How IOUs like open.BTC work on the DEX .... and yesterday's half billion dollar CEX heist

in #bitshares6 years ago (edited)

A discussion on the merits of SmartCoins, in light of the latest major CEX hack in Japan

(news story)

News came in yesterday from Japan, that well-known exchange Coincheck had some ¥58-62 billion ($534 million) in customers' wallets go missing. It's most certainly the biggest heist or hack in cryptocurrency history - confirmed larger than MtGox. The coins transferred (stolen) from the exchange were all in NEM, itself a top 10 crypto by market cap.

NEM logo

Thus far it is being touted that the blame lies solely on the exchange - being what it is, a centralized exchange (CEX) - just like every preceding crypto heist prior to it.

NEM founder, Lon Wong, was quick to point the finger at Coincheck saying:

"As far as NEM is concerned, tech is intact. We are not forking. Also, we would advise all exchanges to make use of our multi-signature smart contract which is among the best in the landscape. Coincheck didn't use them and that's why they could have been hacked. They were very relaxed with their security measures,"

So this article is just another CEX bashing then?

Not really. However, we know what we know. We know these central exchange attacks happen, because hot wallets are too big a honeypot for thieves to resist. You likely already heard the whole 'get out from CEX, move to DEX!' vibe. Let's explain a little more on how your assets are stored in BitShares, specifically external assets like Bitcoin - represented as IOU's - so hopefully more falls into place than just 'must move to DEX, where you control your funds'. homepage - caught with their pants down?

… and now … for the real shocking news ….

Your DEX funds are practically worthless!!!

No not really!! however they are to a hacker. There's no honeypot - Let's see how.

If you hold open.BTC, it's written in the [BitShares] blockchain you sent BTS, bitUSD or even deposited real BTC to the gateway, and they issued the UIA 'open.BTC' on BitShares. In this example, open.BTC is a user-issued asset provided by OpenLedger. OL promise to maintain 1-1 liquidity in the real asset, and only the 'IOU' called open.BTC is issued to you on the DEX. They hold the actual Bitcoin privately (invisible to the public or any potential hackers). IOUs like this allows us to exchange Bitcoin (and various other cryptocurrencies) for trustless/native assets on the Bitshares network such as BTS, bitUSD, bitCNY, bitGOLD, etc.

Let's pick that apart. In CEX, the coins go to the exchange and sit there, in user created account wallets (or worse, hot wallets) on the exchange. A central place for thieves to take all - and ALL security is left to one centralized business. However in DEX, not only are funds held by users. The issuer of UIA (in our example, OpenLedger) hold off-chain the actual BTC or ETH, and not revealing where they are for hackers to try. Although there is still a risk, the issuer holding liquidity could be hacked - the actual coins are held outside BitShares in this case.

Once a user wishes to redeem for example open.BTC, they can exchange it 1-1 whereby on doing so the issuer will send the request to the users wallet (i.e. BTC wallet, not BitShares) and destroy the IOU tokens. In such a way, any 'exchange on top of BitShares', remains superior than CEX as the location of actual crypto coins are invisible to hackers, leaving them scattered to the winds of decentralization.

The wrap up

The upshot of all this, is in DEX there is no big honey pot to attract thieves. IOUs or other market pegged-assets like this provide a further means of keeping funds secure. However, it's you that needs to take care of your wallet (thus funds), as passwords are irrecoverable for now, until new recovery mechanisms (potentially) get added in future.

Next time someone says to you, "with xyz.ASSET you don't hold the real coin" ask yourself, would you prefer to park your 'real' BTC on a public central exchange, or, do you want to have it offline yet tradeable just like Bitcoin, on the DEX as an IOU instead?

Disclaimer: This information is intended for educational and informational purposes only. It does not constitute any investment advice - cryptocurrencies are mostly unregulated and whilst huge returns are possible, so are losses. Cryptocurrency trading remains a speculative instrument, be responsible and don't be afraid to ask for advice.


It's terrible what happened with Coincheck and NEM. I hope they take measures to catch the criminals.

Have to say I am a big fan of Bitshares. I feel like this is a solid product and will continue to do well in the crypto space.

Thanks for sharing.

Thanks for sharing your insight about DEX and IOU. Now I fully understand how this works.

This is just am amazing post where i gives us knowledge about the topic concerned.

What about bitshares held on the exchange instead of the downloaded wallet?

Exchange is list of offers from different accounts, aka enlisted holders offers for buy/sell. There is digital signed agreement where your funds will be sold from your account for the price you've been asking.

In simple terms all Bitshares are held/issued by the blockchain who has only one entry point and that is through credentials given single time to user while first time creating his account.

Thanks for the reply @murda-ra.

I was referring more to the hacking...if the bitshares are kept on the exchange as opposed to the downloaded wallet, are they are risk or not since the key is not held by the exchange?

Nothing is at risk, because at simple words,

only entry point to the bitshares is key issued to the user at creation of the wallet. No recovery, no emails, no database storage, so ONLY user and user itself is risk to his funds and nobody's else except him.

Thanks for explaining this. I trade on the DEX nearly every day, so I know it well, but this gave me a better understanding of how IOU assets on the DEX work. Much better than centralized exchanges.

Coins mentioned in post:

CoinPrice (USD)📈 24h📉 7d

Great post here. UIAs like OL's offer a different risk profile from traditional exchanges. Critics will say that you don't really hold much besides a promise form OL - while true, you make the good counterpoint that these coins are visible to potential hackers.

Coin Marketplace

STEEM 0.18
TRX 0.14
JST 0.030
BTC 58802.33
ETH 3158.99
USDT 1.00
SBD 2.42