Custody and cybersecurity

Cryptocurrency risks associated with custody and cybersecurity

Custody

Custody and security of digital assets is a major issue in the field. Although blockchain transactions are difficult to intercept due to the underlying cryptographic procedures and protocols, digital asset wallets are exposed to a host of cybersecurity risks. Wallets are separated into “hot” (online) and “cold” (offline) wallets represented by “public keys” or addresses, with accompanying passcodes represented by “private keys”. The fundamental element to security of crypto assets remains in protecting the private key. Private keys can be stored in two primary ways:

1. Online: on a computer which is, was, or will ever be connected to the internet,
2. Offline: on a piece of paper or on a device with no transmission capability whatsoever.

Private keys are supported by countermeasures to authenticate user access, and may be accomplished simply through added layers such mnemonic word sequences (in place of passwords), and multi-signature support. A multi-signature (multisig) wallet is one that requires two or more private/public key pairs to authorize transactions. This distributed process allows owners eliminate a single point of failure, and enables a member to recover the keys if one of the members is unavailable or incapacitated.

Hot wallets include exchange accounts, desktop wallets, “cloud” wallets (e.g. Coinbase, Bitgo) or mobile phone wallets housed on third-party online infrastructure, with private keys held in the custody of said third parties and accessed by user-authenticated passcode. A “cold” wallet is represented by offline security infrastructure such as hardware wallets (e.g. Ledger or Trezor devices). Ledger recently raised $70M in a Series B round to expand its custody offering, and is well renowned in the industry as the leading provider of reliable cold wallet storage.

Wallet services are expanding their services to integrate alternative security measures (key recovery, insurance) and complementary features (linked credit/debit cards) to remain competitive.

Exchange wallets are by far the least secure, as they are custodied by a third party out of the user’s control, and maintain exposure to a broad range of hacking techniques. Hackers have made a process of “cyberjacking” large exchange wallets, which has increased over time as demonstrated by the timeline below.

Cryptocurrency custody is a complex process that has yet to uncover a mutually convenient yet secure option. Institutional custody is emerging as a bespoke solution for a select class of investors demand a high level of security, which often comes with a hefty premium. Few players like Coinbase and Kingdom (recently acquired by BitGo) offer institutional grade custody, and new entrants such as State Street seek to enter the market. Coinbase Custody offers the following guidelines:

• Strict financial controls on all held funds, including multiple signers, audit trails, limits, etc.
• Dedicated account representatives and phone support
• SLAs on fund transfers
• A regulated digital currency custodian
• Multi-user accounts with separate permissions
• Support for a wide range of digital assets and currencies
• Insurance
• High levels of cybersecurity and physical security

References:

1. https://medium.com/dash-for-newbies/cold-wallet-vs-hot-wallet-whats-the-difference-a00d872aa6b1
2. https://www.jbs.cam.ac.uk/fileadmin/user_upload/research/centres/alternative-finance/downloads/2017-global-cryptocurrency-benchmarking-study.pdf
3. https://hackernoon.com/a-guide-to-cryptocurrency-security-8681552820c1
4. https://techcrunch.com/2018/01/18/ledger-raises-another-70-million-to-become-the-leader-in-cryptocurrency-hardware-wallets/
5. http://www.ey.com/Publication/vwLUAssets/ey-research-initial-coin-offerings-icos/$File/ey-research-initial-coin-offerings-icos.pdf
6. https://techcrunch.com/2018/02/01/the-sad-state-of-crypto-custody/
7. https://www.wired.com/story/why-a-tiny-kentucky-firm-rules-a-corner-of-the-crypto-market/
8. https://bitcoinexchangeguide.com/coinbase-custody-institutional-hedge-fund-crypto-coin-storage/