On Feb. 20, the San Francisco-based cryptocurrency exchange Coinbase gave the public an inside look at how the company deals with contentious forks. Coinbase engineer Breck Stodghill specifically discussed how the trading platform dealt with the Bitcoin Cash (BCH) split on November 15, 2018.
Replay Attacks, Protection, and ‘Dust Mixing’
Over the last few years, cryptocurrency enthusiasts have gotten used to the idea of forks and subsequent blockchain splits ever since the Ethereum network bifurcated in 2016. Since then there have been a few other notable splits that affected the crypto ecosystem. Coinbase has explained in a blog post written by developer Breck Stodghill that the company believes networks should be able to fork as it’s an “important tool for innovation in the ecosystem.” The only thing is, some forks – specifically ones that don’t have replay protection – can pose “unique security risks” for exchange customers.
The Bitcoin Cash network fork in November was one of those instances as the upgrade was contentious in the eyes of an “opposing subgroup.” In order to protect users who held BCH on Coinbase prior to the fork, the company created its own replay protection strategy to mitigate replay attacks. When a cryptocurrency splits in half there are two chains with identical transaction histories, addresses, and balances. Essentially, without replay protection transactions can be double spent by malicious actors and other types of transaction errors can happen.
“To overcome this unique problem, we implemented our own replay protection by using a strategy called “dust mixing,” thereby ensuring that all customer funds are isolated to a specific chain and not vulnerable to replay attacks,” explains the Coinbase developer.
When the fork took place, Coinbase utilized the dust mixing technique in order to be sure the firm’s hot wallet and customers’ funds were kept safe. One way to separate two identical chains is by using transaction inputs that only exist on one of the ledgers. When the BCH chain diverged into two, new outputs were created and formed within the miners’ reward. These coinbase rewards are different and separate the mirrored chains going forward.
“Dust mixing refers to the practice by exchange operators of including at least one small chain-isolated input to each newly generated post-fork transaction,” Stodghill’s post details. “At the time of the BCH/BSV fork, we obtained a BCH coinbase reward from a miner. We used the coinbase reward to generate a large set of chain-isolated dust outputs. For each newly generated post-fork BCH transaction, we make sure to include at least one input that is guaranteed to be isolated to the BCH chain (i.e. a descendant of a BCH coinbase reward).”
Coinbase continued by adding:
Any leftover change outputs of Coinbase generated BCH transactions are added back into the pool of chain isolated outputs in our hot wallet and can be used as an input to subsequent transactions to produce additional dust outputs required to service BCH sends off our platform.
Contentious Forks Can Lead to Big Exchange Losses
Hard forks are a part of the way blockchains upgrade but contentious forks can lead to splits and subsequent replay attacks if no protection is added by cryptocurrency developers. Back when the Ethereum network fork surprised everyone in 2016, former Coinbase executive Charlie Lee stated that the Ethereum Foundation advised the exchange not to use replay protection. Reports at the time detailed that trading platforms like Coinbase, Yunbi (40,000 ETC) and Btc-e all lost thousands of ETC and ETH during the chaos. On Aug. 6, 2016, Coinbase CEO Brian Armstrong told the cryptocurrency developer Peter Todd that the exchange lost approximately 17,500 ETC ($40,000 at the time) from replay attacks.
In its blog post about the BCH/BSV split, Coinbase explains that the company wants to continue creating an open financial system with a trusted reputation. Founded in 2012 by Armstrong and Fred Ehrsam, the exchange hasn’t seen any major breaches, unlike many of the other trading platforms created back then. As for hard forks, Coinbase says the firm’s engineers are always working around the clock to find solutions to issues like blockchain splits. “Our security focused approach to hard fork management is a direct result of that mission,” the San Francisco company concludes.
What do you think about the way Coinbase dealt with the contentious BCH fork that took place last November? Let us know what you think about this subject in the comments section below.
Image credits: Shutterstock, the Coinbase blog, and Pixabay.
At Bitcoin.com there’s a bunch of free helpful services. For instance, have you seen our Tools page? You can even look up the exchange rate for a transaction in the past. Or calculate the value of your current holdings. Or create a paper wallet. And much more.
Jamie Redman is a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open source code, and decentralized applications. Redman has written thousands of articles for news.Bitcoin.com about the disruptive protocols emerging today.
A hands-on preview of Samsung’s just unveiled flagship phone, the Galaxy S10, reveals new details of the device’s upcoming crypto features.
