- In the heist, hackers pilfered the funds from the company’s software-based, or “hot” wallets. These wallets held 5 different coins, including Bitcoin (BTC) and Bitcoin Cash (BCH).
- No funds were missing from the company’s “cold,” or hardware-based, wallets.
- The exchange had previously flagged by Japan’s Financial Service Agency (FSA) for failure to meet Anti Money Laundering (AML) and Know Your Customer (KYC) regulations.
- Funds in hot wallets are at greater risk than funds in cold wallets
- AML/KYC compliance correlated with a lower risk of theft
Why hacks happenWe don’t know why most of the hacks recorded from 2014-2019 happened – but of what we do know, there are three primary threats: external attacks, rogue insiders, and operational failures.
- Over the past 5 years, 40% of hacks recorded were external, i.e. an outside organization, individual, or entity breaking into the exchange’s system to steal funds.
- Over the past 5 years, 23% of exchange hacks were due to rogue insider activity. Rogue insiders who misuse the cryptocurrency keys at their disposal – a special problem for blockchain keys, as transactions are immutable and can never be reversed.
- Operational failures can include technical issues and human errors.
The co-wallet strategyToday’s common best practice for exchanges includes relying on the co-wallet strategy: aggregating assets by type into “cold” (disconnected, typically hardware-based) and “hot” (Internet connected, typically software-based) wallets — typically at a ratio of 80%-90% assets secured in cold storage vs. 10-20% liquid assets. This is typically due to hardware’s reputation: Hardware Security Modules, or HSMs, have held the reputation for being the most secure cryptographic key storage and management platform type for decades. (Hardware mechanisms fail to meet the demands of the digital transformation, yet its reputation precedes it for the time being.) The co-wallet strategy presents special challenges, however, including severe compromises to transaction speed and overall liquidity. From a transaction speed standpoint, accessing a physical wallet involves human resources (employees) and all the limitations involved: namely, inability to automate, and being bound to working business hours to execute transactions. In terms of liquidity, fewer liquid assets means fewer trading types and services available to the buying public – affecting the business in the long-term. In short, reliance on cold wallets to protect most funds means exchanges must always compromise between security and business growth.
Speed and Security – No Compromises
Ideally, exchanges would be able to maintain their transaction speed and volume without compromising on security.Hypothetically, such a solution would have to meet the following requirements:
- Prevents both key theft and key misuse – HSMs, for the most part, protect against key theft. But blockchain keys can be used, and transactions performed immutably, without the malicious actor taking the key.
- Has advanced approval systems and safeguards to prevent malicious activity from within, such as quorum authorization systems, zero-knowledge backup capability, or risk-based policy thresholds which could change based on transaction amount, asset type, etc.
- Is cryptographically tested and verified by the experts, including the National Institute of Standards and Technology (NIST), independent pen-testers, etc.
- Has already been deployed at major exchanges around the world.
- Can be automated, even partially, to allow for faster transaction execution over non-working hours.
- Can be easily upgraded or expanded to include new ledgers and services.