Diligent management of crypto assets requires a smart and holistic approach to both cyber and physical security
Cryptocurrency is maturing. While it’s impossible to make any lofty predictions or guarantees about the fluctuations of the market, there are plenty of signs that we’ve entered a new age of investing. The top crypto exchange handles a volume of nearly $50 billion. Your next-door neighbor might have a little bit of bitcoin. A growing number of major banks, hedge funds and even family offices are turning to digital assets to complement their traditional investment portfolios.
In what is likely a first for university endowments, the Harvard Management Company (the largest academic endowment in the world) recently invested some $5 to $10 million into cryptocurrency. This past February, JPMorgan Chase launched JPM Coin, making it the first US bank to create a digital coin representing a fiat currency. Their token is in a prototype phase and is being tested solely with JPMorgan institutional investment clients.
But cryptocurrencies aren’t physical goods that can be locked up in a safe or transported in a Brink’s truck. Digital assets like Bitcoin (BTC), Ethereum (ETH) and Ripple (XRP) exist on the blockchain and are maintained in a decentralized environment. To establish “ownership” of cryptocurrencies, the transaction activity is tracked on a public ledger – the much-heralded blockchain itself – by public and private keys.
Public keys are the address used to send and receive crypto. It’s necessary that everyone knows this address. Private keys must be kept secret because they are used to authorize the transmission of cryptocurrency held. Keys are stored in what’s typically called a wallet. There are various forms of digital wallets, which I will get into shortly.
While cryptocurrency investment is on the rise, in order for this digitally-based currency to prosper the right infrastructure must be in place.
Let’s be honest: cryptocurrency is a ripe target for theft. According to a report by Ledger, nearly $1 billion was stolen in 2018. The threat landscape faced by cryptocurrency investors is similar to that facing security professionals in all tech spaces. Traditional cyberattack methods like site clones, phishing and SMS hacks coupled with hardware tampering and social engineering are still problems in this new frontier.
Hackers have absconded with millions of dollars by hijacking cell phone accounts. Entire crypto exchanges – handling upwards of hundreds of millions – have been forced to shut down as a result of cyberattacks.
And it’s not just hackers to worry about. The nature of crypto storage can lead to the loss of funds as well.
Take the recent QuadrigaCX debacle for instance. At its peak, the Canadian cryptocurrency exchange handled nearly $200 million in assets. Its lone operator, Gerald Cotton, personally held all his clients’ security keys. Last year, on December 9th, Cotton died after being hospitalized due to complications from Crohn’s disease. Because he was the only one with access to those private keys proving crypto ownership, all the assets under Quadriga’s management followed Cotton to his grave.
Though highly anomalous, the Quadriga event has served as a final wakeup call to both institutional investors and their customers as to how important it is to securely safeguard your digital assets with a trusted platform.
In the cryptocurrency world, there are several ways to store your holdings but they all generally involve some form of wallet. Basically, a “crypto wallet” is a device on which your private keys are stored. Your private keys are a critical piece of information used to authorize spending and selling crypto on the blockchain. The wallets in which you hold them can be physical devices, software- or solution- based or simply the online exchange from which you’ve purchased your currency.
Of those wallets there are two types: hot and cold. Hot wallets are connected to the internet, while cold wallets are not. Cold wallets are considered much more secure than hot wallets.
There are two main types of hot wallets:
- Web/Online/Exchange: Leaving your crypto on an exchange is an example of hot wallet storage. Any type of storage that is online is considered “hot.” These types of online wallets are the most unsecure and susceptible to being hacked, having your email and login info being stolen, or to a counterparty risk.
- Software Wallets: A software wallet is an application that you download to your computer or phone. It is considered safer than a web/exchange wallet because you, rather than a third party, have control of your private keys. However, since your computer and phone are vulnerable to hacks, software wallets still aren’t the best option.
There are two main types of cold wallets:
- Hardware Wallets: Hardware wallets are widely considered the safest option for storing your crypto. Typically, in USB format, a hardware wallet can be connected to the internet to transfer an exchange for trading, but it can be disconnected, with your crypto stored totally offline and inaccessible to hackers. The main principle behind hardware wallets is to provide full isolation between the private keys and your easily-hacked computer or smartphone.
- Paper Wallets: A paper wallet is an offline mechanism for storing. You literally print out your public and private keys on paper and keep them somewhere safe. This is extremely safe – and cheap – but obviously not the best method. If you lose the paper, you completely lose your private keys.
So clearly you can’t be running crypto on a bunch of jump drives. Even the most novice crypto holder needs a wallet that has both a secure element and custom OS without compromising security and convenience. While blockchain aims at revolutionizing financial systems, many investors are still decades in the past when it comes to the way they are safekeeping their digital assets.
Hardware wallets have become the de facto best practice amongst individuals serious about their investments but think about enterprises handling millions of dollars’ worth of crypto. In the early stages of institutional investing, asset managers would find themselves securing massive amounts of wealth on hardware wallets with no convenient and efficient way to implement a meaningful segregation of duty.
Finding a Holistic Security Solution
This may have created new jobs for bodyguards and generated revenue for security equipment companies, but it hindered the growth of the segment by exposing crypto funds to an operational risk far above the appetite of the average investor. Institutional investors can’t simply rely on standard wallets, however secure they may be. The financial industry needs custody solutions that are more holistic in their approach, combining both hot and cold approaches, and encompassing both hardware and software technology solutions.
The absolute most secure way to manage crypto assets is through a multi-authorization governance infrastructure. Secure storage of large digital asset funds is complex, and exchanges and institutions need safe, comprehensive and integrated solutions. This approach employs a multi-authorization self-custody system of management and gives financial institutions security, control and speed of execution along with a reliable governance framework.
Proper security is crucial to the diligent management of crypto assets, whether you’re just a hobby holder or an institutional investor overseeing millions. Mainstream adoption of crypto is gaining momentum and as more come on board, there will be more targets for cyberattacks. Echoing a common refrain in the tech world: It’s crucial for everyone involved to be aware of the risks and how to mitigate them.