cryptocurrency exchange incidents globally.
- Canadian exchanges have seen massive progress - in at least a couple of exchanges.
- We’ve seen the collapse of Einstein which took millions of dollars more from Canadians. And we saw the OSC crackdown on the inflated trading volume on CoinSquare.
Blockchain provides the full ability for exchanges to prove asset backing, yet we continue to have to guess which platforms are backed. In an effort to help Canadians find the exchanges which are most transparent, we divide platforms into 5 categories:
- Dead Platform/Incidents - For fun, and to help illustrate the risks, reviews of past platforms that collapsed or lost funds in Canada. No disrespect to the real losses of Canadians who worked hard for their money.
- No Verification Found - A platform that doesn’t appear to give any indication of any auditing or internal controls. You may want to avoid these platforms, but sometimes these are just because this information is not available easily.
- Apparent Verification - I was able to dig and locate some sort of claim or indication that they were being audited. Of course, most of these don’t mention who specifically is performing the audit, what is actually being checked, and/or anything about the verification process. In one case, this verification is severely out of date.
- Full Backing Report - In order to meet these criteria, the platform has to have undergone a process where full backing of customer assets was verified by a third party within the past year. A report needs to be published including the verification process and that the third party has verified full backing (or what level of backing). While these are pretty compelling, it doesn’t stop a dishonest platform from excluding customers, tricking the audit process, or colluding with the third party in various ways.
- Proof of Reserve - This is a cryptographic process that includes public wallet addresses, signing of transactions, and a public hash list or Merkle tree to allow customers to validate inclusion. Together, these three criteria demonstrate that funds exist on the blockchain, are spendable by the exchange, and fully back crypto assets of all customers who check. Combined with a financial audit, it’s the best we can get. While many misuse the term, no Canadian exchange has ever fully proven reserves.
If Proof of Reserve or another form of verification was standard on all exchanges, people like Gerald Cotten and Dave Smilie wouldn’t have been able to pull off massive fraud, and cases such as Einstein would have been known long before it resulted in insolvency. Supporting exchanges that don’t provide public validation or transparency is supporting fraud. Even if the platform is 100% honest, they are setting a dangerous standard that enables other fraudsters to hide in plain sight.
Dead Platforms/Incidents
FlexCoin - As “the world's first bitcoin bank” that’s “not a true bank”, FlexCoin provides “a central location for all of your bitcoins”. “Bitcoins deposited with flexcoin will be stored on [thei]r secure servers” so you can “send bitcoins to non-technical individual[s] via e-mail”. Unlike blockchain, “flexcoin to flexcoin transfers are free”.
MapleChange - “[S]wift, reliable and to-the-point!” “One of [their] primary concerns is security for [their] customers'' which is why “keys are cryptographically encrypted”. More Canadian than anyone! Excuse me while we hold the door open to our crypto! "[W]ithdraws(sic) are next to instantaneous", "rel[ying] solely on the aspect of swiftness"!
Canadian Bitcoins - Funds stored for convenience in a professional Rogers data center, which has the highest level of courtesy and customer service - always going above and beyond to provide expedient service whenever a request comes in!
CoinTrader/NewNote - A “meticulously engineered Bitcoin Exchange” “focused on security and tak[ing] these risks seriously”. “[Y]ou don’t have to worry”, they have “90+% cold storage” and their “cold storage is fully insured by Xapo”. Plus, as “a registered Canadian corporation” they “leverage the good guys to fight the bad guys”.
Einstein - You can get “your money deposited and withdrawn faster than any other exchange”. As one customer said "With so many hacks and exit scams, it gives me confidence knowing Einstein is backed by hard-working people just like me." Just check the user experience on their subreddit from their "220,000+ satisfied customers".
EZ-BTC - As the world’s “most user-friendly and bespoke crypto currency management platform”, they have “strong security”. “All your coins are kept in cold storage. They’re safe.”. The presence of physical ATMs was one of the strategies to build customer confidence for their promised 9% annual return on stored funds.
QuadrigaCX - Operating since 2013, with “vast cryptocurrency reserves” right up to the end. "Bitcoins that are funded in QuadrigaCX are stored in cold storage, using some of the most secure cryptographic procedures possible." Even today some of the funds remain 100% secure in their cold storage!
If there are any others I missed, let me know!
