Blockchain and Crypto: Will Security Issues Finally Be Dealt With in 2020?

Published at: Jan. 9, 2020

The past few years have been a watershed moment for security in crypto. As the asset class has gained popularity, more and more security breaches have been highlighted and more institutions targeted.

The burgeoning industry is ripe with opportunity, but also with risk. Two incidents that highlight this lapse in security spring to mind.

Back in January 2018, Coincheck Japan was targeted, with attackers succeeding in stealing $530 million worth of NEM tokens from the crypto exchange. It is one of the biggest crypto exchange heists in the relatively short history of the industry and stands alongside the infamous attack on Mt. Gox, when around 800,000 BTC was stolen — a sum worth over $6 billion today. 

Related: Crypto Hacks: Crypto Exchange Hacks & Cryptocurrency Hackers

Further back in February 2016, the Bangladesh Bank was targeted. Thieves tried to steal a total of $850 million via properly authenticated transactions in ordering the Federal Reserve Bank of New York to transfer the money through the SWIFT network. While “only” $101 million was transferred to final beneficiaries in the Philippines and Sri Lanka, this ended up resulting in a whopping total of $81 million successfully stolen during the incident.

What do these incidents have in common? The complacency of the victims — central banks and top crypto exchanges — and their management of security credentials (be it passwords or private keys) in giving access to the transfer of fiat money or cryptocurrencies.

The SWIFT network used for the Bangladesh Bank and other similar heists was not hacked, the users of the network were. The blockchains utilized to transfer the NEM out of Coincheck and the BTC out of Mt Gox were not hacked, the exchanges — i.e., the users of these blockchains — were. Their systems and credentials were so poorly protected that hackers were able to take control and impersonate their victims with ease.

The SWIFT community reacted to these events by reinforcing cybersecurity controls, by identifying the weakest players and by ensuring hackers’ modus operandi were shared among the community to prevent further incidents. Has the crypto industry done the same and learned from its mistakes? Probably not at the level this issue deserves. Will 2020 see more collaboration to prevent these incidents or to enable the recovery of stolen funds in case of successful hacks? The jury is still out.

The industry has progressed, but a lot of work remains 

In the last two years, security in the crypto industry has evolved dramatically. The technological solutions offered by noncustodial and custodial wallet providers are more and more robust.

Organizations have used hardware- or software-based multisignature wallet access, encryption of operating environments, whitelisting of addresses, tightening of operating procedures and many other methods to improve security. Other advancements include wallet management systems powered by multiparty computation protocols or hardware security modules, which enable the secure, fast and effective transfer of assets on a day-to-day basis.

When hacks happen, the security community talks about it; blacklisting addresses used to siphon stolen funds, reducing cash-out attempts and using other methods to stop hackers. But the simple fact that these types of hacks have continued to occur in 2019 demonstrates that many in the industry are still not geared up properly to handle cybersecurity breaches.

It is not only the technology that needs to move forward. It is also about enterprise-grade operational risk management, and improving upon the necessary checks and balances on individuals with access to customer assets at exchanges or crypto funds.

It is about securing customers’ investments, and adhering to basic business practices with regard to, for example, the necessary segregation of duty between roles and entities to avoid conflicts of interest.

No traditional exchange in the world plays within the same legal entity, the roles of exchange and depository or custodian. There are no traditional asset managers in the world who have custody over the assets they manage for underlying investors.

Why does the crypto industry still believe it is okay for them to ignore such common-sense principles? Why do people keep hoping for institutional money to flow into the industry when it is clear it will not happen before these necessary finance best practices and rules are in place and inherited from the traditional financial industry?

In the past 12 months, many exchanges, funds and foundations have started to realize the crypto industry will not thrive without proper business practices and transparency being put in place to protect the assets and interests of customers — the only players who matter.

Third-party independent custodians are being increasingly approached to provide the necessary neutrality and transparency — on top of the expected security — to ensure the assets of these customers or investors are safe in an auditable way. Enterprise-grade solutions have emerged to reduce the risk of hacks. Insurance companies are no longer shying away from covering third-party custodians using the right technology — still at a high premium cost, but with a promising downward trend.

2020: The year of professionalization?

