Can Blockchain And Crypto Security Issues Be Finally Dealt In 2020!
The preceding few years has been a watershed time for security in crypto. Since the asset class has achieved popularity, more and more security violations have been emphasized and more institutions targeted.
The burgeoning industry is enriched with opportunity, though also with risk. Couple incidents that highlight this slip in security spring to mind. Coincheck Japan was targeted, with attackers supervening in embezzling $530 million worth of NEM tokens from the crypto exchange, back in January 2018. It is one of the most significant crypto exchange heists in the comparatively short history of the industry. It stood alongside the infamous attack on Mt. Gox when approximately 800,000 BTC was stolen — an amount worth over $6 billion today.
Additionally, back in February 2016, the Bangladesh Bank was targeted. Robbers attempted to take a total of $850 million through correctly authenticated transactions in directing the Federal Reserve Bank of New York to assign the money by the SWIFT network. While only $101 million was transferred to ultimate beneficiaries in the Philippines and Sri Lanka, this ended up appearing in a massive total of $81 million triumphantly snatched during the incident.
What do these events have in general? The satisfaction of the victims, central banks and top crypto exchanges and their administration of security credentials in providing access to the transfer of cryptocurrency or fiat money.
The SWIFT network utilized for the Bangladesh Bank and other similar thefts was not hacked, the users of the system were. The blockchains used to transfer the NEM out of Coincheck and the BTC out of Mt Gox were not hacked; the exchanges, i.e., the users of these blockchains — were. Their systems and credentials were so inadequately guarded that hackers were capable of taking control and impersonating their victims with efficiency.
The SWIFT community responded to these events by strengthening cybersecurity controls, by recognizing the weakest players and by assuring hackers’ modus operandi was bestowed among the community to avert further incidents. Has the crypto industry performed the same and learned from its errors? Apparently, not at the level, this problem deserves. Will 2020 see more association to stop these incidents or to allow the recovery of embezzled funds in case of prosperous hacks?
The industry has advanced, though a lot of work remains
In the last two years, security in the cryptocurrency industry has emerged dramatically. The technological solutions provided by noncustodial and custodial wallet providers are more and more sturdy.
Organizations have utilized hardware- or software-based multi-signature wallet access, whitelisting of addresses, encryption of operating environments, tightening of operating procedures, and many other methods to enhance security. Different progressions involve wallet management systems powered by multiparty computation protocols or hardware security modules, which allow the secure, fast, and effective transfer of assets on a day-to-day basis.
When hacks occur, the security community speaks about it, blacklisting addresses utilized to siphon looted funds, decreasing cash-out attempts, and adopting other methods to obstruct hackers. Nevertheless, the simple fact that these kinds of hacks have proceeded to transpire in 2019 illustrates that many in the industry are still not appropriately adjusted to manage cybersecurity breaches.
It is not only the technology that requires moving ahead. It is also about enterprise-grade operational risk management and enhancing upon the needed checks and balances on individuals with access to consumer assets at cryptos or exchange funds.
It is about guarding consumers’ investments, and adhering to fundamental business practices concerning, for instance, the required division of duty within roles and entities to circumvent disputes of interest.
In the preceding 12 months, several exchanges, funds, and foundations have commenced realizing the crypto industry will not succeed without proper business practices and transparency being set in place to preserve the assets and interests of consumers — the only members who matter.
Third-party independent custodians are frequently approached to give the required transparency and neutrality — on top of the normal security — to assure the assets of these consumers or investors are protected in an auditable way. Enterprise-grade solutions have developed to decrease the jeopardy of hacks. Insurance companies are no longer shying away from covering third-party custodians utilizing the right technology — still at a high premium price, yet with an assuring downward trend.
2020: The year of professionalization?
In 2020, more education and awareness will be needed. Exchanges, funds, foundations, projects, and all the other crypto players maintaining underlying buyers must put in place the peculiar transparent and secure processes encompassing the safekeeping of the assets of their consumers. Most will adequately opt for the outsourcing of that crucial task to third-party custodians whose work is to do specifically that.
This year will conceivably also be the year when digital asset service providers like crypto exchanges and custodians will not only collude about the implementation of the Financial Action Task Force rules but also concerning the exchange of data on hackers and blacklisting of addresses.
By the end of the year, the cashing out of hacked funds should be so tricky that thieves will be deterred from targeting cryptocurrency organizations.
Surpassing the adoption of the right established technology, it is only when common-sense operational and business practices — those of separation of duty, concentrate on core activities and established risk management — are put in a position that the digital asset industry will become mainstream.