No Verification Found
BitVo - Whether “Canada's premier cryptocurrency exchange” or merely “on a mission to become Canada’s premier cryptocurrency exchange”, we have to praise BitVo’s security for including “multiple signatures of a select group of trusted individuals” which are “not connected to the exchange platform or a network”. It is unfortunate that such common sense concepts are “proprietary” instead of the standard on all Canadian platforms. While assuring that they operate “on a full-reserve basis” and talking about “transparency”, the proof is lacking and nothing indicates it to have been verified externally or even internally. The withdrawal-based fee structure incentivizes users to keep funds “safe and secure” on the platform - which is “owned and operated by banking and security experts”. The “banking” side shows for sure in these hidden fine-print fees, which go well with transparency.
CoinField - Apparently no longer the "most secure trading platform in Canada" but now instead the “Best Bitcoin & Cryptocurrency Exchange In Canada” - based in Estonia and no longer having a Canadian office. They’re “fully regulated” in 193+ countries, except for the period between October 2019 and June 2020, when they weren’t even registered as an MSB. They offer a huge range of trading pairs except for the ones you need, with high liquidity except for the pairs that don’t have any, and you can withdraw and trade all of your funds as long as you leave a small amount behind at every stage.
CoinSmart - Not sure what "[i]ndustry leading cold storage" is, but luckily it’s “bank level”. No mention of multi-sig. They’re so "accountable to [their] clients, community and to each other" and "committed to being open and honest" that they don’t include any audit. Deposits are easy and withdrawals are fun - like a video game. Advance through each stage to prove your willpower, complete with warnings, SMS verification that doesn’t display errors (but luckily you can change the number to anything at all without further verification), and even an elaborate high-resolution selfie requirement you have to email in. If you can’t complete or don’t feel comfortable sending info via email, your money is held hostage - no big deal at all really.
Coinut - As "the most secure cryptocurrency exchange", they provide “a comprehensive cryptocurrency exchange platform for trading cryptocurrencies”. (Not to be confused with a cryptocurrency exchange platform for trading coconuts.) They’ve been “running securely for about three years” “by storing cryptocurrencies offline” in a single “offline computer”. In addition to not using multi-sig and "not us[ing] USB drives, as the online computer may be infected with virus", they also don’t appear to use audits or any form of public verification.
NDAX - “Canada’s most secure trading platform” to "set the standard for the Canadian cryptocurrency industry". While NDax promotes “segregated accounts” and “95-98% of user funds in an offline, multi-signature wallet”, there’s nothing to indicate backing of assets on the platform. While apparently partnered with a Canadian bank, the bank is not revealed. No audit found but at least there’s a full-page risk disclosure and disclaimer. You can sleep peacefully knowing that they’re legally protected, even “for losses suffer(sic) to you as a result of any defaults of by(sic) insolvency of other Users.” What does that even mean? Apparently, even with their industry-record withdrawal fees, they couldn’t afford a legal team with proper grammar.
Newton - Newton was one of the first to announce third party custody. You should give your funds to Newton, because they’ll give them to Balance, and they’ll do this for free! And “[m]ultinational companies trust” Balance. According to the Balance terms, “the digital assets you purchase via the Platform are not protected by any government or other insurance”. "Prospective clients...will hold the entire liability associated with purchasing a Digital Asset Cache™️ and using [Balance] services, potentially including partial or total loss of capital." "Balance does not represent or guarantee that the Balance Platform will be free from loss, corruption, attack, viruses, interference, hacking, or other security intrusion, and Balance disclaims any liability relating thereto." "No data transmission over the Internet can be guaranteed to be 100% secure, and as a result [they] cannot ensure or warrant the security of any information you transmit to [them]." "You are solely responsible for maintaining the confidentiality and security of your Account." If someone else should “[w]ithdraw the digital assets in your DAC to [thei]r external digital wallets as soon as within the same business day.” "Balance shall not be responsible for any losses arising out of the unauthorized or other improper use of your Account." The security of Balance custodianship comes down to (a) proprietary “HSMs” tested by their team of experts are more secure than hardware wallets tested by thousands of teams of experts around the globe, (b) a standardized and documented system of physical security in facilities accessible to a select number of people is superior to a combination of unique physical security, exclusive signing procedure, and complete locational secrecy that could be employed separately by multiple reasonably competent individuals, and (c) placing your trust in the team of Newton, the team of Balance, and the security of a website is more secure than simply trusting a single team to manage the private keys in an offline multi-sig fashion.
While Balance has an extensive page on security and internal controls, I was unable to locate any audit nor verification that the assets on Newton or custodian Balance are actually fully backed against deposits. From the demo page, we can see that Newton has visibility to see their balances on Balance, so at least Dustin and the team can check diligently and make sure they aren’t taken. Why not give some of that visibility to your customers? Why has Newton, which has been a leader in so many other areas (“commission-free”, working to get the best rates, etc…) not been a leader in putting together any level of public visibility to the backing of customer funds on their platform?
