The very capable minds at Israeli Blockchain cyber startup GK8, developer of a high-security digital safe for securely managing digital assets and cryptocurrencies, have identified vulnerabilities in Multi-Party-Computation (MPC) networks, which are the backbone of safeguarding your most prized digital assets, including Bitcoin and any cryptocurrencies used by banks and exchanges. Following the discovery, the company claims that these critical vulnerabilities can severely hamper the adoption of digital assets by financial institutions and banks in the U.S. and around the world.
In Multi-Party Computation networks, several independent and remote PCs are involved in the signing ceremony of any blockchain transaction. MPC security is based on dividing each private key into shards and only by piecing all of them together is the key then revealed.
"MPCs have two main vulnerabilities,’’ said Lior Lamesh, CEO and co-founder of GK8. ‘’The first one is that they rely on the network of co-signers to be always connected to the internet. Even if their algorithms are extremely sophisticated, a skilled hacker with enough effort and persistence will eventually identify an attack vector in each of the co-signers and compromise the entire MPC network.
“The second vulnerability has to do with the size of the MPC network being deployed. MPCs are typically programmed in a way that once the majority of PCs in the MPC network (usually 2 out of 3, or 3 out of 4) provide their shard of the key, the request to execute the transaction is authorized. What this means for hackers, is that they simply need to hack into one or two additional PCs to complete their takeover of the valuable keys. While this entails considerably more effort from the hacker, in today’s lucrative crypto market, hackers will consider investing millions in order to steal billions.
According to Lamesh, expanding the MPC network to include more co-signers is not a feasible option, as an expansion of regular MPC networks creates serious performance implications, making legitimate transactions to the blockchain slow and inefficient. Hence, the largest MPC networks in the market today typically don’t exceed 5 PCs.
To solve the challenge posed by MPC’s inherent vulnerabilities, GK8 has developed an air-tight vault, which is never connected to the internet, and therefore cannot be hacked. The vault is where the keys for the vast majority of digital assets are stored, with MPCs controlling just a fraction of the assets. The vault is connected with a unidirectional connection to the MPC, in a way that signed transactions can only go out from the vault, never in.
On top of the unique vault, GK8 has a patented solution that enables the addition of dozens of PCs to the custodian MPC network – with no impact on network performance. “This is far more than just safety in numbers,” explained Lamesh. “the ability to add dozens of automated co-signers to any MPC network changes the equation for hackers, setting up a barrier whose breach would by definition require spending more than ever getting in return”.
According to Lamesh, customer demand for crypto services creates strong incentive for banks to enter the cryptocurrency domain, but banks are hesitant to do so in light of the associated security risks. “This is understandable, considering that as much as $4.5 Billion in crypto were stolen in 2019 alone. That’s why it's imperative for banks to seek a secured platform that mitigates hacker attacks that can result not just in loss of digital assets, but also in severe reputational damage”.
Tel Aviv based GK8 was founded in July 2018 by CEO Lior Lamesh and CTO Shahar Shamai, who previously defended the State of Israel’s strategic assets against cyber-attacks. GK8’s investors and advisory board includes Check Point Founder Marius Nacht, Israel Discount Bank, Zcash founding scientist Professor Eran Tromer and former head of Israeli intelligence cyber-security unit Ilan Levanon.