Stellar Lumens (XLM) Forum with for newcomers and contributor's rewarded Check here

Dubbed Crypto’s Hot New Trend, Staking Raises Major Security Risks
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[Image: crypto-cryptocurrency-staking-risks-shut...80x350.jpg]
Crypto staking is a hot new trend, but it's far from safe. Quite the opposite, it introduces a slew of new problems. | Source: Shutterstock

During what has become the longest bear market to date in cryptocurrency, it’s no surprise that anxious investors are eager to find alternative strategies to continue making gains during the downturn. One of those strategies, which has become a hot trend in crypto, is the practice known as staking.


In staking, investor-owned tokens are placed in digital crypto wallets and then used to validate transactions that create new blocks in blockchain networks. This, in turn, produces coin rewards that can increase the holder’s total asset value.

While vaguely similar to traditional banks’ interest-bearing accounts, the proof-of-stake (PoS) process can generate wide-ranging returns, depending on the coin type and amount held. Recent reports indicate that PoS cryptocurrencies have $4 billion in staked funds.

Consider Ethereum, the second-largest cryptocurrency that was founded as a pure proof-of-work-based blockchain. Now the project’s developers are working on a PoS system that will let stakeholders deliver new services to Ethereum-based applications, which offers them a way to build on the community while earning more coins.

Even though staking represents a major deviation from how transactions have been typically verified in mining, it’s easy to see the appeal. As the major cryptocurrencies tumbled more than 80 percent in value last year, staking purports to give a promising way for the investors to “play it safe,” staying “in it” for the long game.


But staking is far from safe. Quite the opposite, it introduces a slew of new problems. Media coverage has called out risks, but they’ve mostly focused on the financial ones. That’s not the only thing that should keep stakers up at night. There is a big safety risk outside of price fluctuations or the long-term cryptocurrency viability that exists in staking, and by and large many are completely unaware of it. In fact, the threat derives from an increasing problem in the larger cryptocurrency ecosystem: hacking, theft, and data exposure.

In many ways, blockchain’s overall perception of security seems to have lulled some to take the larger ecosystem’s security — including the networks it runs on — for granted. However, we continue to see cracks in blockchain’s hack-proof veneer, most recently noted by MIT Technology Review. The truth is that staking additionally introduces many security issues that, to date, haven’t been properly handled. Consider a few possibilities.


[Image: bitcoin-crypto-hack-shutterstock.jpg]
If the crypto network on which you are staking funds requires computers always to be online, your IP address will be at significant risk. | Source: Shutterstock

Often, staking requires computers to be always online. That fact alone exposes the IP address of the staker and introduces the potential to be hacked.

Once a machine is compromised, you can bet that hackers will immediately target the private key of the staker, creating increased theft vulnerability. In this way, many versions of staking are completely different than mining with proof of work. With most proof of work networks, nodes can mine without requiring any private keys to be present. Keys can instead be kept safely offline in cold wallets. But with many forms of staking, keys must be kept online.

Due to hackers’ ability to glean IP addresses and other metadata such as the amounts being staked, the stakers might as well be leaving their cash stacked next to their window. Sure, the front door might be locked, but is that going to stop a determined thief?


In another example, we’ve seen the emergence of staking pools as an alternative to managing one’s own staking infrastructure.

However, that in and of itself means that you’re then putting your trust in the group maintaining the pool. It’s not like there’s any shortage of ways to insecurely operate pool infrastructure, as pools can and do get hacked all the time.

If large companies with valuable brands like Yahoo and eBay get hacked in spite of employing dedicated cybersecurity teams, then how can you trust a staking pool?


[Image: gamble-place-bet-poker-chip.jpg]
Every transaction increases your risk of exposing your IP address to hackers. | Source: Shutterstock

Decred is one example of a coin that can be done with “always online” mode or through staking pools. But, even 
coins which don’t require a computer that is always online, like the way that NEO does staking, still can have security issues.

