We’re all too
familiar with the story. An exchange
builds a respectable reputation in a dark and unregulated space, only to get
hacked. But unlike in the traditional
banking system, there is no way to get your funds back. Billions of institutional money is sitting on
the Crypto sidelines for this single reason: they are afraid of getting
hacked. Now you must understand that it’s
one thing when your own individual account is hacked and you lose your own
money; and it’s quite another if it’s client money. Let’s take Fidelity as an example, because
they like Crypto. Imagine Fidelity has $50
Million equivalent Bitcoin in client funds and it gets hacked. Fidelity is liable for all the funds meaning
it will have to cover the loss with cash.
But it wasn’t insurable, until now.
Digital security company Blackwatch has developed a
product Dark Vault which adheres to AML/KYC controls and is ISO 27001
compliant. But what’s cool about this
solution is that not only is it more secure than the current alternatives, it
provides real-time access to your Crypto (Competitive products require
multi-day ‘withdrawal’ procedures as the solutions are heavy on physical
security, not network design).
The strength of the Blackwatch solution is in the
architecture. The problem with most
Crypto security solutions is they rely on a single ‘gateway’ so this can also
be a single point of failure. This is
the same flaw in traditional network security, whereby a firewall can block
100% of outside hack threats but can’t stop an insider from copying files or accessing
computers once inside the firewall (physically). Studies have shown that the majority of major
security breaches come from employees, not from outsiders. That’s not to say the employees are the
hackers themselves, they may be victim to a phishing attack and unwittingly
bring Malware to their workplace on a thumb drive, or
in case of the CIA contractor Booz Allen Hamilton, left “Sensitive government
passwords exposed online” –
Earlier this month, a Booz Allen Hamilton
employee accidentally left “sensitive government passwords exposed online,”
according to The Washington Post.
The worst part is that he didn’t even realize it. And neither did Booz Allen
Hamilton. It wasn’t until Chris
Vickery, a cyber analyst at Upguard, accidentally stumbled upon them and wrote
about it. Booz Allen Hamilton isn’t
some fly-by-night operation. They’re a big-time government contractor. And
according the Post, it’s just the latest in a long line of recent
“high-profile cases” where “top secret data was mishandled.”
Cyber security firms
such as Black Watch Digital are
addressing this issue with architecture described as ‘multi-secure’ which means
multi-signature, multi-technology, and multiple levels of encryption are used
throughout the platform. Note though
that this is an Enterprise solution, meaning it would be your exchange or
Crypto Custodian that would implement the solution, not the individual
user.
When there are such
obvious solutions like Dark Vault, one asks the question why someone didn’t do this
before. The answer is, you have to ask
all the others. But what’s certain is
that Dark Vault is going to cause a major paradigm
shift in Crypto.
Famous hacks
Mt. Gox is the most
famous and technically the largest hack, although Bitcoin was worth much less
at the time of the hack. As early
as January 2018, Coincheck was hacked for $530 Million USD.
On January 26, hackers compromised user
accounts of Coincheck, a Japan-based cryptocurrency exchange. A whopping 560
million NEM tokens worth around $530 million at that time was stolen, making
Coincheck’s hack one of the biggest the industry has ever seen, even surpassing the hack of Mt.
Gox! Upon further investigation, it was
found that Coincheck exchange suffered from a security lapse that enabled the
hack. Apparently, one of Coincheck’s internal computer systems was infected
with malware that led to a data breach. The virus allowed attackers to collect
many private keys a couple of weeks prior to the hack. Hackers successfully ran
off with the stolen coins easily since the Coincheck kept their assets in hot wallets, which are more vulnerable to
hacks than cold ones due to their connection to external networks.
One would think with
the large quantity of hacks and large sums of money lost operators of exchanges
would learn from their lessons. But the
issue isn’t always mistakes, the issue is that they didn’t have a solid design
of their security architecture. There
have been 7 hacks already in 2019 totaling more than $800m in USD value of
Crypto stolen, and some of the exchanges are big names like Cryptopia, Binance,
and others.
What is it going to
take for the operators of these exchanges to wake up? As is the case with any risk scenario, one
needs to weigh the cost of insurance vs. the risk of not taking it. Here, we are looking at complete loss
scenarios, if you’re hacked it’s usually a complete hack. When banks get hacked, there are ways and
means to recover lost funds and if they really get in a pinch the Fed can
create fresh USD or CAD. With Bitcoin
that’s not the case. So security needs
to be a priority in the Crypto world.
Binance is the world
leader in Crypto exchanges, and
even they were hacked for over 7,000 Bitcoin or about $40 Million USD in value:
Hackers have stolen over $40 million worth
of bitcoin from
Binance, one of the world’s largest cryptocurrency exchanges, the company said
on Tuesday. Binance said the hackers ran
off with over 7,000 bitcoin and used a variety of attack methods to carry out
the “large scale security breach” which occurred on Tuesday.
If even Binance is
getting hacked, clearly the current security systems aren’t working. Fortunately
we now have Blackwatch. With the
widespread adoption of Dark Vault, perhaps we will finally see institutional
money flow into the Crypto space.