Using Google to search “how to trade bitcoin” will return more than 150 million results in less than a second. For newcomers to the cryptocurrency community the amount of advice and choice can be overwhelming. However, the number-one concern for those looking to invest in cryptos is security.
Thankfully, cyber security in general, and in the crypto space in particular, is vastly improving. Exchanges and crypto platforms are building more robust defences to keep cyber criminals at bay. The rise in popularity of online (‘hot’) and offline (‘cold’) digital wallets is also significant, as they offer investors another layer of security and peace of mind that their cryptos are well protected.
It is worth noting that it took decades for well-known banks and other financial institutions to gain the required level of trust. While the crypto industry is a toddler by comparison, those in the community are by nature at the cutting edge of technology and quick learners, reassuringly.
“The business of moving money electronically began 145 years ago, as Western Union became used for wire transfers,” points out Chakib Bouda, Vice President and Chief Technology Officer at Rambus Payments, an organisation that provides cloud-based solutions to banks and retailers that enable mobile wallet functionality.
“In that time a lot of lessons have been learnt – usually the hard way – about how to protect electronic transactions. Unfortunately in the early days of cryptocurrencies some of these lessons were overlooked, or at least not designed into the entire transaction systems, leaving gaps which criminals could exploit.
“The biggest failing in cryptocurrency security has been in managing the secret keys that are central to any crypto. Failing to secure the private keys to a cryptocurrency wallet, whether that is ‘hot’ or ‘cold’, means that the value stored in it can be stolen. Keeping private keys secure but usable has been one of the biggest challenges exchanges and cryptocurrency organisations have faced.”
Lawrence Munro, Worldwide Vice President of SpiderLabs at Trustwave, agrees, and says: “Many people – even within the information technology security community – believe that due to the immutable nature of cryptocurrencies, and the decentralised digital public ledger blockchain technology, they are 100 per cent secure. This is not the case. All software is susceptible to bugs – coding and human errors – and logic errors in the implementation, and cryptocurrencies are no exception.”
Vince Warrington, an independent chief information security officer (CISO), believes the 2014 theft of 850,000 bitcoins from the Mt. Gox exchange served as a critical “wake-up call” for the industry. “While, from the outside, the collapse of the exchange might seem to be the case of becoming the unfortunate victim of a hacker, a closer examination reveals that the whole enterprise was built on sand,” he says.
“Coders who worked for the company reported a lack of basic version control – a standard method of control in any professional software development environment – single points of failure for approval of bug fixes existed, the source code used by the exchange was reported to be ‘a complete mess’. And, finally, the owner of Mt. Gox, Mark Karpelès, is still under investigation in Japan on charges of embezzlement and data manipulation.”
Fear not: boosted levels of both cyber security knowledge and professionalism have helped to bolster the defences of today’s crypto exchanges and platforms. “Now many are run as financial services businesses rather than being the brainchild of an entrepreneurial coder or, in the worst cases, as downright scams,” Mr Warrington continues.
“Increasingly exchanges recognise the need for experienced professionals outside of their core functionalities who can provide expert knowledge and advice to ensure a smooth operation.”
Further protection for investors arrived in April 2018, when the United Kingdom’s Financial Conduct Authority stated: “Dealing in, arranging transactions in, advising on or providing other services that amount to regulated activities in relation to derivatives that reference either cryptocurrencies or tokens issued through an initial coin offering (ICO), will require authorisation by the FCA.” Mr Warrington says: “These measures not only drive change within crypto exchanges, they also increase consumer confidence.”
Now multi-factor authentication is the norm for accessing exchanges, and many are making use of Hardware Security Modules, or HSMs, which have been widely used in the banking industry for some time. A user will have to, for example, pass five of eight HSMs to gain access to the wallet.
Additionally, there are now some excellent options for ‘cold’ wallets. Until recently, traditional crypto wallets have been of the ‘hot’ variety – whereby it is held by an exchange and is effectively always connected to the internet. ‘Cold’ wallets are physical hardware devices that only connect to the internet when required by the holder.
“If a ‘hot’ wallet is akin to your bank account, a ‘cold’ wallet is akin to a bundle of cash kept under your mattress,” explains Mr Warrington. “‘Cold’ wallets offer greater levels of protection over ‘hot’ ones, and most crypto experts recommend ‘cold’ wallets for long-term storage of your coins.”
Those looking to invest in cryptos should be heartened by the rapid evolution of cyber defences. “The security of crypto currency exchanges is constantly improving as the market matures – although it’s important to remember that nothing digital can ever be truly considered 100 per cent secure,” adds Mr Warrington. “While the chances of another incident of Mt. Gox proportions can never be discounted, we are now seeing stronger, more professional crypto exchanges emerging.”
Oliver is a multi-award-winning journalist, ghostwriter, media consultant and editor based in south-east London. He specialises in tech, business, sport and culture, has been by-lined in every English newspaper and regularly contributes to The Daily Telegraph, The Times, The Guardian, and The Financial Times Weekend Magazine. On Twitter he is @OliverPickup.