An increasing number of businesses are beginning to accept transactions that use digital currencies. Until recently, American Express was considered to be the world’s third largest payment system behind Visa and Mastercard, but it has now been overtaken by crypto.
This has led to cryptocurrency exchanges being recognised as a valuable service in place of traditional banks.
Because crypto exchanges are still in their infancy, they’re not without flaws. Many lack the necessary security precautions that a traditional bank simply wouldn’t operate without. Various incidents involving cryptocurrency exchanges have highlighted this, most notably the recent attack on KuCoin, a Singapore-based crypto exchange. Hackers successfully managed to access security keys for the exchange’s hot wallets, comprising hundreds of millions of dollars’ worth of cryptocurrency tokens.
These high-profile incidents are bad PR for the whole industry which suffers as a result. They may well lead to addition regulation of private, self-hosted crypto wallets being introduced to prevent similar breaches from happening again. Consequently, to avoid becoming overregulated, this quickly growing sphere requires a pre-emptive, rigorous security strategy that will secure all assets from hackers.
Why protecting assets is key
The fundamentals around the need for security haven’t changed in a century. As such, modern day criminals now target cryptocurrency exchanges for the same reason as the infamous criminal Willie Sutton, who when asked why he robbed banks in the 1920s replied, “because that’s where the money is”. In 2020, about 1.3 trillion dollars will be transferred or deposited into banks from cryptocurrency exchanges, an astounding figure which presents a big risk to the banks, so the KuCoin attack really has to be a wakeup call for the crypto exchange platforms.
This situation begs two immediate questions. Why are these type of cybersecurity breaches still occurring and why aren’t stringent policies in place in order to avoid them? It should be clear to everyone that full cryptographic keys should never again be kept in one place, so incidents such as KuCoin are frustrating because they should be simple to avoid. Unfortunately, while entrepreneurs are great at knowing how to build companies, all too many don’t necessarily think about how to protect assets from a security point of view.
The reality is that to tackle security properly it is necessary to hire the right people. Those small start-ups that don’t have a CSO because budgets are tight should hire an SaaS vendor if possible as a secure infrastructure is essential. As businesses grow and start to manage more assets and can afford full-time security staff, they should start to rely on professionals to secure their infrastructure for them, either in-house or externally. Often the problems arise when entrepreneurs misguidedly believe they have enough knowledge to do the security on their own.
The advantages of multi-party computation
As the industry continues to evolve from the speculative phase into a new generation the game is set to change significantly and security will have to be at its core. It is important that financial institutions work to raise confidence in crypto as a reliable way to transfer value. If the industry doesn’t improve in this area and set a better precedent, it is likely to become over regulated. With new investors joining the market with a very different mindset on risk, they are going to vote with their money and will chose to invest in firms that can demonstrate regulatory compliance or have a framework to demonstrate they are doing what is necessary to secure their investments.
Technology solutions are available to deal with security of assets and for any licensed or unlicensed financial institution there should be a long-term strategy to invest in these types of solutions so that they can give confidence to market participants and elevate the industry as a whole.
One such solution gaining a huge amount of interest is multi-party computation (MPC), a cryptographic protocol that distributes computation across multiple parties and no individual can see the other parties’ secrets. MPC never keeps keys in one place and offers strong cryptographic key protection capabilities in pure software, allowing organisations to perform calculations on encrypted data without unencrypting it.
MPC has so many potential use cases that an entire organisation has been founded around it, The MPC Alliance, co-founded by Unbound Technology and Frank Weiner, Sepior, brings the industry together and raises awareness. Since its launch in November 2019, its membership has tripled and major global companies are getting involved. More vendors are offering MPC-based wallets and the market is becoming much more aware of it, so the conversation around MPC is set to continue and evolve as we move into 2021.
Looking ahead
As digital currencies and the way they’re managed continue to evolve, making small but necessary changes to security may seem like a herculean effort, but things aren’t always as challenging as they seem. MPC is the advanced operation framework which will make those changes far easier to achieve, enabling better operational security. What’s more, investment in MPC will unlock savings that easily cover the cost.
As we see wider uptake of MPC, we will see the crypto industry reap the rewards thanks to its ability to flexibility solve existing security issues and future security issues as they emerge.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.