Bitbuy CipherBlade report: How can crypto exchanges show proof of trust?
How should cryptocurrency exchanges prove that they're not a QuadrigaCX waiting to happen?
Ironically, given cryptocurrency's designs for a trustless world, crypto exchanges live and die on consumer trust. One of the more pivotal deaths was that of QuadrigaCX, precisely because it was so well trusted.
It was founded in 2013, and by 2015 was registered with FINTRAC (Canada's financial services authority) and subject to the oversight of two securities regulators. QuadrigaCX had a chartered public accountant who prepared financial statements of all its Bitcoin trades and had independently audited financial statements. It even managed to score cold storage insurance for customer digital currencies. It may have been the first exchange in the world to achieve this feat.
Insiders say it started to go off the rails later, but its hard-earned reputation as Canada's most regulated, transparent and upstanding cryptocurrency exchange remained.
And then one day it turned out to have been empty on the inside all along and operating similar to a Ponzi scheme.
A good reputation alone clearly isn't a reliable indicator. Even worse, a good reputation where it shouldn't be means that people take bigger risks than they know, and that more people lose more money if everything falls apart.
What's a good exchange to do?
The shock tangibly impacted Canada's other cryptocurrency exchanges. A lot of customers started giving their own preferred exchanges the side-eye and wondering what was going on behind the scenes, while the government quickly stepped in to start drafting new crypto exchange regulations to protect consumers.
Exchanges themselves also started taking action. One of them, Bitbuy, commissioned a report from the CipherBlade blockchain investigation firm. Essentially, it hired someone to investigate itself on behalf of its customers.
In a 22-page report, CipherBlade investigated the exchange's solvency, proof of reserves, liquidity, cold storage, policies and staff risk. And the findings came back squeaky clean.
CipherBlade checked all fiat balances and watched the balances change as it made deposits and withdrawals into a live account. Bank attestations were made available to prove it. The cryptocurrency balances also matched, with CipherBlade finding a 100% match between a ledger of user account transactions and their individual account balances.
A report from the Bitbuy backend found that the sum of cryptocurrencies held in Bitbuy hot and cold wallets was a 100% match for the amount held across user accounts, providing "100% proof of reserves" as CipherBlade described it.
Across the board, it found adequate reserves, saw the documentation of Bitbuy's insurance arrangements and found everything in order.
The report also took the time to lightly marvel at Bitbuy's physical security measures. It neglected to detail the full security system for obvious reasons, but noted cameras recording redundant offsite storage, a door which requires multiple keys to open and tamper-proofing measures.
Bitbuy's cold wallets are kept behind these kinds of security systems and stored in tamper-proof serialised bags. The recovery seeds for the hardware wallets are handwritten on paper and stored in separate bank safety deposit boxes at two different banks. The presence of both Bitbuy directors is needed to access these.
There are a total of four directors and contingency plans have been made in the event of three or more of them simultaneously having a nasty accident.
"CipherBlade suggested the minor optimisation of transitioning the recovery credentials to steel, and Bitbuy has since procured the necessary items to execute and has made this transition," CipherBlade reported.
If you're interested in procuring the necessary items to execute your own minor security optimisations from the comfort of your own home, CryptoSteel and Billfodl recovery seed backups are available online. Their main advantage over paper wallets is probably that they're waterproof so even if the bank floods, the recovery seed will be fine.
CipherBlade checked all staff identification and ran background checks on everyone at Bitbuy and found that everyone was a real person and none of them were criminals.
It sounds pretty obvious, but QuadrigaCX would not have passed this test. QuadrigaCX's co-founder later turned out to have fraud convictions under his belt and to have legally changed his name twice.
"The QuadrigaCX team had individuals that used fictitious names, most likely in hopes of hiding questionable pasts, and had QuadrigaCX users been aware of these pasts, far less use of the QuadrigaCX platform (as well as trust in the custody of the assets) would have taken place," CipherBlade notes. An ID and general background check of employees at cryptocurrency exchanges should be the bare minimum requirement going forwards.
Of course, the irony here is that most members of the CipherBlade team are themselves anonymous.
Back to square one?
CipherBlade has been the subject of some controversy after it reportedly performed a pro bono analysis of the ShapeShift exchange's transaction history, following a factually dubious WSJ report into alleged money laundering. However, subsequent reports put most of those criticisms to rest and pretty well cleared CipherBlade of most of the suspicions being heaped on it.
However, it still highlights the challenges facing exchanges that want to prove themselves.
These semi-anonymous reports, such as the CipherBlade paper commissioned by Bitbuy, while providing a valuable way for customers to take a look inside the exchange, might still just be a stop-gap measure until more formal regulatory standards come in. As the QuadrigaCX incident shows, just because an exchange falls under the umbrella of regulation, that doesn't necessarily mean it's compliant.
The good news, of course, is that blockchain presents some unique ways for exchanges to prove their trustworthiness. For example, when the bankruptcy rumours started swirling around Bitfinex it simply posted links to its wallet addresses to prove that it still had billions of dollars in crypto.
The CipherBlade report here points at some of the ways this kind of arrangement might be formalised, and serves as valuable food for thought for anyone wondering what formal cryptocurrency exchange standards should touch on... or anyone who wants some reassurance that they're not trading on the next QuadrigaCX.
Disclosure: The author holds BTC at the time of writing.