Digital Assets — a playing ground for cyber crime
Hacks & scams have cost investors $45bn, but regulation has come to the rescue…
The first cryptocurrency Bitcoin has been around for more than a decade and in the meanwhile a multitude of other Blockchain-based Digital Assets(Digital Assets) have emerged. However, unlike traditional assets, the safety of Digital Assets remains a work in progress as a range of activities, including hacks and exit scams, have led to significant investors’ damage. With news about related incidents in the media on a weekly basis, we were looking for a conclusive source consolidating all hacks and thefts since inception of Digital Assets — as we couldn’t find one, we created it ourselves.
According to our research, more than $45 billion worth of Digital Assets (adjusted to today’s market value) have been compromised in >120 incidents between the years 2011 and 2019 — this is more than the daily volume of transactions of the world’s first 100 largest crypto exchanges combined. Important to note that this is the official number available — the dark figure will be even higher as the vast majority of compromised retail investors don’t report their incidents. There are several reasons that account for such a damage, primarily the exposure or mismanagement of Digital Assets’ private keys (the single-point-of-failure in a world of Blockchain-based Digital Assets). Partly, this comes from a lack of technical education around how to handle Digital Assets (“Do I have my Private Key or not?”) but the majority results from unsophisticated or illicit businesses. A new wave of regulatory frameworks, such as introduced by German regulator BaFin alongside an update to the Anti-Money-Laundering Act, are ought to professionalize the industry while increasing investor protection. Without much success the Digital Asset economy has long called for “big money” from institutional investors flowing into the market — our research shows what the barriers have been and how regulation is supposed to help.
The Great Hack
Adjusted to today’s market value, around $45 billion ($8.34 billion non-adjusted market value) worth of Digital Assets have been exposed, with 2015 being the peak year. A record volume of 1,784,502 Bitcoins was abducted, currently trading at >$10,000 each.
Investors damage can be clustered in four main categories: Hacks (incl. Phishing scams, SIM-Swap attacks, Security breaches etc.), which make up 49.7% of today’s total value in USD, Exit Scams (incl. Inside Jobs, Ponzi Schemes etc.), which account for 48.7%, followed by Locked Funds (incl. generic loss of private keys and transfers to invalid addresses etc.) with 1.5% and Extortions (incl. Kidnapping against ransom) with 0.1%. The four categories usually include a basket of Digital Assets, mainly Utility Token and Cryptocurrencies, ranging from industry’s favorites such as Bitcoin and Ethereum to to Stellar and Zcash.
According to our research, 19.35% (about 4,063,585) of the total future Bitcoin supply (max. 21 millions) has already been involved in Digital Asset exposures, as outlined above. A distressing number involving the #1 “Digital Store of Value” in an industry that requires larger (institutional) investments to grow to its maximum potential. Among the 121 identified incidents, Hacks are the most prominent category (83), followed by Exit Scams (24), Extortions (8) and Locked Funds (6). On average, $68.9 millions were exposed per incident. 2018 was the most active year with a total of 41-recorded incidents.
The vast majority of assets were exposed from Crypto Exchanges (86% — $38.9 billion adjusted to today’s market value), including 12 exit scams and 56 hacks between 2011 and 2019. Wallet Providers were identified as the second most affected crypto business (5% — $2.3 billion adjusted to today’s market value). The remainder (9% — $3.9 billion adjusted to today’s market value) fall into various industries, such as Betting Providers, Platforms/Protocols and Personal Accounts — the latter is difficult to verify, as the dark figure of unreported incidents within Personal Accounts is expected to be significantly higher .
49% or $22 billion (adjusted to today’s market value) can be attributed to incidents in Asia, followed by North America with 42% ($18.bn). The remaining (9% — $4.3bn) located in Central America, Europe, Oceania and others. In terms of Digital Asset storage solutions, a stunning 99% of incidents involved Hot-Storage solutions, underlining the dilemma of the current industry state.
Regulation — The cornerstone of Digital Asset security
A wave of regulations is coming to the Digital Asset economy, trying to increase investor protection and increase sophistication of the overall industry. As of April 2019, 17 countries plus the European Union within the jurisdiction of the Financial Stability Board have established regulation or standard-setting bodies responsible of implementing the Financial Action Task Force (FATF) policy and Anti-Money Laundering Directive 5 (AMLD 5); the legislation requires all platforms that offer the exchange of virtual currencies (Crypto Exchanges), and all providers of electronic wallets (Custody Providers) for Digital Assets to file compliance documents.
Most notably, the German Financial Ministry is setting the Gold Standard for Digital Asset regulation. On July 31st 2019, a new law was proposed, that not only defines the majority of Digital Assets as financial instruments, but also sets clear rules and license requirements for any business in the industry. In terms of investor protection this is a favourable ruling, as only regulated and audited institutions will be allowed to handle larger volumes of Blockchain-based Digital Assets, vastly limiting the opportunity of successful Exit Scams, while setting the standards for technological requirements and cyber security, hence counteracting further Hacks in the industry. Those initiatives are not only expected to spread across the European Union but are also likely to be intensified. In June 2019, Germany’s governing political party CDU released a document called ‘Future Technology Blockchain — Opportunities for Germany’ (Orig. German: ‘Zukunftstechnologie Blockchain — Chancen für Deutschland nutzen), calling on the Bundesbank to create a “Digital Euro” based on Blockchain Technology.
Considerations and future scenarios
Contrarily to traditional finance wherein the majority (ca. 85%) of assets are owned by institutional investors, Digital Asset adoption started in the retail space, leading to the creation of unsophisticated mass-market solutions and a delay of the development of the necessary infrastructure to serve institutional investors — this has led to a total investor damage of $45 billion, the majority of which abducted through avoidable security breaches (Hacks) or illicit businesses (Exit Scams), keeping “big money” from flowing into the ecosystem. However, regulators are starting to actively govern the industry, likely to eliminate a vast majority of investor damage seen in the past, while widely recognized projects like Facebook’s Libra Association, including major industry-leading global companies in its consortium, are likely to increase the trust and interest in the Digital Asset space.
As the private key management is more and more assigned to technological specialists, often regulated by their local authorities, the risks for “on-exchange” or “hot-wallet” exposures will gradually decrease. In a few years from now, institutional investors will find a highly professionalized financial market place, where they can focus on investment strategies, rather than wrapping their head around the security of private keys. Ultimately, professional investors expect a seamless “non-techie” investment experience when it comes to their digital asset management — analogous to the traditional financial system — that allows them to focus on the return of their investment without having to worry for the back-end technology supporting it.
Adjusted values are calculated on the basis of the USD estimates of each recorded Digital Asset (token/crypto) as of July 15th 2019 (coinmarketcap.com) — date of completion of our market research.