With the frequent attacks and collapse of the top exchange , everyone in the encryption industry is in danger: not only has CEX fallen into a crisis of trust, but the series of dramatic hacking attacks on CEXs have also made security topics the focus of the community again. Facing a crisis: How should we recover/reduce losses? Will this crisis be a huge development opportunity for wallets? What security awareness should we establish?
In the face of a series of CEX security issues, on December 8th, as Coinstore is about to celebrate its third anniversary, we interviewed James Toh, Coinstore’s Global Head of Business Development, to discuss the security and opportunities of CEX.
Below is our interview with James Toh:
Q1: Speaking of security,there are thunderstorms about centralized exchanges that not only damaged the assets of a large number of users, but also triggered a crisis of trust in CEX. Can we still trust CEX?
James: Of course, we are still inseparable from Cex, and Cex and Dex will coexist in the future. The current stage of market development and ecological construction, such as the launch of high-quality projects (such as Coinstore’s TIA, SEI, BLUR, etc.), breaking through the circle to attract traffic, and marketing (Coinsotre’s CS Connect, Crptalk.), systematic operations (one-stop services) are all dominated by CEX, and DEX is still weak at present.
In addition, to minimize the risk,everyone should allocate assets well. For example, some long-term investment digital assets should be placed in cold wallets, and frequently used ones should be prioritized in leading exchange,like Coinstore.
Q2: In the face of some top CEXs collapse, many involved projects responded promptly: some projects actively showed proof to declare the safety of user assets; while some projects claimed that they would not disclose specific address information for security reasons. How do you view these two responses?
James: Many exchanges now propose a proof of reserve, but I think the significance of this behavior is greater than the behavior itself, because the proof of reserve is strictly divided into two parts: one part is the Merkel tree, which is equivalent to a user organization structural diagram; the second part is that the exchange will publish the address, and you can query it on the chain. However, the reserve certificates of several exchanges either only give the Merkel tree certificate, but do not include the total amount; or they announce the number of assets in the exchange, the Merkel hash tree and the total assets.
In addition, some exchanges are unwilling to disclose relevant information, which may not have much to do with security, but more to do with market risks, because these data can reflect production and operation conditions, and even strategic intentions.
Q3: Some people also believe that the CEXs thunderstorm is a major opportunity for the development of decentralized wallets: Do you think the decentralized wallets are better than centralized wallets? As a traffic entrance, what will be the future development trend of wallets that can further lower the threshold and attract Web2 users to Web3?
James: I don’t deny that the wallet is indeed a Web3 portal, but in terms of which one is safer between decentralized wallets and centralized wallets, I personally feel that decentralized wallets may not be the best choice for many people. Security: First of all, although the decentralized wallet claims to be decentralized and open source, it is still developed by a centralized team, and it is difficult for ordinary users to judge whether the team has opened a backdoor. This is a problem that is difficult to expose even in audits; in addition, everyone During the operation of the wallet, there are many behaviors, such as being responsible for the private key address, which have a very high risk of leaking the private key. Once your assets are enough and targeted by hackers, they can be easily stolen.
Therefore, I think centralized wallets are indeed valuable. Users with different habits have their own choices, and it is good to have multiple wallets coexist. Each type of wallet has its own advantages and disadvantages, and competition will make it more decentralized.
Regarding the trend of next generation wallets, I think social recovery may be more friendly to ordinary users. Any wallet logic that we can implement through programming in the Web2 world can be implemented through programming in smart contract wallets. However, there are still some problems with this type of wallet. Users do not need to know the private key. They only need social recovery of the account password. However, the private key still exists. The wallet developer will use some means to host the private key, but the specific means are not clear to the user. So please pay careful attention.
Q4: In the past years, DeFi has often been involved in security problems. The growing number of security breaches is undoubtedly a huge threat to users. Why do such things happen frequently? What can be done to improve them?
James: The underlying reason is smart contracts. Smart contracts are not like traditional apps that can be removed from the shelves at any time. Once the contract is deployed, it is irrevocable. A contract may contain errors from the moment it is created, but the errors cannot be corrected, leading to accidents.
In terms of how to improve the underlying problem,the project team must have its own security awareness. It is best to find a professional security audit company in the industry to conduct an audit before going online. At least some known attack methods can be avoided as much as possible. For users,the suggestion is to do research on the project before participatingi to avoid loss.
Q5: Recently,Bitcoin’s ecology is extremely hot, and major public chains have launched inscription minting projects.How do you think? Is this a real innovation?
James: The inscription asset refers to virtual assets that are created by recording information in a specified format on BTC (or other blockchains), and then converting the recorded information on the chain into virtual assets through a specific indexing protocol. These assets can be homogeneous assets (such as BRC20 assets) or non-homogeneous assets (such as NFTs).With the emergence of the wealth creation effect of Bitcoin inscription and Ethereum inscription,the other public chains start to mint inscriptions on themselves.
