Friday, August 16, 2019

Bitcoin security risks SOLVED


We’re all too familiar with the story.  An exchange builds a respectable reputation in a dark and unregulated space, only to get hacked.  But unlike in the traditional banking system, there is no way to get your funds back.  Billions of institutional money is sitting on the Crypto sidelines for this single reason: they are afraid of getting hacked.  Now you must understand that it’s one thing when your own individual account is hacked and you lose your own money; and it’s quite another if it’s client money.  Let’s take Fidelity as an example, because they like Crypto.  Imagine Fidelity has $50 Million equivalent Bitcoin in client funds and it gets hacked.  Fidelity is liable for all the funds meaning it will have to cover the loss with cash.  But it wasn’t insurable, until now.  Digital security company Blackwatch has developed a product Dark Vault which adheres to AML/KYC controls and is ISO 27001 compliant.  But what’s cool about this solution is that not only is it more secure than the current alternatives, it provides real-time access to your Crypto (Competitive products require multi-day ‘withdrawal’ procedures as the solutions are heavy on physical security, not network design).

The strength of the Blackwatch solution is in the architecture.  The problem with most Crypto security solutions is they rely on a single ‘gateway’ so this can also be a single point of failure.  This is the same flaw in traditional network security, whereby a firewall can block 100% of outside hack threats but can’t stop an insider from copying files or accessing computers once inside the firewall (physically).  Studies have shown that the majority of major security breaches come from employees, not from outsiders.  That’s not to say the employees are the hackers themselves, they may be victim to a phishing attack and unwittingly bring Malware to their workplace on a thumb drive, or in case of the CIA contractor Booz Allen Hamilton, left “Sensitive government passwords exposed online” –

Earlier this month, a Booz Allen Hamilton employee accidentally left “sensitive government passwords exposed online,” according to The Washington Post. The worst part is that he didn’t even realize it. And neither did Booz Allen Hamilton.  It wasn’t until Chris Vickery, a cyber analyst at Upguard, accidentally stumbled upon them and wrote about it.  Booz Allen Hamilton isn’t some fly-by-night operation. They’re a big-time government contractor. And according the Post, it’s just the latest in a long line of recent “high-profile cases” where “top secret data was mishandled.”


Cyber security firms such as Black Watch Digital are addressing this issue with architecture described as ‘multi-secure’ which means multi-signature, multi-technology, and multiple levels of encryption are used throughout the platform.  Note though that this is an Enterprise solution, meaning it would be your exchange or Crypto Custodian that would implement the solution, not the individual user. 

When there are such obvious solutions like Dark Vault, one asks the question why someone didn’t do this before.  The answer is, you have to ask all the others.  But what’s certain is that Dark Vault is going to cause a major paradigm shift in Crypto.

Famous hacks

Mt. Gox is the most famous and technically the largest hack, although Bitcoin was worth much less at the time of the hack.  As early as January 2018, Coincheck was hacked for $530 Million USD.

On January 26, hackers compromised user accounts of Coincheck, a Japan-based cryptocurrency exchange. A whopping 560 million NEM tokens worth around $530 million at that time was stolen, making Coincheck’s hack one of the biggest the industry has ever seen, even surpassing the hack of Mt. Gox!  Upon further investigation, it was found that Coincheck exchange suffered from a security lapse that enabled the hack. Apparently, one of Coincheck’s internal computer systems was infected with malware that led to a data breach. The virus allowed attackers to collect many private keys a couple of weeks prior to the hack. Hackers successfully ran off with the stolen coins easily since the Coincheck kept their assets in hot wallets, which are more vulnerable to hacks than cold ones due to their connection to external networks.

One would think with the large quantity of hacks and large sums of money lost operators of exchanges would learn from their lessons.  But the issue isn’t always mistakes, the issue is that they didn’t have a solid design of their security architecture.  There have been 7 hacks already in 2019 totaling more than $800m in USD value of Crypto stolen, and some of the exchanges are big names like Cryptopia, Binance, and others.

What is it going to take for the operators of these exchanges to wake up?  As is the case with any risk scenario, one needs to weigh the cost of insurance vs. the risk of not taking it.  Here, we are looking at complete loss scenarios, if you’re hacked it’s usually a complete hack.  When banks get hacked, there are ways and means to recover lost funds and if they really get in a pinch the Fed can create fresh USD or CAD.  With Bitcoin that’s not the case.  So security needs to be a priority in the Crypto world.


Hackers have stolen over $40 million worth of bitcoin from Binance, one of the world’s largest cryptocurrency exchanges, the company said on Tuesday.  Binance said the hackers ran off with over 7,000 bitcoin and used a variety of attack methods to carry out the “large scale security breach” which occurred on Tuesday.

If even Binance is getting hacked, clearly the current security systems aren’t working.  Fortunately we now have Blackwatch.  With the widespread adoption of Dark Vault, perhaps we will finally see institutional money flow into the Crypto space.