Skip to main content

A crypto New Year’s resolution: Modernize security infrastructure

In 2021 and in the years to come, the digital-asset space must take steps to identify and implement solutions for its security.

It’s safe to say that 2020 has been a banner year for the digital-asset space. Bitcoin (BTC) soared past its previous high, and many other prominent cryptocurrencies reached their highest levels since the heyday of 2017 and early 2018. Across the financial services industry, institutional voices are expressing reinvigorated interest in digital assets. The growth and maturation of this space has been impossible to ignore, engendering plenty of optimism among those who build the platforms and systems on which it runs.

Unfortunately, not all the headlines from the past year have been positive. Several well-known crypto exchanges and other organizations were hacked, which led to significant losses. Events like these are not only damaging to a firm’s reputation and potentially devastating for investors, they also erode hard-won trust in the digital-asset space among institutional investors and the public.

Many of these hacks could have been avoided if the companies in question had taken proactive steps to modernize their technology infrastructure. As we close this whirlwind year for digital assets, one of the industry’s top resolutions for 2021 should be to reexamine its approach to infrastructure and make changes to ensure that investors of all stripes can trade and transact with security, efficiency and peace of mind.

Let’s review three of the most consequential hacking events of 2020 and examine how a more intelligent approach to infrastructure could have led to a different outcome.

KuCoin hack: $275 million in customer funds stolen

On Sept. 25, crypto exchange KuCoin was on the receiving end of a major hack that affected its Bitcoin, Ether (ETH) and ERC-20 hot wallets. While initial analysis suggested the hackers stole around $150 million, estimates began to increase in the ensuing days, ultimately making it one of the largest hacking events in the history of digital assets.

Related: KuCoin hack unpacked: More crypto possibly stolen than first feared

As it turns out, the hack was the result of private keys being stolen. While still prevalent in the digital-asset space, private keys mean there will always be a single point of failure through which bad actors can claim unfettered access to hot wallets. Put simply, they are a business risk.

A better approach would have been to leverage multiparty computation protocols, which eliminate the need for private keys and sign every transaction in a secure, distributed way, coupled with an enforced governance-and-control mechanism.

In the KuCoin case, even if the exchange was successfully breached, the hacker would not be able to execute any transaction not authorized by the institution’s infrastructure-provided policy engine.

OKEx withdrawal freezing

For five weeks in October and November, investors were unable to make withdrawals from cryptocurrency exchange OKEx. In a letter to customers, OKEx revealed that one of its private-key holders was cooperating with a police investigation, which kept them out of touch with the company and prevented its multisignature authorization process from being fulfilled.

For a platform that users leverage to carry out important investment decisions, the idea that a single person becoming compromised could result in a critical functionality being disabled for over a month is clearly untenable.

There is a lesson here: When firms use blockchain features designed for security to implement a policy, the result is overwhelming inflexibility. This is one of the paradoxes of the digital-asset space — blockchain transactions are secure and irreversible, but without the right approach, that same rigidity can spell disaster if things go awry.

To prevent this, firms must ensure their infrastructure includes a policy engine that, while not compromising on security, enables a more flexible policy control for multiple approvers, including the separation of signing on and approval of transactions. With this kind of solution in place, OKEx’s ability to fully operate would not have hinged on the availability of any key person.

Nexus Mutual breach: $8 million stolen

These hacking events were not limited to exchanges, as evidenced by the December breach of Nexus Mutual, a decentralized finance platform that serves as an alternative to insurance. The hacker managed to access the personal device of CEO Hugh Karp and install a compromised version of MetaMask, which led to Karp inadvertently signing a transaction that sent 370,000 NXM, worth $8.2 million, to an attacker-controlled address.

The issue here has to do with locally run wallets. These local wallets are unable to provide an out-of-band policy engine, so there is no way to verify that a contract and counterparty address are whitelisted, that the amount and issuer comply with company policy, or that there are additional approvers for certain transaction parameters.

