The digital asset industry is no stranger to cyber attacks. In fact, cybercriminals have stolen at least $15 billion worth of crypto assets over the past eight years. The global pandemic has only increased this activity.
Originally, when it came to cryptocurrency or digital asset security, the problem of protecting assets from attacks was relatively simple: institutions could either store their assets in cold storage or use web-based hot wallets. With cold storage solutions, common sense assumed that assets were as safe as possible from hackers, but it was understood that moving these assets would take at least 24-48 hours. On the other hand, hot wallets allowed traders to quickly access the crypto assets they needed to do business, although security breaches were numerous and frequent.
Today, the situation is more nuanced. In certain regions, regulations are clearer and in some I need Refrigerated storage is a component of institutional storage. But over the past few years, a new truth has emerged: despite common misconceptions, it is absolutely possible to maximize capital efficiency while keeping assets safe. (Meets all regulatory requirements).
To fully protect your assets and To bring payments to the edge, it is important to understand the key security threats, common operational risks, and capital inefficiencies that are still prevalent today due to legacy security infrastructure.
The biggest security threats to your digital assets
Currently, there are three main attack vectors that cybercriminals leverage to compromise digital assets. These attack vectors are:
- Private Key
- Deposit address
- Credentials and Authentication
If an organization can fully secure these vectors, they can prevent the vast majority of hacks and insider attacks on their digital assets.
Private Key
Hackers and other malicious actors (such as rogue employees) may attempt to compromise a victim's personal information. Private Key To gain access to the wallet that controls the funds stored on the blockchain, an attacker can transfer funds from the victim's wallet anywhere: to their own wallet.
The main threats to private keys are:
- Hackers infect servers with malware to steal private keys.
- A malicious actor steals an HSM (Hardware Security Module) authentication token and forces the HSM to sign a withdrawal transaction.
- An authorized company employee steals the private key.
Deposit address
A deposit address is a long alphanumeric string that specifies the public address of a wallet. To send funds to the other party, the two parties must exchange deposit addresses. Target the deposit address exchange process at several points along the wayThere are many methods hackers use to steal deposit addresses, here are a few:
- Malicious Chrome web extensions that hijack your web browser (in-browser intrusion).
- Disguise your address when copying and pasting between your web browser and your wallet app.
- Malware that hijacks the wallet interface.
Qualifications
Another common way hackers compromise digital assets is by impersonating users within an organization. Because the digital asset ecosystem is interconnected, hackers can leverage user credentials and authentication to compromise custodial wallets and accounts at exchanges and liquidity providers.
Once hackers are able to log in, they can issue and approve fraudulent transfers.
Major operational risks
In addition to understanding the vulnerability of private keys, deposit addresses, and credentials, it is also important to consider operational risk. If your team is leveraging older/legacy technology, you can easily fall victim to operational risk.
Manual Process
Manual processes that require human interaction can pose significant operational risks, not to mention limit your ability to respond quickly.
Many organizations use manual Whitelist Deposit addresses of business partners. Whitelists can be a strong security measure, but they do not prevent insider fraud and hinder financial management. A rogue employee could gain access to an organization's spreadsheet and replace a specific whitelisted business partner's deposit address with their own. Furthermore, careless mistakes or unexpected rotation of business partner addresses can result in irreparable asset loss.
Manual processes are typically only as good as the individuals performing them, which means there is potential for errors, criminal activity, or workflow inefficiencies in our industry. To move to a fully secure and profitable business model, institutions are looking to automate and standardize many of these processes.
Remote Teams
Given the current global situation, many of our teams have transitioned to a fully remote environment. Remote Configuration While necessary to mitigate a crisis like COVID-19, it can also become another barrier preventing 24/7 access to assets.
One issue many teams face is that their existing operational workflows are inherently incompatible with a remote setup: for example, teams that typically store private keys on a hardware device in a secure location in the office may find that location becomes inaccessible.
Difficulty in scaling
Another operational risk that teams using legacy technology may encounter is difficulty scaling their organization.
Multisig is one example of a technology that can hinder the expansion of your operations by not providing the flexibility you need as your organization grows.
As your team expands, you will need to adjust the process of accessing and transferring your digital assets. This can include changing the number of employees required to sign a transaction, adding new key shares when new employees are hired, revoking key shares when employees leave, or changing the threshold required to sign a transaction (e.g. from “3/4” to “4/8”). Scenarios like these create a variety of bottlenecks as multisig addresses are pre-configured in your wallet.
Other legacy technologies, such as HSMs, can also pose similar issues for scaling teams today (for example, remote-forward work environments are not compatible with them).
Capital inefficiency
Capital inefficiency comes at a high price for safety. In the digital asset space, it is becoming increasingly clear that transaction speed and profits go hand in hand..
Previous generation security technologies just aren't fast enough: 24-48 hours is too long to settle a transaction in today's fast-paced environment.
Financial institutions are testing a variety of solutions to improve capital efficiency while prioritizing security for investors and customers.
Some organizations are considering automating deposit address validation to address this issue. It takes just a few seconds to send assets to your recipientIt also eliminates the need for test transfers and whitelisting.
How to maximize security and What is my balance sheet?
Our new whitepaper, “Fireblocks' Multi-Layer Philosophy for Protecting Digital Assets,” explains everything you need to know about security and speed in 2021 and introduces the technology stack that has brought digital asset security into the next generation.
Read the white paper here.
