Skip to content

Mitigating the Risks of Cryptocurrency

October 17, 2019

What Are the Risks?

As of 2019, the total dollar-denominated value of Bitcoin, the largest cryptocurrency, in circulation is $64.3 billion, with the total market value of all traded cryptocurrencies reaching nearly $134 billion.

Approximately $1.1 billion in cryptocurrency was stolen in the first half of 2018, about a year after Bitcoin’s value started to peak. Last year, a group of hackers stole $530 million from Coincheck, a centralized cryptocurrency exchange in Tokyo, which shows what threats cryptocurrency faces and just how custody solutions need to evolve.

Because it is a peer-to-peer, decentralized alternative currency, cryptocurrency does not have systemic safeguards like those built into traditional, or fiat, currency financial systems. There are no guarantees of security or government regulations to protect the financial system from fraud or theft. So if coin is lost or stolen then it may not be recoverable.

The fundamental risk in cryptocurrency is that a huge amount of digital money can be stored in virtual reality (online) or on devices (offline), which means that anyone who has access to the storage can easily move any amount of money.

Online storage is referred to a hot wallet or hot storage while a cold wallet or cold storage is not connected to the internet. Access to a hot wallet is controlled with an encrypted private key, which means that the inherent risk of hot storage is that if the private key is stolen, then someone else can access the money. Online threats include hacking, phishing attacks, social engineering and insider fraud. The Tokyo-based cryptocurrency exchange mentioned earlier had stored coin in a hot wallet, which was one of the vulnerabilities that allowed the hackers to access the currency.

Cold storage means that both the currency stored offline and the private key are vulnerable, although someone still could not access the coin without also having the private key. The threats against cold storage are more familiar to those in the cash security industry: forcible robbery, break and enter, loss of physical possession and adequate controls.

Another less direct risk is cryptojacking, where hackers use another person’s computer (without their knowledge) to mine cryptocurrency coins, which often requires a lot of electricity; the coins are then delivered to the hackers’ accounts with no cost to them. Hackers will target any devices, from personal computers to large data centers and cloud services providers, even internet-enabled devices such as cameras and household appliances.

How to Address Risks

The currency value of cryptocurrency makes the design of custodial solutions imperative. According to Lowers & Associates, the sheer value of the cryptocurrency industry is beginning to draw traditional financial actors, such as banks, into the cryptocurrency world. For example, Fidelity recently announced the creation of a new digital asset service that would facilitate buying and selling cryptocurrency and provide a custody solution as well.

Because of their significant technological resources, banks and other financial institutions are among the greatest targets for cryptojacking. However, the process of cryptojacking is structurally similar to traditional malware attacks, so banks may have strategies for guarding against these threats already in place.

Of course, regulatory bodies will play a fundamental role in decreasing the risks of cryptocurrency. A simple first step would be for regulators to update existing financial rules to cover cryptocurrency, which would include regulations designed to prevent money launder, tax evasion and fraud.

Cryptocurrency exchanges, such as the one mentioned earlier, can reduce risks by requiring multiple signatures for the movement of currency, which makes it harder for thieves to steal cryptocurrency with just the private key. Banks can offer a cryptocurrency exchange service and require multiple signatures as well; this could encourage potential customers to trust financial institutions with their cryptocurrency exchanges and protect them from fraud or theft.