Unpacking the vulnerabilities in the cryptocurrency market
By Khadija Azhar
Logically speaking, the most difficult part of robbing a bank is trying not to get caught. With surveillance cameras and security personnel tracking one’s every movement and the ease with which one can inadvertently leave damning DNA evidence behind, it’s safe to assume that a modern-day Dillinger won’t be cashing in on your savings anytime soon.
However, protection through surveillance comes at a cost. Fiat currency is difficult to steal inconspicuously, but it also opens people up to scrutiny from regulatory authorities that manage legal tender.
Since its advent in 2009, cryptocurrency has provided users with unprecedented privacy over their transactions, and the promise that nothing can be traced back to you. The unintended consequence is that the space seems to be a treasure trove of opportunity for hackers seeking to profit through illegal means.
While fiat currency is managed by an authority, such as the government or a state bank, cryptocurrency exists entirely outside the confines of centralized regulation. Instead, the blockchain mechanisms behind cryptocurrency create a system of automatic checks and balances that maintain transparency and prevent double-spending.
Cryptocurrency is nothing like fiat currency except in its capacity as a medium of exchange. No crypto wallet is bursting at the seams with unwanted coins or frayed paper notes; in fact, a unit of cryptocurrency has no value unless paired with public and private keys.
Unique to every wallet, keys are alphanumeric codes that allow encryption and decryption. Private keys are known to users alone and help sign transactions digitally to prove ownership. In turn, public keys are generated from private keys and shortened into public addresses that are visible to all users on the network.
PwC Asia FinTech and Crypto Leader Henri Arslanian draws upon a simple analogy to explain the process: “If you give me just your address, I can know where you live, but I can never enter your house. But if I have a copy of your house key with your address on it, I know where you live and I can also enter your house.”
A user’s public address cannot be reverse engineered to generate a private key due to the limitations of computational power, making it completely secure. In effect, it functions much like a house address in Arslanian’s analogy. By contrast, a private key is an all-access pass to a wallet, so its security is crucial.
Where does your crypto go?
Buyers can choose either hot or cold wallets as a form of personal storage. Hot wallets are usually free and support multiple kinds of cryptocurrency, making them an attractive option. However, since they are connected to the Internet, they are also vulnerable to attacks.
Alternatively, cold wallets usually come at a price (around US$80), accept fewer kinds of currency, and are completely offline. While they are incredibly secure, they are inconvenient for people who don’t have adequate technical knowledge to manage their assets.
If personal storage is not a concern, some buyers will choose to store their currency at exchanges. Crypto exchanges offer management services, and facilitate trade between various digital currencies as well as fiat currency. As a result, they are arguably the most convenient option for storage. Convenience, however, does not always translate into security.
Many [cryptocurrency exchanges] were not built with cybersecurity being the first priority,’’ Arslanian explains.
The sudden boom in cryptocurrency markets did not leave much room for the development of reliable security infrastructures, since most exchanges were focused on easing investment procedures. Unfortunately, this oversight opened doors for bad actors to steal cryptocurrency through phishing scams, malware attacks, and direct hacks, among others. In fact, some estimates suggest that a total of US$4 billion was lost to cyberattacks on cryptocurrency in 2019 alone (Forbes).
This isn’t to say that cryptocurrency stored in wallets is completely safe. Hot wallets can be hacked and cold wallets can be stolen or lost. If you’re particularly public about your investments, you could even be the victim of a ‘$5 wrench attack,’ or when criminals kidnap investors and demand ransom in the form of cryptocurrency keys.
How to prevent theft
While there is no fool-proof way to protect against cyber attacks, preventative measures can reduce their likelihood, regardless of where the assets are stored.
According to Arslanian, “It’s important for exchanges, not only to have external protection from hackers, but also to have good internal policies and frameworks to reduce the risk of rogue employees and internal hacks.”
Cryptocurrency exchanges have begun to store a majority of their assets in cold wallets, and solicited third-party custodians to produce more complex security measures. Decentralization has arguably played a key role in ramping up security. Decentralized exchanges allow users to keep their private keys in their personal wallets, effectively merging the convenience of an exchange with the security of a personal wallet.
In addition, individual investors can take numerous steps to secure their currency. Arslanian advises that they find a “balance between how much of their assets they leave in cold wallets versus hot wallets” and “do the due diligence on where they are leaving their assets” if they choose to store them at exchanges. Also, it’s important that private keys are stored securely, ideally on offline platforms.
As a result of these particular vulnerabilities, the cryptocurrency market has found it difficult to establish itself on the same footing as the financial market. To make matters worse, concerns about crypto safety are often overstated as a result of “negative media attention” according to Arslanian.
It’s important to realize that these lapses in security are not characteristic to the currency itself but to the methods of storing this currency. As security infrastructures improve and investor confidence increases, cryptocurrency could become as ubiquitous as fiat currency within the next few years.
Khadija is Jumpstart’s Editorial Intern.