With NEO, when you claim your staking rewards (“gas”), you perform a transaction which again exposes an IP address, introducing the potential to be hacked. On top of that, with NEO, if you want a strong compounding effect, then you must claim rewards often, converting them back from gas to NEO.

All of these actions require more transactions that compound risk of exposure of computers, IPs, and private keys. Particl, which recently introduced cold-staking hardware, even acknowledged that:

Quote:“No matter how secure the staking process is, users still need to execute transactions to either spend or sell their staking rewards or rearrange their setup. That means private keys still need to ultimately be exposed in plain text, even if only for a brief moment.”


[Image: ethereum-security-shutterstock.jpg]
Cryptocurrency stakers should take proactive steps to secure their funds. | Source: Shutterstock

So, are there ways to reduce the chances that staking transactions expose your IP address, location, and data? Yes, but historically it’s been tricky, because the tools and low-level networking knowledge that are necessary to properly obfuscate traffic are hard to come by.

Some address it by setting up a VPN proxy, but VPNs are notoriously complexwhere even one misconfiguration can result in no protection.

However, blockchain-based relay networks may offer a better solution. Instead of setting up your own VPN or trusting a third party, it’s now possible to obfuscate where a transaction is coming from and always keep your data encrypted over internal hops. The key is to set up your own mini-relay network that can proxy traffic on and off multiple servers globally. This has become easier and easier thanks to the power of high-quality, open source blockchain and peer-to-peer networking implementations. Imagine if you own ten nodes, where one is behind a firewall (never publicly facing), and the other nine are acting as relay nodes, bouncing traffic from server to server. 

If your primary server is in Russia, this configuration will look like you were broadcasting from there.

Taking it a step further, you can obfuscate even more if you use multiple servers and have traffic exiting off of multiple nodes, leaving hardly any ability to trace where the server location is. It’s sort of like having your own TOR network, but the key distinction is that you control your own nodes. And, of course, there is the fact that TOR networks are famously slow. Even constructing the most complicated obfuscation topologies has now been made so easy by emerging blockchain projects that if you are considering staking, there is no reason not to be looking into these solutions.

The bottom line is that everyone should understand the security threats associated with staking. It wasn’t too long ago that blockchain as a whole was considered uncrackable, and sophisticated hackers caught up in short order. 

It’s almost the irony of humanity. It’s only when large sums of money are at stake that humanity often is at its craftiest. The key is for the rest of us to continue being one step ahead.

by Jong Kim

Possibly Related Threads...
Thread Author Replies Views Last Post
  How to Trade Big Crypto Volumes, Explained crytocure 0 10 6 hours ago
Last Post: crytocure
  The Power of Crypto: $933 Million Worth of Bitcoin Sent for $4 crytocure 0 13 9 hours ago
Last Post: crytocure
  Android Tool Lets You Check Crypto Payment Apps for Double-Spends crytocure 0 21 Yesterday, 01:04 PM
Last Post: crytocure
  The Ripple Effect: Crypto Platform With 2.5 Million Users Now Supports XRP crytocure 0 42 14-10-2019, 01:19 PM
Last Post: crytocure
  Attackers Create Elaborate Crypto Trading Scheme to Install Malware crytocure 0 17 13-10-2019, 11:41 AM
Last Post: crytocure
  This Crypto Trading app for MacOS is not What it Seems crytocure 0 22 09-10-2019, 01:50 AM
Last Post: crytocure
  The benefits and potential risks of cloud mining crytocure 0 472 07-10-2019, 03:39 PM
Last Post: crytocure
  Multiple Traders Predict an Incoming Altseason in Crypto crytocure 0 39 06-10-2019, 02:26 PM
Last Post: crytocure
  Crypto Community Erupts As Coinbase Increases Fees for Retail Traders crytocure 0 33 06-10-2019, 11:28 AM
Last Post: crytocure
  Top Crypto & Bitcoin Affiliate Programs to start earning crytocure 0 46 05-10-2019, 11:30 AM
Last Post: crytocure

Users browsing this thread: 1 Guest(s)