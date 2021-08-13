The cases of lost or stolen bitcoins (which are estimated to be 4 million coins to date), do not depend on the vulnerable nature of the cryptocurrency. But mostly from two causes: the loss of the cryptographic key, the only way to access wallets; or by intermediaries who commit a crime and steal customer coins. There is an emblematic story to sum up this aspect: that of Gerald Cotten, founder of the Canadian Bitcoin Exchange QuadrigaCx, who allegedly died taking the encrypted password to access the portal to his grave along with the approximately 123 million euros in cryptocurrencies of the customers (still running rumors that Cotten gave himself up for dead to escape with the chest).

This is not an isolated case: according to a recent report by the cryptographic intelligence firm CipherTrace, losses due to theft, cyber attacks and fraud in DeFi reached an all-time high in the first seven months of the year, at 474 million dollars. At the same time in the overall crypto market, losses due to crime dropped drastically to 681 million at the end of July, compared to 1.9 billion for the whole of 2020 and 4.5 billion in 2019. The report notes that in the DeFI field the 76% of the crimes were committed by hackers outside the system; and a quarter from the same developers who abandon the project and run away with the cash.

“The Polygon case concerns poorly written smart contracts, albeit with an ambitious technological idea at the base – says Ferdinando Ametrano, professor of” Bitcoin and blockchain technology “at the Milano-Bicocca University and CEO of CheckSig, a bitcoin custodian for institutional investors and Hnwi – are not really “attacked”, but simply violated in their vulnerability. In the world of Decentralized Finance (DeFi) which proclaims the code as the only law, I would not speak of theft but of the exploitation of small print clauses by those who can read the code “.

The Poly Network story bounced in newspapers around the world: the largest crypto theft in history worth $ 600 million. And it was Poly Network itself who announced it on Twitter, asking the hackers who committed the criminal action to return the stolen goods to the community. A story that rekindles the headlights on the issue of security in the crypto world, but which should not cause concern for bitcoin holders.

The importance of evaluating the soundness of the IT protocol

“There are two different levels: for bitcoin, it is always cases of incapable intermediaries or those who engage in malicious behavior. What you need to look at when investing in crypto is first of all the solidity of the technological infrastructural level, something in which smart contracts are often lacking. When you define a smart contract, you write a program that can have bugs, especially if you don’t do a formal verification “.

Poly Network just fell on a programming bug. Still another matter are the crypto memes that have no idea or technology behind them and on which it is almost impossible not to get hurt. This is the case of Catge as well as Dogecoin, pushed on social networks by more or less influential influencers (from Francesco Facchinetti to Elon Musk). “Anyone can create a token, pump it to create Fomo (fear of missing out, the fear of losing an opportunity) and sell it to cash, leaving the chickens with the match in hand – says Ametrano – the true theme is that these things move billions and therefore they create enormous damage ”.

So, let’s try to tidy up. To invest in crypto, the first thing to consider is the infrastructural strength of the project. The bitcoin protocol is armored and has in fact never been breached since its launch in 2009. The blockchain on which bitcoin is registered and traded is made up of records, which are the basic elements (transactions or payment orders, to be imagined as the lines of a log page); the block, which is a set of records (we would say a page of the register) and the chain, that is the register in its entirety. The computers on the network, the so-called nodes, check the details of each record and only once they are sure they are correct do they add them to the block and seal it by signing it and associating it with a unique code. This makes it impossible to modify, replace and therefore falsify any piece. Any attempt to enter the network is unsuccessful. In fact, to change the block, the consent of all the network nodes participating in the validation process of the transactions included in the register is required. Furthermore, the consent should be repeated not for the single block, but for the entire database, because each block contains, in addition to its unique code, also that of the block that precedes it.

Because centralizing blockchains increases the risk

In the case of Poly Network, which is a system for exchanging tokens between different blockchains, the blockchains used are centralized (namely the Binance Smart Chains). “This – continues Ametrano – makes it possible to stop the attack, but opens up other problems: if there are those who govern these chains, are they” accountable “? Is it a regulated entity? What legislation is it subject to? “. A theme that is the same for which Binance is under the radar, having not had a stable registered office and having chosen a border line business style.

How to choose the exchange and the custodian

This observation suggests a second action strategy to stay safe with bitcoin: buying them on platforms with a clear and transparent policy and preferably institutional recognition. “There are services that are more or less secure – suggests Ametrano – There will be a reason why the Chicago Mercantile Exchange, to determine the price of bitcoin, has chosen Coinbase, Kraken, Gemini and Bitstamp: the most famous and reliable international exchanges”.

So to buy bitcoins, it is advisable to go to one of these exchanges. “The check to be made is that you are buying bitcoin and not substitutes, alternatives, disguises – says Ametrano – Doing so on the aforementioned platforms is in itself a guarantee. Alternatively, you can contact the oldest Italian stock exchange, which is The Rock Trading ”. Even when looking at Italian operators, a selection has to be made – there has been no shortage of cases of fraud even by companies under Italian law. “Today in the Italian panorama, together with The Rock Trading, I would mention Conio and Young Platform, platforms that buy bitcoin on other exchanges; and of course CheckSig, the company we founded to offer custody service to Hnwi customers and which also offers brokerage, tax advice, training and other services. CheckSig is the only Italian company to boast both the SOC certifications of an external auditor (which verifies the reliability and correctness of the processes, technical security and regulatory adequacy), and the insurance coverage: two other elements that can help the investor to orient and discriminate between the various operators in the crypto sector “.