In part 1 of this series, we established some of the inherent vulnerabilities of deposit addresses, which can be exposed to human error or leveraged for cyber attacks and internal fraud. For part 2, we’ll take a look at some of the solutions financial institutions are utilizing to handle these vulnerabilities.
Today, operations teams are relying on three primary methods to protect deposit addresses (oftentimes all in conjunction with each other): test transfers, whitelisting, and hardware wallets. In this blog post, we’ll take a deeper dive into why organizations rely on these solutions—as well as some of their limitations.
1) Test Transfers
One of the most common methods employed by institutions to prevent deposit address manipulation is the test transfer.
Test transfers are meant to ensure that the deposit address has not been compromised in transit—which could occur by hackers intercepting and modifying the deposit address, and ultimately sending assets to their own wallet.
Though this manual security protocol adds another layer of safety, test transfers can be very time-consuming. This is because they require a back-and-forth verbal communication process between both parties involved in the trade.
Once the details of the trade are confirmed, typically through a communication service like WeChat or Telegram, the deposit address is shared. Then, a small amount of currency (such as 0.0001 BTC) is transferred. Next, the operations team contacts the counterparty to confirm that the test transfer has been received. Once the test transfer has been confirmed by the counterparty, the full transaction is completed. With all of these steps, it takes ~15-30 minutes to complete a post-trade settlement using test transfers.
In addition to being time-consuming, test transfers are also far from foolproof. There have been cases of hackers deploying malware that allows the initial test transfer to work, then replaces the deposit address with their own. Hackers can compromise a messaging service to accomplish attacks of this sort—often via deposit address spoofing or man-in-the-middle attacks.
In another case, two parties confirmed that the deposit address was correct and safe through a test transfer—but because one of the parties entered the approved deposit address into an incorrect blockchain (bitcoin cash instead of bitcoin), the assets were lost.
The next layer of security comes in the form of whitelisting. This process involves authenticating a counterparty’s deposit address, then permanently storing it for future trades.
Whitelisting is another manual way of authenticating a deposit address, and it asks a number of professionals within an organization to devote time to the procedure.
While it can be a powerful security measure, whitelisting ultimately cannot prevent internal fraud. A rogue employee can go into the organization’s spreadsheet or database and swap out the deposit address of a certain whitelisted counterparty for their own.
There are a few ways whitelisting itself can go wrong. For one, a simple fat-fingers error could occur while entering the deposit address, or the whitelist logic could be set up incorrectly. An error of this sort can be caught before it’s too late if whitelisting is being used in combination with a test transfer; however, it still causes delays and rework. And if your counterparty is rotating deposit addresses with any frequency, whitelisting becomes very risky.
In addition, whitelisting reduces the inherent pseudo-anonymity that makes blockchain so valuable. The bitcoin blockchain, for example, supports the ability for one account to have infinite deposit addresses on the blockchain—or a new address for every transaction—through a hierarchical deterministic address system. By relying on whitelisting to authenticate trades, institutions are undermining an important aspect of blockchain technology.
3) Hardware Wallets
Another common method adopted by institutions is the hardware wallet, which introduces an important layer of security through hardware isolation.
With wallets like Ledger Nano, the deposit address is displayed on a hardware device with a small screen. The user then compares that deposit address to the one on their computer to assure that it’s exactly the same, meaning that it has not been compromised by hackers.
The assumption being made here is that it’s impossible to compromise the hardware wallet because of its hardware isolation. However, hardware wallets cannot prevent interference with the user’s computer—for example, malware could infect a computer to swap out the recipient's address for the hacker’s address during a high-value transaction. Ultimately, hardware wallets are great for securing private keys, but will not be able to prevent deposit address theft or hacking.
Hardware wallets also require users to pay close attention to detail with every transaction. Users have to look back and forth between the hardware wallet and their computer screen to authenticate the deposit address. And at the speed that hardware wallets display information, this process can hinder productivity in a high-volume trading environment—especially after sending 30+ transactions.
Organizations also rely on “4-eyes policies” to ensure that deposit addresses are being correctly implemented from the hardware wallet. This means that at least 2 professionals have to check that the transaction is correct, every single time—and both of these professionals need to be present in the same physical location. For organizations looking to facilitate more than just a few trades a day, this poses a significant problem.
Deposit Address Security & Scalability Matrix
We’ve gathered information about each of the 3 primary methods operations teams are currently relying on—and assigned a Secure Scalability Rating to each one. Here’s how test transfers, whitelisting, and hardware wallets stack up from a security and operations standpoint:
Passive vs Active Trading Strategies
Unfortunately, in a high-frequency trading environment, these methods expose firms to internal fraud, cyber attacks and human error. They don’t fully mitigate deposit address vulnerabilities, and can interfere with the speed at which businesses need to operate.
Alternatively, with a passive trading strategy, these tactics and solutions can be quite effective. They’re especially useful if you approach every transaction with caution, take your time, and consistently combine all 3 methods.
Need help securely scaling trading operations?
Some of the largest active hedge funds, OTCs, exchanges, and liquidity providers who frequently move large amounts of digital assets have moved to Fireblocks, because we’ve completely eliminated deposit addresses from the settlement process.
If you need to expand and streamline trading operations, request access today to see Fireblocks in action.
Fireblocks is an all-in-one platform for securely moving digital assets across your entire ecosystem. It’s the fastest and most secure way to move digital assets between exchanges, OTCs, counterparties, hot wallets, and custodians. Besides removing the need for deposit addresses, our platform also eliminates logging in & out of exchanges and dealing with insecure or slow storage solutions.