Securitah Protocols for Cryptoassets
Making Sure your Investments are Protected From the Malicious Actors Lurking on the Fringes of the Cryptosphere
Five components of securability:
- High Volume of Nodes
- Systematic Approach to dealing with bugs
- The widespread distribution of miners / stakers
- Untiered rewards
- Easily Stored Securely
Nodes for the purposes of this section should be thought of as resources used to enable a networks operation. Whether it be hardware based ala Proof of Work or skin in the game based ala Proof of Stake.
The number of nodes running is important because the more nodes there are the less important any one node going down is. A high volume of operating nodes also lowers the risk of collusion and improves responsiveness to threats from those with malicious intent.
How the nodes are distributed is equally as important as the number of them given the regulatory uncertainty around cryptoassets in certain jurisdictions. It is important for cryptoassets to have nodes in multiple countries. This is becoming increasingly true as some of the countries with the widest adoption of cryptoassets, like China and South Korea, have recently put in place restrictions or outright bans on certain types of activities.
Regionally targeted cryptoassets can be great investments when the market they are targeting has a unique use case. You want to verify the world at large understands this use case though. If all the nodes are concentrated in one country and regulators decide to intervene. The ability to maintain a viable network could evaporate overnight.
cryptoID is a good place to go for node info. Find the cryptoasset you want to research. The network tab provides details on node count, geographical dispersion, and organizational support for the nodes.
One way to promote a high volume of nodes is ensuring the cost to run one is reasonable. Can the average person run a node on their laptop or do they need a data center in order to run it? The less it costs to run a full node, the less users need to rely on trusted parties to verify their activities on the blockchain.
Low technical requirements are also helpful. The reality is much of the world still uses windows. Projects that only run on one OS like Linux have a reduced supply of potential nodes because of their technical choices.
While a high volume of nodes helps maintain network resiliency. A robust distribution of security actors like miners / stakers is important too.
Widespread Distribution of Miners and Stakers
I like to see the security of projects maintained by lots of groups and individuals.
Take Dash for instance. Dash uses a master node system to secure its network and has a respectable number of these nodes. The issue is because of the strategy they chose to release the token. Most of the nodes are controlled by a limited number of entities.
This concentration presents a risk. Control of the hashing power of a network being concentrated in these entities allows them to potentially manipulate the underlying blockchain to their advantage. Allowing them to extract rents from other users or in some instances engage in outright fraudulent activities.
The extraction tab on cryptoID gives you a sense of how concentrated the security of a project is.
This shows my concern with Dash. 46% of the network is currently flowing through AntPool. Close to the 51% that would be required to begin manipulating it.
And
If Antpool were to team up with ViaBTC they would be able to easily manipulate the network given their 60% share of its overall power.
Along with a distributed network of miners and stakers projects need a clearly articulated process for dealing with potential bugs dark hats could look to exploit.
Systematic Approach to Dealing with Bugs
Bugs are still being uncovered in bitcoin and almost all projects will be impacted by them at one point or another. The key is to understand if a project has a process in place to try and proactively identify bugs and address them as they come up.
A good process encompasses the following:
- Reporting should be easy.
- Projects should be responsive and non-defensive when bugs are identified
- A mechanism should be in place to halt activity across the network when bugs are confirmed until they can be fixed.
- Bug bounties worth multiples of the black market value of exploits should be offered. Disclosure should be the most lucrative option.
- When updates are pushed out new and old versions should be run side by side until it is clear they agree.
I am not aware of any resource tracking project approaches to addressing bugs. You’ll need to search for these details. Just copy paste the language above into a search engine to begin.
Untiered Rewards
How a company rewards the resources securing its network is another important factor to consider. This is why I look for untiered reward mechanisms for providing security. The highest profile example of a tiered reward system is employing masternodes to secure the network.
Masternodes tend to receive a disproportionate amount of the reward versus standard mining or staking operations by agreeing to run a full node and providing a large number of coins as collateral.
The intent of the collateral makes sense. You don’t want malicious actors to be able to easily set up master nodes to attack the network.
But
Generally, the collateral required to effectively deter attacks puts operating a masternode out of reach for the average user. An additional hurdle is the technical requirements needed to run a master node call for hardware and knowledge the average user does not have.
Primary responsibility for network security ends up consolidating in a small number of entities capable of setting up masternodes. Making the network vulnerable if these master nodes can be systemically compromised.
While it is a fair point that all mining activities tend to consolidate. Traditional mining activities positively consolidate due to scale and efficiency, whereas master node networks consolidate negatively from an artificial imposition of scarcity.
The last critical factor in making sure network security can be conducted by a variety of participants is the ability to easily store the cryptoasset itself.
Easily Stored Securely
Along with ensuring a project is implementing proper security measures into the development and maintenance of its protocol. You need to be able to confidently secure the asset once you’ve purchased it.
Making usable wallet solutions compatible with a project is important. As it defines your ability to interact with the project as a user and ensure your investment is not easily exposed to theft by others.
Note this presumes you aren’t interested in storing your assets on an exchange which I personally try not to do outside of minor holdings needed for trading purposes.
This is one of the advantages ERC-20 cryptoassets possess, the massive quantity of secure storage solutions available. Even if you are not technically inclined you can feel confident any ERC-20 cryptoassets you purchase can be secured off-exchange in a straightforward fashion if you so choose.
The other nice thing about the variety of options available for ERC-20 cryptoassets is you can diversify your holdings across a number of different wallet types. If any particular wallet ends up compromised, the rest of your holdings will remain secure and it is relatively straightforward to transfer cryptoassets across the different storage solutions if called for.
For native cryptoassets, you’ll want to evaluate the options before purchasing unless you intend to keep your holdings exclusively on exchanges. Higher profile cryptoassets typically support a windows wallet option. So if you have a windows PC you will usually be able to download the accompanying project wallet.
If you intend to hold a lot of cryptoassets this can be unwieldy, there are multi-coin storage solutions available the breadth and depth of which is beyond the scope of this report. Depending on what coins you are holding there are a number of potential options that could work well for you. Additional reading in the resources below for those interested.
Resources
• Blockgeeks wallet guide – https://blockgeeks.com/guides/cryptocurrency-wallet-guide/
• Tips for beginners – https://bitcoinist.com/secure-cryptocurrency-wallet-16-simple-tips-beginners/
• cryptoID
• Bitcoin Focused – https://www.wired.com/story/how-to-keep-bitcoin-safe-and-secure/
Steve Miller
Stay up to date on his research by subscribing to his newsletter.
The CFA designation is globally recognized and attests to a charterholder’s success in a rigorous and comprehensive study program in the field of investment management and research analysis.
CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.