Exchanges

Exchanges play a big role in making cryptocurrency available to the world. Although many tactics we’ve seen over the years could be considered a bit questionable, they undoubtedly have an important role. I want to ask all exchanges to move forward very carefully and think about the good of our industry. Your image, behaviour and fame are directly tied to the image of the cryptocurrency industry (and subsequently your long-term profit too).

I want to address the confirmation requirements. Most exchanges (if not all), allow crypto deposits with very unsafe confirmation requirements. I have seen confirmation requirements of just a couple of blocks on networks where double-spending on a couple of blocks would be rather trivial. This became more of an issue recently, with NiceHash allowing for attacks on smaller networks. It doesn’t necessarily just have to do with the security of those cryptocurrencies involved, but rather with how you handle deposits as an exchange. Cryptocurrencies with larger networks simply need fewer confirmations, making them faster for your use-case. Smaller cryptocurrencies will need more confirmations to get the same level of security.

Security and speed are not some magical quality of cryptocurrencies that you can turn on by writing some code (or leaving some out). Security is a direct result from the energy spent on that network. That’s a feature of most cryptocurrencies. Simple as that.

So how should you handle deposits?

I encourage exchanges to increase to confirmation requirements for most coins on most exchanges. I personally wouldn’t mind waiting a bit longer for a safer exchange. You can for example set a standard high amount of minimum confirmations. Bittrex recently did this by setting confirmations to 300 for Vertcoin. This is however a bit extreme for tiny deposits.

A much more customer-friendly way to secure deposits can be achieved by creating a relative increase in confirmations needed depending on the amount deposited and the cost to attack the network. Here’s how that would look in practice.

(x / c) * y + b x = Value of deposit c = Cost of owning the network for 1 hour y = Number of blocks per hour b = Base

The cost of owning the network comes from the available hashrate that you can rent through services like NiceHash. If there is enough hashrate available, the cost can be calculated by looking at the cost to rent a majority hashrate share for an hour. This is dynamic process that requires re-evaluation in real-time.

You can set the base (minimum number of confirmations) depending on the network size, so smaller network mean a higher base. This value is completely subjective, and could be left out if you please. However, the base helps protect you from large volumes of transactions that may be related to a double spend, whereas the rest helps you scale the number of confirmations for protection against double-spend attempts with bigger transactions.

Furthermore, you can keep an eye out for a high volume of smaller transactions in the network, especially if they are directed at the same account. It is also important to keep an eye out for when a lot of low activity or new accounts accounts are suddenly making a lot of deposits at the same time.

No doubt, securing an exchange is much harder than it seems. But in the end, these basic measures take you a long way in protecting yourself against double-spends.