The digital asset industry is no stranger to cyberattacks; in fact, cybercriminals have stolen at least $15 billion in crypto over the last 8 years, and the global pandemic has only increased these sorts of activities.
Originally, when it came to crypto or digital asset security, the question of securing assets against attacks was relatively simple – institutions either kept their assets in cold storage or utilized a web-based hot wallet. With cold storage solutions, the conventional wisdom said that assets were as secure as possible from hackers, though it was understood that moving these assets could take at least 24-48 hours; with hot wallets, security breaches were numerous and frequent, but traders had the fast access to crypto they needed to do business.
Today, the situation has become more nuanced. Regulations have gotten more defined in certain regions; some regions now require cold storage to be an element of institutional custody. But over the last couple of years, a new truth has emerged. Despite common misconceptions, it’s absolutely possible to keep your assets secure while simultaneously maximizing your capital efficiency (and meeting all regulatory requirements).
In order to fully secure your assets and bring settlement to the edge, it’s important to understand the top security threats, common operational risks, and capital inefficiencies that are still prevalent today because of the legacy security infrastructure.
Top security threats to digital assets
Today, there are 3 primary attack vectors that cybercriminals utilize to compromise digital assets. These attack vectors are:
- Private keys
- Deposit addresses
- Credentials and authentication
If your organization can fully secure these vectors, it’s possible to prevent the vast majority of hacks and internal attacks against digital assets.
Hackers and other malicious actors (such as rogue employees) may attempt to compromise a victim’s private keys in order to access their wallet, which controls the funds they have stored on the blockchain. This enables the attacker to transfer the funds from the victim’s wallet to anywhere – i.e. into their own wallet.
A few top threats to private keys include:
- Hacker infects a server with malware to steal the private key.
- Malicious actor steals an HSM (hardware security module) authentication token and forces the HSM to sign a withdrawal transaction.
- An authorized internal employee steals the private key.
A deposit address is a long alphanumeric string that designates the public address of a wallet. To transfer funds to a counterparty, it’s necessary for both parties to exchange deposit addresses. Hackers target the deposit address exchange process at a number of points along the way. Here are several methods (among many) that hackers utilize to steal deposit addresses:
- Fraudulent Chrome web extensions that hijack the web browser (man-in-the-browser).
- Spoofing the address while copy and pasting between the web browser and the wallet’s app.
- Malware that hijacks the wallet interface.
Another common method hackers use to compromise digital assets is impersonating a user within an organization. As the digital asset ecosystem is interconnected, the hackers can utilize the credentials and authentication of the user to either compromise wallets in custody or accounts on exchanges and liquidity providers.
Once the hackers are able to login, they can issue and authorize fraudulent transfers.
Top operational risks
In addition to understanding the vulnerabilities of private keys, deposit addresses, and credentials, it’s also important to account for operational risks – which teams can easily fall victim to if they’re utilizing last-gen/legacy tech.
Manual processes which require human involvement can be a serious operational risk – not to mention that they limit your ability to move quickly.
Many organizations utilize manual whitelisting of counterparty deposit addresses. While it can be a powerful security measure, whitelisting cannot prevent internal fraud and impedes treasury management. A rogue employee can go into the organization’s spreadsheet and swap out the deposit address of a certain whitelisted counterparty for their own; in addition, a fat-fingers error or an unpredicted counterparty address rotation can result in irreversible asset loss.
In general, manual processes are only as strong as the individuals executing them – and, in our industry, that means that there’s a possibility for an error, a criminal action, or a workflow inefficiency. To move towards a fully secure and profitable business model, institutions are looking to automate and regularize many of these processes.
With the current global situation, many teams have moved to fully remote setups. While remote configurations are necessary to mitigate crises like COVID-19, they also can become another barrier to having 24/7 access to your assets.
One issue many teams are encountering is that their existing operational workflows are essentially incompatible with a remote setup. For example, teams that usually store private keys on a hardware device in a secure location in an office may no longer have access to this location.
Another operational risk teams using legacy technologies may encounter is difficulty scaling their organization.
Multisig is an example of a technology that can get in the way of scaling up operations, as it cannot offer the flexibility organizations require as they grow.
As your team expands, you will need to adjust the process of accessing and transferring your digital assets. This can include changing the number of employees required to sign a transaction, adding new key shares as you hire new employees, revoking key shares as employees leave, and modifying the required threshold to sign transactions (e.g. from ‘3 of 4’ to ‘4 of 8’). In these sorts of scenarios, multisig addresses create various obstacles, as they are pre-set to the wallet.
Other legacy technologies, like HSMs, can result in similar issues for today’s scaling teams (e.g., remote-forward work environments are incompatible with them).
Capital inefficiency is an expensive tradeoff for security, and it’s become increasingly clear that transfer speed and profits are highly connected in the digital asset space.
With last-generation security technology, the speed just isn’t there; 24-48 hours is far too long for settling a transaction in today’s fast-paced environment.
Institutions are testing out various solutions to improve capital efficiency while prioritizing security for their investors and customers.
Some organizations are looking into automating deposit address authentication to address this issue. If you solve the problem of managing deposit addresses, sending assets to a counterparty only takes a few seconds. In addition, test transfers and whitelisting become unnecessary.
How do I maximize security and my balance sheet?
In our new whitepaper, “Fireblocks’ Multi-layer Philosophy for Securing Digital Assets,” we’ll walk you through everything you need to know about security and speed in 2021, and demonstrate the tech stack that’s brought digital asset security into the next generation.