In 2020, more education and awareness will be required. Exchanges, funds, projects, foundations, and all the other crypto players servicing underlying customers must put in place the proper transparent and secure processes around the safekeeping of the assets of their customers. Most will rightfully opt for the outsourcing of that critical task to third-party custodians whose job is to do precisely that.

This year will hopefully also be the year when digital asset service providers such as crypto exchanges and custodians will not only collaborate about the implementation of the Financial Action Task Force rules but also about the exchange of information on hackers' modus operandi and blacklisting of addresses.

By the end of the year, the cashing out of hacked funds should be so difficult — thanks to a more formal collaboration between players — that thieves will be discouraged from targeting cryptocurrency organizations.

Beyond the adoption of the right established technology, it is only when common-sense operational and business practices — those of segregation of duty, focus on core activities and established risk management — are put in place that the digital asset industry will become mainstream. Today, it is not, and now you know why.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Alex Kech is the CEO of Onchain Custodian. He has more than 20 years of experience in the capital markets industry — from global custody and asset servicing at the Bank of New York to data standardization and head of securities and forex Asia–Pacific at SWIFT. Onchain Custodian offers a global, standardized, resilient, insured and compliant custody service for the safekeeping of institutional digital asset investments.

Tags
Related Posts
Pioneering hardware wallet brings enhanced staking to cold storage
Twelve months ago, the total value of cryptocurrency locked in staking programs was barely more than $1 billion. Today, there is $58 billion locked in decentralized finance, or DeFi. The adoption of DeFi has been a sea change that’s helped push the crypto industry into the mainstream, but it’s hardly the only one. Mainstream institutions including MicroStrategy and Tesla have poured billions of dollars into Bitcoin — and some have been buying the dip — while nonfungible tokens have evolved from CryptoKitties and CypherPunks to an artistic medium pulling in millions in bids for a new generation of digital artists …
Technology / June 8, 2021
What lies ahead for crypto and blockchain in 2021? Experts answer
It would be fair to admit that after 2020 and all it has put us through, making any predictions for the upcoming year is most likely to be a game of blindfold. Meanwhile, I am certain that humanity has much to learn from its past transgressions, and will move forward by correcting our mistakes and weaknesses. That’s what we always do. Undoubtedly, the major driver of our development this year was the COVID-19 outbreak. The effects of the ongoing global pandemic on every aspect of our lives will form our future, and there are some tendencies we started last year …
Adoption / Jan. 4, 2021
Blockchains Are an Excellent Solution for Privacy, Part 3
Some entrepreneurs have been trying to increase data privacy by combining encryption and blockchain technology. There are projects like Oasis Labs and Enigma that focus entirely on preserving users’ privacy. Meanwhile, others have been focusing on preventing data retention by companies. Thus, there is no way to guarantee that personal data is deleted in a company’s data system. Blockchain technology’s reliable consensus ensures that people’s data is used correctly. Protection against software and hardware attacks Companies like Oasis Labs, which designed the Ekiden system, run smart contracts outside the blockchain within a Trusted Execution Environment, or TEE, node to enable …
Blockchain / June 22, 2020
Digivault Launches 'Permanently Live' Cryptocurrency Custody
Diginex — a crypto firm to be traded on Nasdaq — has launched a new permanently live custody solution through its subsidiary Digivault. According to an announcement on April 16, the new custody solution — dubbed Helios — protects its users against key duplication, theft, features hardware protection of networks and operates from military-grade secure locations. A security-focused solution Helios is integrated with the firm’s Kelvin cold storage solution, which enables the storage of crypto assets in vaults that also store gold and silver in Asia and Europe. The custody solution is compliant with the U.K. government-backed Cyber Essential Plus …
Blockchain / April 16, 2020
Overview of Software Wallets, the Easy Way to Store Crypto
Similar to a bank account for fiat currency, a crypto wallet is a personal interface for a cryptocurrency network that provides reliable storage and enables transactions. Whether a cryptocurrency is securely stored or not, much depends on the wallet, which is only as secure as its private keys. Wallets are generally either hot or cold. The funds in a hot wallet can be spent at any time, online. A cold wallet functions in contrast: not intended for regular cryptocurrency transactions, but funds can be received at any time. Wallets can also be divided into three groups: software, hardware and paper. …
Blockchain / March 29, 2020