Welcome to the Developer Q&A for the MultiChain blockchain platform.

Please feel free to ask questions about the platform to receive answers from the MultiChain developers or other members of the community.

Related questions

4,147 questions

4,360 answers

5,713 comments

Most popular tags

Bitfinex another bitcoin network hacked yet again.

+1 vote
My question is really more of a discussion question. We cannot ignore the fact that bitcoin yet again was hacked. I believe this is the second time Bitfinex was hacked.

The question is does MultiChain have any better idea as to how exactly the hacking was done. There are a lot of articles but no real concrete evidence that Bitcoin core itself was to blame. I do believe that the future of multichain depends on Bitcoin core and in order to build a better system which will add more consumer confidence we need to know how hackers still managed to steal a boat load of coins.

So was it an inside job? Did some network admin gain access to private keys? This of course is the easiest method for hackers and is really not hacking because employees/admins are just giving away keys they already have access to. I believe that a majority of hacks come from superusers who decide they do not want to be loyal to a company any longer.

Maybe it was the network configuration, the way Bitfinex implemented their user accounts. Its not really clear as to what happened and whether Bitcoin core itself is to blame. When using multichain what benefits do we have over Bitcoin core to avoid or prevent these breaches? Can you point out some of the things that could be done when we pinpoint a specific address or network of addresses who we know are the thieves. This will help the multichain community build more confidence. Does address permissions management and managing a private blockchain add a lot more network control and help stop or even reverse criminal activity? Remember hackers could join a private blockchain network as well as a public network. Its impossible to screen a user behind every new address. What impact does this all have for the future of multichain?
asked Aug 4, 2016 by dtarsio

1 Answer

0 votes
As far as we know, and this matches other bitcoin hacks, this is due to a straightforward information security issue, i.e. key compromise. MultiChain is similar to Bitcoin Core in that you have the option of keeping keys outside the node using whatever secure method you wish (including hardware devices or air gapped computers). You can build the unsigned transactions in MultiChain, then move them elsewhere for signing, then bring them back to MultiChain for rebroadcast. In a blockchain you can't really ask for more than that.

The other issue of course is that, being permissioned, a MultiChain blockchain doesn't have the same properties as the bitcoin blockchain in terms of the ability to irreversibly move a real bearer asset (bitcoin). In a permissioned blockchain, for each key holder, someone knows that key holder's real identity (otherwise it's not meaningfully permissioned), so any fraud can be tracked down and reversed. For example in MultiChain by default only whitelisted addresses are allowed to receive funds, so the fraudster cannot hide.
answered Aug 4, 2016 by MultiChain
Can you elaborate a little on the option of keeping keys outside the node and building the unsigned transactions in MultiChain and then signing them elsewhere.

Is this the same as encrypting a wallet and keeping a cold copy of the key on another machine for signing? I am not exactly sure how you would keep private keys outside the node other than cold copies from a key dump. Are you installing a different kind of wallet?
commented Aug 4, 2016 by dtarsio
Yes, it's exactly like cold storage. You can generate keys outside the node and use them for signing. Any code library that does this for bitcoin will be compatible with MultiChain, though see the information here about MultiChain addresses: http://www.multichain.com/developers/address-format/
commented Aug 9, 2016 by MultiChain
...