Online Conference with Andrew Zimine
Good afternoon. I am happy to answer your questions.
1.WHAT TYPES OF HACK ATTACKS CAN AFFECT CRYPTOCURRENCY EXCHANGES?
There are basically three attack vectors disabling the platform: DDOS attack, users data (accounts) theft and exchange funds theft. Unfortunately, hackers now go beyond the harmless Deface and as a result of their actions many users lose their money. Since cryptocurrencies are fully digital assets they are most vulnerable to the malicious user’s attacks. It mainly affects the client sector: the confidential data may be intercepted or replaced during user’s (admin or admins) work with wallet’s client/domain.
2.WHAT ARE THE MAIN GOALS OF HACKER ATTACKS?
As I mentioned before, hackers are not enthusiasts who help to fight vulnerabilities any more, they are quite materialistic criminals whose goal is to steal other people’s money. Here are some of the schemes they (hackers) use to reach their goals:
- client software vulnerabilities;
- exchange backend holes;
- SQL injections;
- fishing letter.
3.HOW DO DECENTRALIZED EXCHANGES PROVIDE SECURITY?
Decentralized exchange is a double-edged sword. On the one hand, the exchange does not store any exchanging funds, they are on the user’s side, which is very good. On the other hand, if a user makes a mistake no one can help him, because cryptocurrency transactions are irreversible, and that is already not very good. Decentralized exchanges minimize the risks from the third party, but increase the personal responsibility and technical literacy of the user.
4.HOW DID YOU GET THE IDEA OF CREATING EXSCUDO EXCHANGE?
In fact Exscudo is the EON idea development; it does not purely match none of the existing types of platform: it is not centralized, but it is not fully decentralized at the same time. All the exchange processes happen in the decentralized multi-thread core, no matter is it a simple swap or a margin transaction, but balances are stored outside the exchange, and the exchange only provides the proof of validity by signing the orders. It is not enough to give users a strong tool for growth and interaction, this tool also have to be integrated into the existing legal environment so that technology could be fully workable and usable. I hope Exscudo is the first swallow which will open the doors to the other technologies based on decentralized principles.
5. HOW IS PROVIDED THE ADDITIONAL SECURITY FOR THE USERS OF EXSCUDO EXCHANGE?
You can find a more detailed answer to this question in the Alex Sitnicov article (Alex is CTO of Exscudo, you can read his article via the link: http://thefintechtimes.com/technology-change-way-register-online/).
But basing on the conference topic, I want to add that there is a clear distinction of security approaches between data transferred via the WEB and data stored on the EON blockchain. Dividing the objectives into two blocks we tried to realize a more advanced security model without causing discomfort to our users. Exchange accounts security depends mainly on the EON security, EON is decentralized, so the most vulnerable link is still the user, whom we taught to create safe, long and unique passwords (https://www.youtube.com/watch?v=Ec3LzMjyN38)
6. WHAT ARE THE DIFFERENCES BETWEEN EXSCUDO AND BITSQUARE? WHAT MAKES EXSCUDO UNIQUE? WHAT IS MORE SECURE AND WHY?
I wish I could now show you a table comparing Exscudo to Bitsquare and showing Exscudo’s superiority. What is more, such a question would have attracted marketers too. But, frankly speaking, I find unethical the comparison of two solutions with different statuses: one is launched, another is being tested. There are functions and possibilities we declare and they are open to the public, it is enough to get a first impression.
What about security – we are maximally concentrated on this issue and hope not only to become the best but to establish new standards in the organization approach to users data and funds.
7. WHY IS THE NUMBER OF HACKER ATTACKS INCREASING OVER THE WORLD?
The increase of hacking attacks is a relative thing. The point is that more and more people are starting to use the Internet, and smartphone manufacturers play a great role in it. It means that the number of Internet users is growing, but their level of computer knowledge leaves a lot to be desired. Besides, the number of hacker attacks has risen because some hackers think their activity is unpunished. They live with such an illusion because their knowledge in computer systems is, in most cases, very limited. Today’s hackers are far from being as professional, as their precursors, who developed the software that modern hackers use.
