The recent incidents with Steem show a critical vulnerability in proof-of-stake algorithms that might affect all cryptocurrencies and exchanges.
The Steem blockchain reportedly experienced a troubling episode recently, whereby the blockchain’s entire governance system was disturbed. Tron founder Justin Sun, new owner of the Steemit social network based on the Steem token, appears to have successfully executed a takeover of Steem by leveraging not only tokens directly controlled, but also tokens held on several major exchanges, in order to vote out the previous delegates (Steem uses a delegated proof-of-stake system) and install new ones. This means that customers of these exchanges likely had their funds used without their consent in this blockchain power struggle.
While it was an unfortunate episode and certainly fascinating to watch play out, the Steem takeover may have just outlined a critical vulnerability in all proof-of-stake cryptocurrencies — exchanges.
What this means for proof-of-stake
What does this mean for proof-of-stake consensus models? In short: they may be more vulnerable than advertised. Proof-of-stake distributes power to holders of the currency, with ownership over more tokens equaling more control over the network. This essentially makes a well-distributed coin supply a necessary component of its security model, with fewer parties owning a significant portion of the supply and no single party able to control and attack the network without massive expense. However, this model assumes holders are using their tokens as they were intended to be used — that is, without trusting third parties with their funds. Unfortunately, this does not always happen, especially with one case in particular: exchanges.
Centralized exchanges tend to control the private keys to large chunks of various cryptocurrencies, often consisting of the largest holder addresses. This means that the practical cost to attack a proof-of-stake network is actually quite a bit lower with the right connections. A malicious actor now has to acquire a relatively smaller portion of the coin supply in order to attack the network if they can either leverage relationships with large (and undoubtedly, morally unscrupulous) exchanges, or exert coercive force against them, either criminal or from a state actor.
This actually makes factors such as speed, usability and economic use cases vital to the base security of the network. The primary present-day use case for cryptocurrency remains speculative, encouraging the average user to keep their funds on exchanges in order to more easily profit from trading opportunities. This can be compounded by a difficult user experience turning users off from staking on their own, particularly as more and more exchanges now offer staking for users. Few use cases for the coin outside of trading as well as slower transaction speeds in getting coins on and off of exchanges further compound this issue.
Proof-of-work has its own problems
Now, while this raises plenty of concerns as to the viability of purely proof-of-stake consensus models, that isn’t to say that proof-of-work escapes unscathed as the paragon of decentralized security.
Mining, both in the actual control over hashrate and in the production of mining equipment, is notoriously centralized in China among a few large players. An in-depth discussion on potential proof-of-work vulnerabilities is a topic for another day, but suffice to say that a hostile actor could theoretically add to the currently-held hashrate by compromising via force or collusion the hashrate of any of the large mining pools located in China.
This is very similar to the threat posed by centralized exchanges with proof-of-stake, with both cases involving a system which may be decentralized on paper, but in practice congregates control over the network in the hands of a few large players.
What’s the solution?
So, how can we fix this problem? In short: it’s difficult and complicated, and to solve it would mean to solidly win in the one area which justifies cryptocurrency’s entire existence. However, there are a few things we can do.
First is to employ hybrid systems mixing elements of proof-of-work and proof-of-stake to reduce the likelihood that a central actor can compromise one of these systems and attack the network as a whole. One key example of such is Dash (DASH). It uses proof-of-work mining combined with a technology called ChainLocks, which leverages collateralized nodes called masternodes to lock-in the blockchain and prevent chain reorganizations in the event that a single miner manages to control over half the network’s hashpower. This is compounded by Dash’s instant transaction settlement functionality, which allows traders to more easily move funds on and off exchanges (reducing the risk of exchanges spinning up a plurality of masternodes using customer funds), as well as the project’s focus on use for payments rather than speculation. However, because masternodes require holding 1,000 units of Dash, smaller holders may pool their funds into staking services on exchanges and similar platforms, exacerbating the centralization of funds onto trusted platforms. Further, even with projects that get it right in both security model and non-speculative usefulness, exchanges will always factor heavily in the crypto economy, and no solution will be comprehensive before relatively decentralized exchange platforms that are both easy to use and address liquidity issues are developed.
Steem’s troubles have woken the crypto world up to the inherent vulnerabilities of proof-of-stake based systems in a world where centralized exchanges control large amounts of funds. Ultimately, this problem will take many steps to fix, including using hybrid security models, increasing non-speculative use cases, and decentralizing exchanges, which will take some time to get right. In the meantime, remember: Not your keys, not your crypto.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.