Apparent Verification
CoinBerry - While hard to judge from a few excerpts of what’s likely a multi-page (or even a multi-chapter) policy, it remains to be seen if their new insurance will ever come to use, given that CoinBerry was already using the best practices of offline multi-sig for the storage of all customer funds, a set-up which, to date, has a breach-less record historically. It would also be the first time that insurance has ever paid out in the history of cryptocurrency, and would cover up to $1m of client funds. It would appear that CoinBerry is counting on a structure with multiple wallets to limit losses, which is an interesting strategy, given the number of times that platforms have suffered the simultaneous breach of multiple wallets (Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time). Assuming the private keys are properly managed by separate trained people, CoinBerry client funds appear to be stored in what’s essentially a giant cold storage wallet, with all withdrawals handled and verified by multiple people before being approved, which is the most secure setup possible in cryptocurrency.
CoinBerry is also “trusted by Canadian Municipalities”, a deal that enabled “the first payment of property taxes with Bitcoin in Canadian History”. They reportedly also “undergo annual 3rd party financial statement audits”. From records, these appear to be conducted by the firm MNP which is an accounting firm. CoinBerry has not, however, publicly declared themselves to be “fully-backed”, nor have they published any verification on the backing level of funds on the platform. Rather the audits are “secret”. This is concerning given the large referral bonuses paid out by the platform to new customers (including a popular $25 referral bonus for purchasing $50 of bitcoin), multiple issues with withdrawal delays, including one affecting hundreds of customers earlier this year, and the slow increase to their “fair pricing and industry-leading low fees.” Fees have gone from 0.5% to 1%, to a tiny sentence about “adding a margin, or spread, of between 0% and 2% to the rate offered by [thei]r liquidity sources”. Luckily, they “don’t hide fees across your trading experience.” In case you should sign up and find that (up to 2%) rate to be too high, “[a]ccounts requesting a withdrawal of Fiat or Crypto currency in original form, without conducting a trade will be...charged an account maintenance fee calculated as the larger of $25 or 5% of the total amount requested.” You will also need to pay additional “mining fees for crypto withdrawals”, which significantly exceed typical transaction costs and are only mentioned in the fine print of their fees page. CoinBerry has publicly expressed agreement that you should not store funds on cryptocurrency exchanges including their own. Neither their insurance nor world-class security will do anything whatsoever if their platform goes insolvent.
CoinSquare - CoinSquare has had a rough year, most notably with being publicly declared as having inflated trading volume and having to pay multi-million dollar fines. As usual, the Reddit community was already on top of this and apparently, some staff at the company were even open about it. Ironically, one could argue that their dishonest practice did more to stand up to Quadriga than regulators ever did, may have saved thousands of Canadians from losing their funds, and may even have been a key factor in bringing Quadriga down. It remains to be seen what will become of the shell of one of Canada's oldest exchanges. It would be the ultimate in poetic irony if the actions of the OSC to protect CoinSquare investors ultimately destroyed the full value of their investment. If that plays out, I'm sure they will heap praise on the OSC for so publicly and fragrantly shaming CoinSquare for a practice which was similarly employed on other exchanges globally and which they'd already voluntarily ceased months prior to the conclusion of the 6-figure investigation and 7-figure fines.
That said, CoinSquare already had a lack of visibility into their security practices, which they describe as “100% proprietary”. This would imply the team at CoinSquare is smarter than established security standards by experts all around the world at protecting your funds, contradicting previously reported incidents. They describe “SSL and 2FA”, which are more or less standard features of all exchanges. A “95% cold storage” policy is low compared to many other platforms, and it doesn’t appear to be mentioned whether multi-sig is being employed or not. And of course, their apparent regular audits are not public (allegedly by “a national accounting firm whose identity is protected under an NDA"). They’ve routinely described themselves as solvent rather than fully backed.
Kraken - A kraken is “an enormous mythical sea monster”, and likewise Kraken, the exchange, is enormous, the largest and oldest exchange platform in North America. Kraken recently achieved the momentous accomplishment of becoming the first cryptocurrency exchange to be a regulated bank by completing a charter in the state of Wyoming. Kraken calls itself the “most trusted cryptocurrency exchange” and apparently “provides world class financial stability by maintaining full reserves, healthy banking relationships and the highest standards of legal compliance”. While many individual Kraken customers have been hacked, the platform overall never has, which is an impressive record.