8. WHAT ARE THE MOST RELIABLE DECENTRALIZED EXCHANGES IN YOUR OPINION?
Several years ago I analyzed the NXT solution, the stock exchange integrated into the wallet and based on the principles of decentralization. I think the guys are doing well and in the right direction. In my opinion the number of its forks indicates the quality of their technology – NXT has a lot of functions and there are those who are trying to present the functions of the standard NXT client, such as a decentralized exchange, as their own solution.
All other “decentralized” things that I came across were developed / launched with some intentions, that were of no good.
9. YOU ARE CONDUCTING THE ADDITIONAL TESTING OF THE EXSCUDO EXCHANGE NOW. IS THIS DECISION CONNECTED TO THE LARGE NUMBER OF HACKER ATTACKS LAST TIME?
Not only. There are some equally important problems. We are not going to become just another exchanger, operating in a shadow legal field.
So, security is our priority right now. As you know, in addition to closed tests which are performed right now by the team and third-party auditors, we will run public testing before we launch the system as a commercial product.
The reason why we play so safe is the care of users’ funds and our own reputation. We cannot let down those who believe in us, and also the industry as a whole, because every mistake in this sphere affects the cryptocurrencies as a whole.
It’s a pity that some developers don’t understand how their activity undermines the image of the whole sector of the economy. Otherwise the attitude of the authorities, governments and supervisory bodies would be completely different.
10. WHAT IS YOUR FORECAST REGARDING HACKER ATTACKS ON CRYPTOCURRENCY EXCHANGES?
I believe that attacks on the exchanges will be more sophisticated and numerous. Unfortunately, all sorts of cryptocurrency criminals enjoy complete freedom of action in the sphere, because the cryptos already trade for fiat money, but at the same time they are not recognized in most countries. It all happens today, despite the unprecedented opportunities for transparency, which feature major cryptocurrencies, namely bitcoin.
11. ANDREW, I WOULD LIKE TO KNOW THE ORGANIZATION STRUCTURE BETWEEN EXSCUDO, CLARUS (THE PATENT HOLDING COMPANY) AS WELL AS OTHER STARTUPS THAT YOU ARE STILL WORKING ON? IS CLARUS THE PARENT COMPANY? WHICH ORG. DO YOU PUT YOUR INTEREST/EFFORT AT THE MOMENT?
At the moment all the copyrights belong to the Exscudo OU company. Clarus and Exscudo OU have a long term development contract which provides for the transfer of all the copyrights emerging during the work on Exscudo and EON projects. By now Clarus company is the main contractor of Exscudo OU, but we are working on hiring tech specialists in Estonia as well.
12. I DON’T UNDERSTAND HOW DECENTRALIZED EXCHANGES WORK. I KNOW I HAVE TO KEEP MY COINS IN MY WALLET BUT HOW DO I TRADE THEN? IS THE TRADE AUTOMATIC? WHEN I PLACE AN ORDER VIA THE SITE PORTAL WILL THE EON BE AUTOMATICALLY TRANSFERRED TO MY WALLET? DOES MY WALLET NEED TO BE OPEN IN ORDER TO TRADE? WHAT’S STOPPING SOMEONE ELSE TO TRADE ON MY BEHALF?
This is a good question, but the answer is not easy. I will try to explain everything with the example of token conversion operations on the exchange via one of our products – Channels wallet.
When someone decides to exchange one cryptocurrency for another this user’s Channels wallet issues and signs a document for EON net similar to a letter of credit. However, it is not launched into the net at once, but first is passed via protected channels to the trading core. Letter of credit is a potential operation of the exchanged color coin funds transferring from the user’s wallet to the exchange wallet. When trading core receives this letter of credit it finds the counter order and matches them, forming a transaction.
Finally, trading core launches into the net two operations connected by one transaction: first – user’s letter of credit, second – sending another exchanged color coin to the user.
These operations can only be accepted by EON net synchronously, and that is actually the financially secure decentralized operation.