Is this a real innovation? I think it depends on the standpoint from which the evaluation is made.This is of course a good innovation for trading platforms, asset speculators and Bitcoin miners, because the emergence and popularity of this type of asset has actually increased their income. But when it comes to whether inscription assets provide commercial value, such as reducing the production costs, improving business efficiency, and optimizing resource allocation,I still doubt it.
Q6: The SEC once again postponed the approval of multiple BTC ETF applications,Fidelity,BlackRock and others submitted applications again.How confident are you in the ETF approval? What impact will it bring to the industry?
James: Despite the regulatory challenges, most of industry players express confidence in the eventual approval of a Bitcoin ETF by the SEC. Observers suggest that the recent legal setbacks faced by the SEC, particularly in the case of Grayscale’s Bitcoin fund conversion, might influence the regulatory stance on Bitcoin ETFs. Therefore, I believe the approval will likely occur in early next year.
There are several impacts of the approval.The presence of spot Bitcoin ETFs could bolster the overall liquidity of the Bitcoin market by attracting more buyers and sellers. This increased liquidity may lead to more stable prices and reduced volatility, making Bitcoin a more appealing investment option for everyday investors.
Also,institutional investors have been cautiously observing the cryptocurrency industry, awaiting regulatory clarity. A Bitcoin ETF could provide the legitimacy and regulatory framework they seek, potentially increasing institutional involvement in the market. This infusion of institutional capital could stabilize Bitcoin’s price and stimulate overall market growth.The approval of a Bitcoin ETF would provide much-needed regulatory clarity, setting a precedent for the treatment of digital assets. This clarity could encourage more institutional participation and investment in the cryptocurrency space.
.
Q7: Cross-chain bridge is a concentrated area where security incidents often occur, and many cross-chain bridges have experienced hacker attacts.Why did this situation happen? What should a cross-chian bridge do to improve secruity?
James: The majority of cross-chain bridges have proven themselves to be extremely unreliable and therefore risky for users. They have emerged as one of the biggest targets for hackers, and they’re constantly being probed for weaknesses. And all too often, vulnerabilities are found, leading to millions of dollars worth of users’ funds being irrevocably lost.
Project teams can avoid security issues on cross-chain bridges by adopting the following best practices.1) Ensure decentralization of validators to avoid single points of failure. 2) Time delay on withdrawals from cross-chain bridges could help in preventing theft.3) Real-time monitoring of transfers could help in identifying abnormal transactions quickly. 4) An insurance fund could serve as a valuable contingency plan for reducing the impact of damages due to crypto bridge exploits. 5) External audits by third-party security firms can help in easier identification of vulnerabilities.
Q8: What did Coinstore do in order to provide a secure trading platform for users?What about the future development in terms of security?
James: Asset security is our top priority. To ensure the safety and financial security of user assets, we have invested heavily in state-of-the-art security infrastructure and undergo regular third-party audits. Our technical team has recovered assets lost due to user errors to ensure the safety of users’ assets.
Besides the technical part, compliance is another part that must be mentioned. Coinstore contacts, discusses and cooperates with local regulatory agencies in major target markets to help them understand blockchain technology and cryptocurrency, and at the same time actively cooperates with local regulatory agencies to build relevant regulatory frameworks. We are committed to becoming the most trustworthy and secure trading platform in the world.
Q9: Coinstore turns 3 recently, can you introduce some important achievements Coinstore has made during the past 3 years? What campaigns does Coinstore launch for its 3rd anniversary?
James:During the past 3 years, Coinstore creates a robust product lineup that includes spot trading, over-the-counter (OTC) services, Launchpad, wallets, staking (Earn), futures and derivatives, and Labs. As of November 2023, Coinstore has over 5 million registered users,covering over 175 countries and regions, with Indonesia, India, and Nigeria being the target markets. Launchpad becomes the core product for Coinstore, the average oversubscription rate has achieved 357.57%. With the fast development ,Coinstore strongly confirms the expansion in emerging markets with anticipation of surpassing 10 million users by 2025.
For the 3rd anniversary, the celebrations highlight three major focal points: trading competitions, token airdrop sessions, and listing festival.In addition, a series of online events including brand AMA, CS Live and offline events including “CS Connect” and “Cryptalk” were held. Please come and join our celebrations.
Q10: One last question,when walking in the dark forest of the crypto world,what kind of security advice that cannot be ignored?Can you share?
James:Security is a topic that cannot be ignored. When walking in the dark forest of the encryption world, I hope that everyone can cultivate both internal and external skills. On the one hand, they can learn to analyze investments rationally and objectively, distinguish the pros and cons of projects, and be non-impulsive, blind, and greedy; On the one hand, you must also protect yourself, choose a good trading platform,like Coinstore.Participate in good projects, be in a safe investment environment, and be cautious in transactions, and do not leak any information about private keys, mnemonic phrases, etc.; finally, it is best to distribute assets management, don’t put all your eggs in one basket.Hope we can all get good returns.
The end
Thanks to James for the answers. The wonderful time is always so short. At this point, this informal talk with James has come to an end. Thank you all for join us today, we will publish more meaningful interviews in the future, please stay tuned.