Similarities abound further. According to legend, kraken exist off the coast of Norway. According to alleged court papers, Kraken operated illegally in the state of New York. Should you encounter a kraken, you may be best to leave silently. If you should work at the counter for Kraken, you may be legally silenced. One of the former employees for Kraken alleges wrongful dismissal and that the bank accounts of Kraken are actually running millions of dollars short of where they should have been. But don't worry - Kraken’s website features a Proof of Reserve page, stating that “[o]ver the past several weeks, Kraken has successfully developed and completed an industry-leading, independent, cryptographically-verified audit.” But the page was written in 2014 and among the long list of limitations, the process does not enable any validation on the blockchain. Kraken hasn't done any validation or publishing of reserves in 6 years and counting.
NetCoins - Once upon a time, the cofounder of CoinTrader (sound familiar?) decided to found a new exchange - “Canada’s easiest, most trusted way to buy and sell crypto”. As they say on the FAQ, “[t]rading cryptocurrency is completely safe”. Having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” “Get verified in minutes!” While comforting to know that parent corporation BIGG Digital Assets is audited by Manning Elliott LLP and they have “[r]eal human beings you can get in touch with easily”, this doesn't make up for no visibility whatsoever into how funds are stored or what portions are backed.
Full Backing Report
There are only two exchanges in Canada meeting these criteria.
BitBuy - BitBuy has operated since 2016, and was the very first to get a “Proof of Reserve and Security Audit Report” from third party CipherBlade. Since that time, they’ve also established themselves as the first company to get two separate third party validations, with the second one from Blockchain Intelligence Group. The platform’s initial operation as a non-custodial “Express Trade” model lends additional credibility. Therefore, with now two independent third party reports, BitBuy maintains the title as the most transparent exchange in Canada.
However, “Bitbuy has moved its existing bitcoin holdings over to Knox”. You now have to trust both teams and platforms for the security of your funds. This is described by them as an “industry leading push for best practices”. Insurance is of course “subject to the full policy terms, conditions and exclusions”. And “Bitbuy will be Knox’s first platform partner”. Knox has never done this before for any other platform. Their security model is “a mouthful for most”, but let’s break down their pitch. They have “air-gapped specialized hardware”. So is a standard typical hardware wallet. It’s running “custom policy logic”, which could be a good or a bad thing depending on the logic. Their logic has probably been vetted by a single team of experts, which is a standard shy of most hardware wallet protocols vetted by thousands of experts globally. They use a “dual-control operational model”, which if you look up dual-control, it actually refers to the fact that the functionality of the module is simultaneously performing actions and being monitored”. It allows one to “experiment with the system so as to learn about its behavior and control it better in the future” which you can decide for yourself if that’s a good thing to have or not in the hardware that controls withdrawals of an active exchange platform. There is “offline transaction processing”, which again is a standard feature of a hardware wallet. “Geographically distinct facilities” is a good idea, though easily achieved by not storing all the private keys in the same place. Saying that the facilities “communicate in a closed network” is an interesting concept. How can you know that a network is closed? If the facilities are close together, they can be breached together. If far apart, someone can get in the middle. The network is no longer closed the moment any part of it is breached. I can go on and on and break down every one of their systems if I have to, but instead, I’ll quote their own security advice about “minimizing the attack surface of the entire key lifecycle”. The minimum attack surface for a private key is having an individual generate it secretly and securely using a process which is vetted by hundreds of security experts around the world, and not relying on a third party to have to control anything to do with that key. This is already available from most standard hardware wallets, with experts debating whether other advanced experts can find a way to extract the key with access to extremely sophisticated equipment and physical access to the hardware. The best and most efficient way to mitigate a weak or corruptible party is through multi-sig where all parties have to sign the transaction. Adding intermediary custodians instead means funds are lost when any one of them is breached, and when using the same in-house hardware as Knox does, any vulnerability on that hardware or supply chain can compromise multiple wallets at once.
Now, insurance. The policy isn’t public on its website. It gives high-level features only. What’s astounding is that “collusion” is considered a break-through, which says a lot about the state of third party insurance in the space. I requested an example policy from their team. Their response was that it was “proprietary” and that they only “go over it with serious buyers”. In other words, no one has visibility to the actual policy details of what’s really covered outside of BitBuy or Knox, and neither party has any incentive to present that information objectively. For now, until someone cares to prove me wrong, I’ll quote their own website, “[m]ost policies covering Bitcoin theft and loss fall short and provide a false sense of security”.
One of the issues with the BitBuy validation is that it offers no visibility whatsoever for customers to know if their balances were included in any of their third-party validations. As such, BitBuy could have excluded any number of customers and passed both verifications with flying colours. That's why it isn’t a full Proof of Reserve. Also, they stopped talking to me again. But I still believe that BitBuy is one of the least worst platforms, now with reserves verified by two separate third parties.
