Don’t we all remember Mt Gox, the Pompeii of bitcoin which almost burnt the cryptocurrency to ground? For those who don’t, Mt Gox was a Japanese Bitcoin Exchange which held the distinction of being the largest exchange in 2013. The exchange later shut down claiming its bitcoin reserves were stolen by hackers. Investigators are still trying to figure out what happened to 650000 of the 850000 bitcoins that were allegedly stolen from the exchange.
There have been multiple reports of bitcoin stolen from wallets and vaults of various bitcoin exchanges and wallet providers since the Mt Gox fiasco. Bitcoin has been a currency of interest for many hackers for multiple reasons. The digital currency is not easy to track due to its pseudonymous nature. Even though transactions are recorded in real-time on the blockchain, associating a wallet address to its owner’s real identity takes a lot of time and resources. It can be made even harder by using the right proxy and VPN services.
In addition, bitcoin transactions once executed can’t be reversed unless the recipient manually authorizes the transaction from his wallet. So, once the hacker transfers the bitcoin from his victim’s wallet, there is no way for the victim to claim the bitcoin back. At least, that was the case until now. It may soon be different if things go according to Professor Emin Gun Sirer’s plan. Prof. Emin from Cornell University has used the scripts available in the existing bitcoin protocol to create a vault that can prevent bitcoin owners from losing their bitcoins and also help them recover the stolen bitcoins.
Bitcoin Covenant Vault and Poison Transaction
The new vault, developed by Cornell University professor is called a Covenant and it uses the inbuilt bitcoin script to create special transactions. Users can transfer their bitcoin for safekeeping in a vault by using this special transaction protocol. The Covenant’s vault is similar to a regular bitcoin vault with recovery keys. However, unlike the conventional bitcoin vault, this one is more of a savings account than a deposit locker. All bitcoins in the Covenant vault are tagged by the protocol in such a way that any bitcoin spent over the blockchain from this vault can be recalled in no time. In addition, it also allows the user to burn the stolen bitcoin in case both his/her vault and recovery keys are compromised.
By default, vaults delay the transaction by enforcing a waiting period, giving ample time for the owner to take necessary remedial action in case of an unauthorized transaction. The owner can block the impending bitcoin transfer from the vault by using recovery key. The user can use this mechanism to thwart any number of attempts to transfer funds by the hacker. In a worst case scenario, when the hacker is in possession of vault key and recovery keys, the user can choose to initiate poison transaction which replicates a fraud attempt by splitting the block containing stolen bitcoin. This will then be detected by blockchain as a fraudulent transaction and the containing blocks will be disabled forever.
The Bitcoin Covenant developed by Prof. Emin also uses Bitcoin NG script and it can potentially be the solution to prevent criminals from stealing bitcoin. Once implemented, it will drastically reduce hacking attempts on bitcoin companies and wallets.