Finastra Ransomware Attack and the Implication on Digital Assets
On Friday, March 20th, Finastra, a payment processor formed in 2017, reported that the company had experienced a potential ransomware attack. In order to mitigate security and protect clients, the company took action by taking its servers offline. Four weeks later there has been little news coverage on why, how and what now?
Here’s what happened and how this highlights the outsized impact this type of event can have on both cryptocurrency and traditional markets.
Broken Settlement Network
One of the key services impacted by Finastra’s response of taking services offline to address the security breach was wire transfers. The ripple effect was immediate, for both traditional finance and cryptocurrency markets where counterparties could not send nor receive funds, impacting institutions such as:
- Bank of China, $2.61 trillion AUM
- BNP Paribas, $2.19 trillion AUM
- Ripple, valued at $10B
- Silvergate, handling $32.7 billion of U.S. dollar transfers in 2019
The Block reported that Silvergate uses Finastra to connect with Fedwire, the real-time settlement layer that connects banks throughout the United States and International Banks to domestic ones — directly impacting the cryptocurrency industry
In short, a payment processor took its servers offline and suddenly its network of counterparties were no longer able to connect with the country’s settlement network…and yet, no public outcry.
Cash Crunch
On Wall Street, a 2008/09 like cash crunch was underway. Short term lending markets were under critical stress as companies looked to tap credit lines.
Gus Faucher, Chief Economist at PNC touched on this, stating “The commercial paper market is one piece of it, but it’s for big companies that are highly rated. What about other companies that don’t access the commercial paper market? Does this mean they are going to have difficulty obtaining credit and meeting their obligations?”
As investors looked to redeem funds, fund managers were forced to sell indiscriminately at prices well under par to generate cash. Margin calls were squeezing hedge funds out of positions that were funded by the REPO market, leading to forced selling. In addition, clearing firms, such as Ronen Capital, were unable to meet capital requirements during the turmoil, therefore shutting down.
On March 12th, BTC moved from ~$7000 at peak to below ~$4000 throughout the day while the following week, the Dow Jones dropped more than 900 points, ending the worst week since 2008.
Amidst this volatility, a key payment processor connecting to the U.S.’s central settlement network went down halting multiple trading channels. If not Finastra, it could have been another one of the 4 payment processors that have monopolized connectivity to our centralized wire transfer system. Banks and credit unions have complained for the past few years about their dependence on aging core systems from an oligopoly of vendors: Fiserv, FIS, Jack Henry, and Finastra Fedwire processors.
“I’ve met with over 3,000 bank CEOs, and this came up time and again: the challenges and constraints they face with their core provider,” said Rob Nichols, chief executive of the American Bankers Association.
The three biggest core providers today (Fiserv, FIS, and Jack Henry) do business with 90% of U.S. banks with less than $1 billion in assets, according to financial-services research firm Celent. These payment processors monopolize the industry for small banks such as Silvergate and Signature — banks that are single-handedly supporting the cryptocurrency industry.
Stable Coins
As market turmoil increases, and centralized organizations mitigate risk, the cryptocurrency community jumps to stablecoins as an alternative solution — due to the stability of their 1:1 peg to the U.S. Dollar. One can move stablecoins on the blockchain without depending on a centralized clearing house. For example, US Dollar Circle (USDC), a dollar backed stabled coin issued by cryptocurrency heavyweights Circle and Coinbase, could be used to instantly transfer a Venmo balance into a Bank of America account as opposed to waiting two business days.
Stablecoins still rely on the traditional financial infrastructure.
In a move similar to March 20th, counterparties were unable to receive cash to convert to stablecoins such as USDC, USDT, PAX, TUSD, or BUSD. If a counterparty deposited dollars into their account (prefunding), they were unable to withdraw their coins, and could trade only up to the extent of their remaining balance.
Additionally, stablecoins are not stable. Here are the high and low prices of a few of the top stablecoins as recorded by Coinmarketcap on March 20:
- USDC: Δ4.9% (1.01–0.960461)
- PAX: Δ5.71% (1.02–0.961715)
- BUSD: Δ5.76% (1.02–0.961248)
- TUSD: Δ6.17% (1.02–0.957035)
- USDT: Δ6.45% (1.03–0.963560)
For example, a trader that purchased BTC with prefunded inventory and then settled with stablecoins would not be able to move USD onto or take USD off of a counterparty’s trading platform as it relies on wire transfers. If stablecoins were truly dependable and stable, then why have cryptocurrency and blockchain companies not incorporated stablecoins to transfer payments as opposed to fiat?
Why do large crypto hedge funds and cryptocurrency companies still convert to and from fiat?
According to The Block, 800+ crypto related firms currently depend on Silvergate for fiat-to-crypto transactions. Another alternative is Signature Bank, which hosts 100+ crypto clients on its network SigNet. SigNet leverages blockchain technology to allow clients to send USD to one another within the network 24/7/365. However, both banks still depend on Fedwire and payment processors to transfer USD to clients outside of the SigNet network, or more broadly, illustrating the innate dependency on the legacy financial system.
I implore Silvergate, Signature, Fireblocks (settlement), BitGo (custody), and numerous outstanding institutions in our ecosystem to incorporate a crypto settlement layer to supplement fiat transfers. Or at a broader level, for institutions to fully integrate stablecoins as a means to settle balances.
Payment Processing Infrastructure
Substantial market movements act as stress tests to the underlying infrastructure. The cryptocurrency industry is desperately in need of independent infrastructure. It needs a decentralized Fedwire payment system, whether in the form of a Crypto bank similar to newly launched Avanti, or through partnerships with the teams at Fireblocks and Prime Trust, or through fully integrating stablecoins into settlement layers, we are at the mercy of traditional centralized corporations with the ability to limit our industry’s growth.
At the simplest level, Finastra should never go down. Moreover, every company should legally be required to onboard with more than one payment processor to avoid halting business. Overall, the highest leverage problem that the crypto industry can focus on is to build decentralized payment processing systems to restructure some of the basic piping of the financial system.
So this is an outcry; for better infrastructure connecting to the Fedwire, for a fully stable settlement token, for a decentralized settlement network, and for perpetual support.
