Historically, one of the most prominent attack vectors cryptocurrency exchanges have had to deal with were their hot wallets — wallets connected to the internet that hold a certain amount of funds to provide instant liquidity to users in the event of rapid influx of deposits or withdrawals.
Being online most of, if not all the time, hot wallets are exposed to a variety of risks that cold wallets aren't. Multisignature approaches seek to alleviate these risks, but cannot address them completely.
UK-focused Bitcoin exchange CoinCorner has now published the initial findings of a research project conducted to find a way to mitigate the risk associated with hot wallets without compromising on their accessibility. The result: "Hoffline," an automated, air-gapped Bitcoin hot wallet that looks to combine the convenience of an online wallet with the added security of a cold wallet by storing the associated private keys offline.
On Wednesday, CoinCorner CEO Danny Scott shared a video of a local test conducted by the exchange's research team, showing an early structure that includes an online device (OnDev) and an offline device (OffDev), the key components of the installation.
The transaction process using Hoffline starts with the OnDev, which receives a transaction to send from the database and goes on to create an unsigned transaction and the corresponding QR code. That code is then scanned by a camera connected to the OffDev, which validates and signs the transaction, creating another QR code that contains the signed transaction data. The OnDev device then scans the code with its own camera and broadcasts the transaction to the Bitcoin network.
The approach, although seemingly simple, allows for the offline storage of a wallet's private key, an important factor that contributes to the wallet's overall security level.
Although the project is still in its early stages, CoinCorner's research team, which is led by Scott alongside Zakk Lakin, Jack Tyrer, David Boylan, and Alex Delaney, is already looking into ways to optimize the process. One possible approach involves Blockstream Satellite, a network of satellites that broadcasts the Bitcoin network from space, allowing Bitcoin nodes to be installed and kept in sync without the need for an internet connection. CoinCorner is exploring setups that would connect the OffDev to the satellite network in order to run a full node on the device.
The research project presents the latest move in line CoinCorner's declared commitment to contribute to the Bitcoin ecosystem and "stay at the forefront of the Bitcoin industry," according to Scott.