Security is front and center for cryptoassets, given the heightened cyber risk associated with them.
Since cryptoassets are natively digital and often have high value, crypto businesses that transact with these assets are prime targets for cyber criminals. If hackers breach an organizations crypto infrastructure, they can transfer crypto out to external addresses, leaving the organization with little or no recourse. Crypto transactions also occur over the open internet, which makes both the tokens and any associated services vulnerable to a variety of traditional cyberattacks, such as a phishing or malware attack. Further, even organizations that do not have any crypto operations are now targets for hackers who are looking to steal computing power that they can use for crypto mining.
As part of our crypto research work, we have analyzed many cybersecurity incidents that have impacted crypto exchanges in the past few years. The attack vectors and root causes span a wide spectrum. Examples include auditor account compromise, server failure due to DDOS, unencrypted data stores, phishing attacks, smart contract bugs, software vulnerabilities, order sequencing issues, security update failures, and poor wallet tiering among others. Most, if not all of these, are not new and unique for the crypto space.
It is clear from these that lessons learned from decades of security and risk management experience with other traditional and emerging technologies are still applicable.
In addition, a number of leading crypto security practices have emerged in the last two to three years including crypto address whitelisting for warm storage, geographic distribution of Hardware Security Module (HSM) keys, sharding, and many others. There is a need for crypto-specific security standards that complement existing security frameworks such as those published by NIST and ISO. While some efforts are now underway across the industry to develop these, crypto businesses should look to build their cybersecurity programs by starting with a baseline from existing industry practices and then add-in crypto-specific security practices to provide a layered defense model.
While specific crypto security practices are confidential and vary greatly from one crypto business to another, some leading industry approaches are emerging. We discuss some of them in this section.
Blockchain threat monitoring
Many cryptoassets rely on public decentralized blockchain networks, which are not directly under the control of a single organization. Miners or groups of miners (mining pools) typically provide the hashing power that collectively control these networks. This makes blockchains vulnerable to a bad actor that gains majority control of mining nodes, since the majority determines which transactions are valid. As of August 2018, the top four Bitcoin mining pools control around 54 percent of the total hash power of the network. There was even a period of time in 2018 when a single mining pool represented more than 25 percent of the hashing power for Bitcoin. This represents a concentration risk.
Businesses, therefore, need to build sufficient blockchain monitoring capabilities to proactively identify such threats that could impact their operations and client assets.
Blockchain monitoring should also include the use of geographically dispersed nodes. These nodes can not only enable monitoring of the status of the network globally, but also provide the ability to better monitor the source of transactions being submitted to the network.
0Organizations will also need processes for actively responding to the threat information collected by these blockchain-monitoring capabilities. They should consider which threat metrics should be integrated into their existing risk reporting processes to drive faster decision making. This information could also help drive business decisions around which cryptoassets to continue supporting.
Key management and tiered storage
Cryptoassets are typically stored in hot and cold storage facilities. Hot storage facilities afford more liquidity but are also more susceptible to hacking. Cold storage facilities which are physically offline and disconnected from the internet are the least liquid but more secure. In some cases, warm storage facilities are used to provide temporary storage of assets as an additional layer of security before assets are moved to cold storage.
To protect client assets, organizations should keep only enough crypto in hot storage to facilitate daily business operations. The majority of crypto should be kept in cold storage. In addition, organizations should develop specific operational procedures to facilitate the movement of crypto between cold and hot storage and mitigate the risk of collusion.
Organizations should also create a crypto-specific team staffed with personnel who have been trained on how to deal with this specialized asset, including with respect to internal policies for managing the storage and the processing of crypto transactions. This team should also verify and confirm clients on-chain transactions by comparing internal transaction details with the clients blockchain records and wallet details.
Resiliency and recovery of keys
Cryptoassets typically utilize Public Key Infrastructure (PKI). PKI has always presented challenges for resiliency and disaster recovery, but those challenges are magnified for crypto operations, which are thoroughly dependent on the availability of public and private keys to transfer assets.
Organizations managing key pairs will need to develop resiliency and disaster recovery plans for securing private keys within each storage tier and for each type of crypto. However, traditional techniques, such as the use of HSM, may fall short, given the physical dependence on the HSM. A destroyed or unavailable HSM could mean lost or unavailable cryptoassets. In addition, other traditional resiliency techniques, such as high availability, either compromise security or are simply not technically possible for an air-gapped cold wallet.
Multisignature systems and third-party wallets enable organizations to secure private keys while enabling resilience across storage tiers. Using a multisignature system can allow organizations to split up keys or require multiple signatures from separate keys to complete a single transaction. This also helps drive segregation of duties and limit potential collusion.
Organizations managing their own private keys should also expand their existing business continuity and disaster recovery plans to include their cryptoassets and related systems. It is also important to recognize that the key recovery features do differ across the various cryptoassets and the underlying protocols. These differences will also need to be factored in part of an organization's key recovery strategies.
Wallet code review
In an incident last year, a vulnerability found in the Parity wallet for Ethereum allowed remote ownership of the multisig function of the wallet, giving full control of funds to the hacker that led to the loss of $300 million equivalent of Ether.15 Today, many crypto businesses use open-source code, allowing extensive code review by the community and increasing trust in systems, but vulnerabilities are still constantly being discovered. Organizations that choose to use open-source software for their crypto infrastructure should look to further independently review the source code to identify risks relevant to them. They can also consider customized implementations of the base software for certain components of their crypto infrastructure such as wallets.
Protecting competitive intelligence
Asset provenance presents an interesting two-sided challenge for cryptoassets. On the one side, crypto businesses have a need for KYC and cryptoasset provenance. On the other side, crypto businesses also have a need to safeguard competitive intelligence data that may be leaked through the blockchain.
In traditional asset classes, market activity and transactions are by and large not publicly available. This information, if publicly available, could be used by market participants and competitors for a variety of purposes including, arguably, market manipulation. But with cryptoassets, all transactions are posted to a publicly accessible, immutable ledger. With the use of advanced data analytics and asset provenance capabilities, a third party may now be able to monitor the blockchain, attribute transaction activity to a crypto business, and gain important competitive intelligence about that business. The third party may also use this data for various other purposes including market manipulation.
Despite the benefits provided by being a public immutable ledger, blockchains also create this risk for crypto businesses by allowing competitors or third-party observers to track some of their business activity. Crypto businesses may therefore need to have a clear strategy to obfuscate their own activity that is posted to the blockchain while, at the same time, providing the ability for themselves (and their competitors) to be able to determine asset provenance. It is also important to regularly review and update this strategy to keep up with bad actors and technology advances.
© 2022 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.