Enlisting a third party with a more flexible, secure approach to infrastructure is the way to address these risks. This is especially important to reduce counterparty address manipulation, which is a risk in many scenarios. Even in the unlikely event that a provider like this is breached, there are safeguards in place to verify counterparty addresses, giving firms multiple lines of defense.

Conclusion

While digital assets have gained a remarkable amount of momentum in the past several months, many organizations still need to improve their security infrastructure before true adoption of digital assets can start.

This is not meant to chastise these firms, which continue to do important work to serve the industry, but to identify where their focus should be to achieve future growth and bring digital assets to the mainstream.

For all these issues — private-key security, authorization structure, local wallets and more — there are approaches that can lead to more efficient, stress-free transacting and fewer headlines that set off alarm bells for the traditional investors we all want to reach.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Itay Malinger is co-founder and CEO of Curv, a digital-asset security infrastructure firm. He draws on more than 15 years of cybersecurity experience in both the public and private sectors. Formerly, Itay was the director of enterprise security products at Akamai Technologies.


from https://ift.tt/2MczogX
https://ift.tt/3rLTC1E
Labels:

Comments

Post a Comment

Any questions, Please.

Popular posts from this blog

How to play and earn in CryptoKitties

CryptoKitties is a blockchain-based game where players can buy, sell and breed digital cats with unique attributes. Reminiscent of Tamagotchi and Pokémon, the wildly popular digital pets and creatures of the 1990s, CryptoKitties is a blockchain-based game where players can collect, trade and breed digital virtual cats. CryptoKitties was the first Ethereum-based game, and its popularity underscored many of the network’s scaling issues. This digital cat-breeding blockchain game caused quite a bit of congestion on the Ethereum blockchain, peaking in 2020. However, the game’s creators were able to address these issues. What is CryptoKitties? Launched in 2017, CryptoKitties was built by Dapper Labs, the company that uses blockchain technology to bring nonfungible tokens (NFTs) and new forms of digital engagement to fans around the world. CryptoKitties is also considered one of the world’s first-ever blockchain games. In the game, each one of the digital collectible cats possesses a
Post a Comment
Read more

Bitcoin dominance falls under 40%

While Bitcoin critics claim this means that BTC is losing its first-mover competitive advantage, others are anticipating the “altcoin season” is just around the corner, or might even be already underway. Bitcoin’s market dominance has continued to fall, bottoming out below 40% this week. That’s very close to the all-time low of 36.7% in Jan 2018 according to data from Tradingview. Bitcoin ( BTC ) market dominance refers to the ratio between BTC’s market cap and the total crypto market cap. It's not the first time dominance has dipped in 2021. Back in May, Cointelegraph reported that BTC had dipped to represent just 40.3% of the combined crypto asset capitalization, according to Coinmarketcap, and it neared the same level again in September.  Bitcoin critic and Europac chairman Peter Schiff tweeted about the event on Dec 29th, saying that it’s indicative that BTC is “losing its first-mover competitive advantage.” With over 16,000 alternative cryptos to choose from Bitcoin
Post a Comment
Read more

Five Bitcoin Price Charts Analyzing The Dramatic Q1 2022 Conclusion

There are only hours remaining until the Q1 2022 close in Bitcoin price action. With the important quarterly candle set to close tonight, let’s look at what technicals might say about the direction of the next quarter. Q1 2022 Comes To A Close For Bitcoin The first quarter of a year, often sets the tone for the year to come. In investments, a poor Q1 performance is indicative of a bad year ahead. Considering the fact that Bitcoin price is now above $45,000 after touching $32,000 this quarter, it is tough to say the performance has been “poor” by anything other than crypto standards. Related Reading | Bitcoin Weekly Momentum Flips Bullish For First Time In 2022 The cryptocurrency has recovered nearly 40% from the low, leaving a long wick behind. Such a long wick suggests that before the quarter came to a close, buyers stepped up in a major way. Buyers were able to step up in a larger capacity in Q1 2022 than bears were able to in the final quarter of last year. The bearish wick to cl
Post a Comment
Read more