Iron Shield — QUOINE’s response to user security
Coming from a traditional banking background and after many years working on payment systems & policies at a major international bank, I have always been keenly aware of the risk — both reputational and financial that hackers pose. Coming to the crypto world last year managing the Operations for QUOINE, I was able to see 1st hand the methods the “bad guys” employ against an exchange such as QUOINEX and QRYPTOS our fiat-crypto and crypto-crypto exchanges respectively. Hacking of exchanges has become a massive problem for the entire industry — by my count close to 1bn USDe of hacks in 2018 by April — and these are just the hacks we know about:
https://rados.io/list-of-documented-exchange-hacks/
These hacks damage individual investors, cause exchanges to go out of business, and overall negatively impact the pace of adoption of crypto by the mainstream.
The moment that really inspired myself was a case that I had read about late last year when hackers attempted to in rapid succession access a client account and withdraw crypto assets before the exchange and the client was aware. After doing some reading about the incident and asking the question, “Could this happen here?” QUOINE’s Iron Shield program — a series of security protocols to protect QUOINE’s clients from external hackers and internal rogue actors — was born.
Iron Shield — Laying the Groundwork
At a conceptual level, Iron Shield is based on 2 main tenets:
- a key factor for success of hacks is that they are executed quickly before the financial institution or the account owner is aware of the account takeover.
- a well defined maker & checker process governing key security factors (2FA, password, email address, blockchain address etc.) can greatly reduce the chance of a hacker succeeding in obtaining access to client credentials, mitigate the risk of user error, and make it more difficult for an internal “rogue actor” to unilaterally take action against the financial institution or client’s assets.
What exactly is Iron Shield?
The first phase of Iron Shield was to enable clients to self-serve password reset via their 2FA device. This means that if a client loses their password, they are able to reset it via their email and with their 2FA. While we all can forget our password, its unlikely that we would forget a password and lose our 2FA device at the same time.
Here is an overview of the password reset via 2FA:
Enabling clients to reset their passwords using the trusted 2FA device allows QUOINE’s clients to self-serve their account changes while actually reducing the risk by removing QUOINE Client Champions as intermediaries in the password reset process.
Cooling Period — hackers get left in the cold
The next phase of Iron Shield was to introduce a “cooling period” which at a high level means that anytime a client account security factor (email, password, 2FA) was changed a cooling period was introduced which meant any other security factor could not be changed for the duration of the cooling period. Below is graphical representation of this cooling period — you can think of this as an Iron Triangle.
Our next phase of the cooling period will be for crypto withdrawals — we will limit crypto withdrawals for a period of time after one of the key security factors has been changed. Arguably this may annoy some clients, but it will completely frustrate the hackers who will invariably turn their attention to other, “softer” targets as they encounter QUOINE’s Iron Shield of defenses.
Approval Queue — protecting clients vs. attackers, errors, and rogue employees
Most 1st tier banks like the one’s I worked at before joining QUOINE have developed workflow and approval queues for taking sensitive actions. Examples include: updating payment instructions, approving large payments, crediting an account funds, and enabling an account for withdrawals.
QUOINE has implemented Approval Queue and maker/checker workflow for many of the functions performed by our Client Champions who now number over 100 world wide. Approval Queue has in scope most of the functions performed by Operations and Finance staff at a bank including functions unique to the crypto world. The QUOINE Approval Queue implementation has had many benefits including having better control of the actions taken by support team members, a clear audit trail of activity that can reviewed by auditors and management, and limit the final approval of key actions (approving a payment, disabling 2FA) to sufficiently experienced members of our Finance & Operations teams.
In parallel to the Approval Queue implementation we automated many of the tasks previously done solely by our Engineering team and put the activity into the hands of our Client Champion team. The operations driven maker/checker work-flow has led to faster resolution of client support issues such as resetting a password or changing an email address. The bottom line: a better client experience with 0 compromise on security and controls.
At QUOINE, we place the security of our client’s assets at the center of all that we do. Client account security which we have delved into here is one part of the framework for protecting assets — in a later post I will discuss how QUOINE as a licensed & audited financial institution demonstrates to our regulators and auditors the segregation of client assets (both fiat and crypto) and our reasoning for employing a cold wallet storage for crypto assets. The approach we take for protecting client assets is not easy; we spend enormous time and resources ensuring these processes are sound and many of our clients will never know all that we do in the background. But we do this because we believe in our mission in serving the crypto based economy and that means being in it for the long haul. There are no short cuts when protecting client’s assets. Speaking for the QUOINE team, we intend to continue our mission of bringing crypto to the mainstream by operating platforms with the highest level of operational soundness and security.
For any questions, you can reach me at seth.melamed@quoine.com