13. HOW ARE YOU GOING TO DEFEND YOUR SYSTEM AGAINST DDOS ATTACKS?
As a starting point we are using standard solutions such as CloudFlare. Nevertheless we understand that the recent attack on Kraken, which also uses Cloudflare, has shown that it will not be our final solution and we will continue to look for more effective technologies.
14. HI. I JUST WANT TO ASK WHAT WILL HAPPEN TO THE BITCOIN CASH EARNED WHEN THE BITCOIN FORKED ON AUGUST, 1 2017. WILL IT BE REDISTRIBUTED AS ADDITIONAL EONS TO THE INVESTORS?
No, there will be no redistribution of EON in connection with the fork.
15. IS THERE A PLAN B IN CASE EXSCUDO WILL NOT BE ABLE TO SET UP ITS OWN BLOCKCHAIN? IS IT POSSIBLE FOR EXSCUDO TO BUILD THEIR EXCHANGE AND DISTRIBUTE THE TOKENS ON WAVES PLATFORM? WAVES IS ALSO BASED IN RUSSIA AND I REALLY LIKE THE WAVES PROJECT. I’M ASKING BECAUSE I’M AFRAID EXSCUDO IS FACING SOME TROUBLES WITH SETTING ITS OWN BLOCKCHAIN AND THAT THE TEAM WAS TOO ENTHUSIASTIC ONCE SETTING UP THE ROADMAP.
Let’s just say we have a Plan B for every potential problem. However we do not consider WAVES as an alternative. Migrating to some other blockchain rather than EON is highly improbable. Anyway, we would rather choose NXT technology than WAVES, because it is an original project.
Right now we don’t have any unsolvable problems for the launch of EON. It has been functioning for half a year on our nodes already , so any fears are exaggerated.
Our deviations from the original roadmap are connected with security concerns.
16. DO YOU HAVE A PDF ON RECOMMENDED SECURITY MEASURES FOR A LINUX USER?
There are no specific measures for Linux based systems.It’s enough just to use your confidential info safely, as usual.
17. THE TESTNET IS DELAYED UNTIL OCTOBER,4 2017, HOW DOES IT AFFECT THE OTHER TIMELINES (EXCHANGE LAUNCH, MESSENGER LAUNCH, CREDIT CARDS ETC) WHICH WERE PLANNED BY THE Q4 2017?
The shift in timing is proportional to that period of time that the Testnet launch was delayed. We are doing our best to make it on time, but security measures is not the thing you can omit.
18. WHAT PRODUCTS ARE READY AND ONLY WAIT FOR THE EON LAUNCH?
I’ve already answered the question partly. We have Channels app ready, and the bigger part of exchange servers. That’s what concerns our major products.
19. THE INTERFACE PICTURES WERE MADE AS SCREENSHOTS OF A FUNCTIONING INTERFACE OR WERE THEY MADE IN PHOTOSHOP? ON SOME PICS WE CAN SEE A SLIGHTLY COLOR OF THE FONT, SO IT MAY LOOKS SO THAT YOU HAVE USED PHOTOSHOP FOR THAT AND NOT THE REAL PRODUCT. CAN YOU SHOW THE CLICKABLE INTERFACE ONLINE TO MAKE SURE THAT IT IS READY?
Actually, we used neither the screenshots, nor the Photoshop. These are the pics of the testing system of the templates.
Yes, we can make an online stream with the interface. However, it will not be practical, as the final interface will be somewhat different from the showed one. It is made for the sake of protecting it from copying.
20. DUE TO WHAT HAPPENED WITH SOME VERY POPULAR AND OLD EXCHANGES RECENTLY, HOW REALISTIC IS FOR EXSCUDO TO TAKE 5-10 ON THIS MARKET? AND WHAT ARE YOUR CONSIDERABLE ADVANTAGES IN COMPARISON TO THE LEADING EXCHANGES, IN YOUR POINT OF VIEW? WHAT ARE THE MAIN DRAWBACKS OF THE EXISTING EXCHANGES NOWADAYS?
We think we have all the chances to be in top because we are working for a long time to solve the key problems such as audit, beneficiaries deanonymization and so on. (We started to tackle these questions before the ICO and project start announcement).