How IOUs like open.BTC work on the DEX .... and yesterday's half billion dollar CEX heist
A discussion on the merits of SmartCoins, in light of the latest major CEX hack in Japan
News came in yesterday from Japan, that well-known exchange Coincheck had some ¥58-62 billion ($534 million) in customers' wallets go missing. It's most certainly the biggest heist or hack in cryptocurrency history - confirmed larger than MtGox. The coins transferred (stolen) from the exchange were all in NEM, itself a top 10 crypto by market cap.
Thus far it is being touted that the blame lies solely on the exchange - being what it is, a centralized exchange (CEX) - just like every preceding crypto heist prior to it.
NEM founder, Lon Wong, was quick to point the finger at Coincheck saying:
"As far as NEM is concerned, tech is intact. We are not forking. Also, we would advise all exchanges to make use of our multi-signature smart contract which is among the best in the landscape. Coincheck didn't use them and that's why they could have been hacked. They were very relaxed with their security measures,"
So this article is just another CEX bashing then?
Not really. However, we know what we know. We know these central exchange attacks happen, because hot wallets are too big a honeypot for thieves to resist. You likely already heard the whole 'get out from CEX, move to DEX!' vibe. Let's explain a little more on how your assets are stored in BitShares, specifically external assets like Bitcoin - represented as IOU's - so hopefully more falls into place than just 'must move to DEX, where you control your funds'.
… and now … for the real shocking news ….
Your DEX funds are practically worthless!!!
No not really!! however they are to a hacker. There's no honeypot - Let's see how.
If you hold open.BTC, it's written in the [BitShares] blockchain you sent BTS, bitUSD or even deposited real BTC to the gateway, and they issued the UIA 'open.BTC' on BitShares. In this example, open.BTC is a user-issued asset provided by OpenLedger. OL promise to maintain 1-1 liquidity in the real asset, and only the 'IOU' called open.BTC is issued to you on the DEX. They hold the actual Bitcoin privately (invisible to the public or any potential hackers). IOUs like this allows us to exchange Bitcoin (and various other cryptocurrencies) for trustless/native assets on the Bitshares network such as BTS, bitUSD, bitCNY, bitGOLD, etc.
Let's pick that apart. In CEX, the coins go to the exchange and sit there, in user created account wallets (or worse, hot wallets) on the exchange. A central place for thieves to take all - and ALL security is left to one centralized business. However in DEX, not only are funds held by users. The issuer of UIA (in our example, OpenLedger) hold off-chain the actual BTC or ETH, and not revealing where they are for hackers to try. Although there is still a risk, the issuer holding liquidity could be hacked - the actual coins are held outside BitShares in this case.
Once a user wishes to redeem for example open.BTC, they can exchange it 1-1 whereby on doing so the issuer will send the request to the users wallet (i.e. BTC wallet, not BitShares) and destroy the IOU tokens. In such a way, any 'exchange on top of BitShares', remains superior than CEX as the location of actual crypto coins are invisible to hackers, leaving them scattered to the winds of decentralization.
The wrap up
The upshot of all this, is in DEX there is no big honey pot to attract thieves. IOUs or other market pegged-assets like this provide a further means of keeping funds secure. However, it's you that needs to take care of your wallet (thus funds), as passwords are irrecoverable for now, until new recovery mechanisms (potentially) get added in future.
Next time someone says to you, "with xyz.ASSET you don't hold the real coin" ask yourself, would you prefer to park your 'real' BTC on a public central exchange, or, do you want to have it offline yet tradeable just like Bitcoin, on the DEX as an IOU instead?
Disclaimer: This information is intended for educational and informational purposes only. It does not constitute any investment advice - cryptocurrencies are mostly unregulated and whilst huge returns are possible, so are losses. Cryptocurrency trading remains a speculative instrument, be responsible and don't be afraid to ask for advice.