The first official specs of the phone were announced in the U.S. on Wednesday, but only brief mention was made of its ability to store cryptocurrency private keys.
However, in a piece for CoinDesk Korea, Park Geun-mo managed to review the device at Samsung’s flagship D’light store in Seocho-Gu, Seoul, where the tech giant often first showcases its latest products.
Launching the “Blockchain Keystore” app on the S10 displays a screen that says “Store your cryptocurrencies more securely,” along with a description of what you can do with the app.
As the image above shows, it broadly allows three features: payments to merchants, digital signatures and crypto storage and transfers. The phone’s full list of possible uses reads: secure distribution of data, insurance and contract verification, content copyright management, direct sharing of content, in-game goods ownership, digital asset management and transactions.
According to the app’s terms and conditions, the Blockchain Keystore generates and stores a private key based on blockchain technology in a secure enclave built into the device. It can securely sign and store cryptocurrency transactions using blockchain.
The term “devices” refers to mobile devices developed by Samsung Electronics such as smart phones and tablets, according to the T&Cs.
Effectively, CoinDesk Korea writes, the firm looks to be saying that Blockchain Keystore will potentially be able to be installed on all mobile devices developed and sold by Samsung Electronics, and possibly notebooks too, in the long term.
The phone’s T&Cs also state that third-party services provided by affiliates can also be used on the device and various blockchain-based decentralized applications (dapps) will eventually be able to be used on the Galaxy S10. Notably, the introduction video to the wallet provides a glimpse of a menu called “Dapps” (see bottom image) alongside the cryptocurrency wallet button.
When signing in to the Keystore for the first time, Samsung explains that the user’s “personal key” is necessary to use various blockchain services, adding that it must be stored safely. The key in this case means a password.
Samsung has used its Knox service as the basis for integrated security management of mobile devices since 2013. Knox is a proven security service with the U.S. Department of Defense security certification and U.S. National Information Assurance Association CC certification (Common Criteria).
In addition, the Galaxy S10 series is equipped with an AP (Application Processor) Exynos 9820 developed by Samsung itself. The Exynos 9820 also includes a PUF (physically unclonable function) – a semiconductor-based cryptographic key management technology. In effect, the Galaxy S10 has plenty of security tech to store private keys safely.
The S10 allows users to store private keys either in the secure enclave or via a third-party service, the terms indicate.
But what do you do about your private keys if you lose your phone? According to the T&Cs, the private keys stored in the S10’s Keystore are backed up in a personal account provided by Samsung. If the phone is lost or stolen, users can access the device and delete the private key through its Find My Mobile service. Further, if a private key is accidentally deleted, users can restore it via the service.
Centralizing key storage in this way is bound to raise questions about security and it remains to be seen what would happen if someone gained access to your Find My Mobile service and if Samsung might provide further protections.
Inside the wallet
In an introductory video at the D’light store, Samsung explained how to send funds through the wallet app.
First, after inputting the address, amount and fee to be sent and pressing the “send” button, users are prompted to confirm with fingerprint ID or PIN code.
Once the authentication is complete, the transfer is sent.
To save typing out long public cryptocurrency addresses and possibly making mistakes, wallet addresses can be entered using the camera to scan a QR code where available.
The wallet also provides the option to import an existing wallet and create a new wallet.
The app appears to support ether (ETH) and bitcoin (BTC) by default, as there are logos for the two displayed in the Blockchain Keystore introduction image. Further, there is a cryptocurrency/token “add” button, so users will presumably be able to use other cryptocurrencies and ethereum-based ERC-20 tokens via the wallet.
Intriguingly, the Blockchain Keystore also provides hints about the possibility of connection to Samsung’s payments platform Samsung Pay in the future. The terms and conditions explain that Samsung’s Payments Service Group is responsible for inquiries about Blockchain Keystore payments.
Samsung said the Galaxy S10 will start shipping on March 8.
Editor’s note: This review was based on an article in Korean and has been translated.
Samsung S10 product image via Samsung; hands-on images via Park Geun-mo/CoinDesk Korea
Bitcoin Exchange rates
|1 BTC =||4148.57000 USD|
|1 BTC =||3649.79000 EUR|
|1 BTC =||80.0000000 LTC|
|1 BTC =||26.0500000 ETH|
|1 BTC =||3198.73000 GBP|
|1 BTC =||5751.05000 AUD|
|1 BTC =||5394.00000 CAD|