ShakePay - Firstly, congratulations. The formerly trustless raccoon has now got a third party validation - a key step forward. The ShakePay platform is incredibly good at marketing, with the most powerful “Shaking Sats” program to literally get thousands of Canadians to think about buying more cryptocurrency every single day, or at least to pay homage to their great raccoon mascot. More recently, ShakePay completed a security assessment provided by CipherTrace, and added further insurance. CipherTrace found that reserves appeared to be fully backed including extensive analysis of the transactions and provided data.
ShakePay could be upfront that they charge a market spread or list the buy and sell prices. Instead, they promote the service as “no fees” and list only one price for bitcoin or ethereum, the only coins they sell. To find the model you have to click through to a separate page. The spread and pricing information is only ever available from within a registered account. ShakePay does not offer any additional trading functionality or coins.
ShakePay states that the “majority of all digital currencies are stored securely offline”. The CipherBlade report found this ratio was at “93% of Bitcoin and 91% of Ethereum” in cold storage at the time of the report, though it “var[ies] periodically to some degree throughout the day”. The report refers to a “multi-signature wallet interface”, which they later call a “service to access its sending and receiving multi-signature wallets”, which apparently also “does not have control over cryptocurrency in the hot wallets”. This part doesn’t exactly make sense, as one would most likely consider “access” to a “sending” function as “control”. Apparently, this “not mentioned” service is “without any known security risks” and there are also “redundancy measures” in place as well. Whatever that means in the context of irreversible transactions is a mystery.
However, the majority of funds are no longer stored with ShakePay but have now been given to an undisclosed “trust company registered under the NYDFS”. The “variety of security protocols” in place here include “address whitelisting”, the only policy they are willing to disclose publicly “for security reasons”. While ShakePay won’t identify the third party, “CipherBlade can confidently conclude that Shakepay controls these cold wallets” even though “they are controlled by [the] cold storage provider” and “the cold storage provider ultimately holds the private keys”. ShakePay does receive “an account statement” “which includes applicable wallet addresses and balances held” and “[d]ata found on the blockchain was also in line with information found on these statements.” It will be interesting to see in one of many “quite unlikely” events what “the cold storage provider’s policy and Shakepay’s own policy” would cover, given that the details of both policies are completely secret. Luckily, “[t]he vast majority of Shakepay customers who purchase cryptocurrency on the Shakepay platform withdraw it promptly thereafter.”
It’s important to note that this report is not a Proof nor an Audit (as originally named). “The reviewer is not a professional accountant, and CipherBlade has not performed a professional financial audit or an audit of internal controls and expresses no assurance on the accounting records of Shakepay.” ShakePay was happy to remove “audit” but they still continue to insist on calling this a “proof”, when it’s not. They claim “Proof of Reserves can have a variety of setups” and they cited Nic Carter’s blog post, which also listed all the criteria for the proof, which they did not meet. In discussion with Nic (who is amazingly open to chat), he’s agreed “what they are doing is not a full PoR” and he “didn’t believe it would be a widely consulted thing - [he] was mostly doing it to encourage custodians to take PoR seriously”. The point of a “proof” and why it’s called a “proof” is because it leaves no doubt. A Proof of Reserve needs to prove the reserves - that funds exist on the blockchain, are spendable by the platform, and fully back the assets of any customer who bothers to check. ShakePay’s does not.
Proof of Reserves
Presently all platforms in Canada have refused to provide visibility to the public blockchain entries backing funds on their platform. They have refused to sign a proof of spendability for any funds they control. All claims and verifications have been against customer lists provided by the platform with no ability for any customers to validate they were included. This is a recipe for more Gerald Cottens and Dave Smillies.
I understand Proof of Reserve is not practical for all platforms. I was able to come up with an alternative that doesn’t require public blockchain visibility, could be implemented today using reputable third parties, and effectively validates all customers are included.
How We Could Have Safe Exchange Platforms In Canada
The first and largest issue has always been a lack of transparency. Far more funds have been lost to fraudulent platforms and wallet services than hacks. Honest platforms need to be giving greater visibility and certainty to their customers to make fraud obvious.
Secondly, no platform employing offline storage and multi-sig has ever been breached. We need to agree on the basic standards of what it takes to keep assets secure and create an environment where best practices are shared instead of hidden between platforms.
And thirdly, third party insurance incentivizes high fees, it limits coverage, and it does everything possible to avoid a payout. We need an organized insurance strategy that is run by platform operators and overseen with the full protection of Canadians in mind.
What’s possible is exciting, but not guaranteed. There are a lot of irreversibly horrible futures which are even more likely if we merely sit back and watch.
No comments:
Post a Comment