Tackling security to avoid regulation

Cryptocurrency exchanges are increasingly considered to be the new banks as crypto has rocketed in use to overtake American Express and become the third largest payment system in the world after Visa and Mastercard.

As a result, more and more businesses are starting to accept digital currency in their transactions.

Unfortunately, recent high-profile hacking incidents like the one which targeted the Singapore-based major cryptocurrency exchange KuCoin in September have exposed a lack of basic safeguards. In an astonishing lapse for the security standards of 2020, the KuCoin attack, in which 150 million dollars’ worth of Bitcoin and other cryptocurrency tokens were compromised, occurred after one or more hackers obtained the full private keys to the exchange’s hot wallets.

These high-profile incidents are bad PR for the whole industry which suffers as a result. They may well lead to addition regulation of private, self-hosted crypto wallets being introduced to prevent similar breaches from happening again. Consequently, to avoid becoming overregulated, this quickly growing sphere requires a pre-emptive, rigorous security strategy that will secure all assets from hackers.

The crypto industry must focus on protecting assets

The fundamentals around the need for security haven’t changed in a century. As such, modern day criminals now target cryptocurrency exchanges for the same reason as the infamous criminal Willie Sutton, who when asked why he robbed banks in the 1920s replied, “because that’s where the money is”. In 2020, about 1.3 trillion dollars will be transferred or deposited into banks from cryptocurrency exchanges, an astounding figure which presents a big risk to the banks, so the KuCoin attack really has to be a wakeup call for the crypto exchange platforms.

This situation begs two immediate questions. Why are these type of cybersecurity breaches still occurring and why aren’t stringent policies in place in order to avoid them? It should be clear to everyone that full cryptographic keys should never again be kept in one place, so incidents such as KuCoin are frustrating because they should be simple to avoid. Unfortunately, while entrepreneurs are great at knowing how to build companies, all too many don’t necessarily think about how to protect assets from a security point of view.

The reality is that to tackle security properly it is necessary to hire the right people. Those small start-ups that don’t have a CSO because budgets are tight should hire an SaaS vendor if possible as a secure infrastructure is essential. As businesses grow and start to manage more assets and can afford full-time security staff, they should start to rely on professionals to secure their infrastructure for them, either in-house or externally. Often the problems arise when entrepreneurs misguidedly believe they have enough knowledge to do the security on their own.

The emergence of MPC

As the industry continues to evolve from the speculative phase into a new generation the game is set to change significantly and security will have to be at its core. It is important that financial institutions work to raise confidence in crypto as a reliable way to transfer value. If the industry doesn’t improve in this area and set a better precedent, it is likely to become over regulated. With new investors joining the market with a very different mindset on risk, they are going to vote with their money and will chose to invest in firms that can demonstrate regulatory compliance or have a framework to demonstrate they are doing what is necessary to secure their investments.

Technology solutions are available to deal with security of assets and for any licensed or unlicensed financial institution there should be a long-term strategy to invest in these types of solutions so that they can give confidence to market participants and elevate the industry as a whole.

One such solution gaining a huge amount of interest is multi-party computation (MPC), a cryptographic protocol that distributes computation across multiple parties and no individual can see the other parties’ secrets. MPC never keeps keys in one place and offers strong cryptographic key protection capabilities in pure software, allowing organisations to perform calculations on encrypted data without unencrypting it.

MPC has so many potential use cases that an entire organisation has been founded around it, The MPC Alliance, co-founded by Unbound Technology and Frank Weiner, Sepior, brings the industry together and raises awareness. Since its launch in November 2019, its membership has tripled and major global companies are getting involved. More vendors are offering MPC-based wallets and the market is becoming much more aware of it, so the conversation around MPC is set to continue and evolve as we move into 2021.

Rising to the challenge

Moving forward, it will certainly be a challenge to encourage firms to make large changes in order to achieve incremental improvements in security. However, the challenge is made easier because along with being a better platform for operational security, MPC is an enhanced operation framework which can provide enough cost savings to pay for itself.

As more and more firms realise this and start using MPC they will benefit from its flexibility and agility to support their evolution along with the rapidly changing crypto currency market.

About the Author

Marcella Arthur is VP, Global Marketing at Unbound Technology. At the heart of Unbound lie sophisticated applications of Multi-Party Computation (MPC), developed by Unbound’s co-founders, Professor Yehuda Lindell and Professor Nigel Smart, world-renowned cryptographers. MPC offers a mathematical guarantee of security that fortifies Unbound’s disruptive technology. For the first time, trust-contingent operations are enabled anywhere, reaching far beyond the boundaries of physical infrastructure.