Crypto Cold Wallets Are Not Enough Without Adopting Best Security Practices

News, Opinion | May 24, 2019 By:

It has been proven time again that keeping digital asset holdings in cold wallets or leaving them on exchanges is not safe enough.

As recently reported, 7,000 BTC was stolen from the Binance exchange in one transaction, after a malicious actor used customer data that had been stolen from users, to access accounts.

The attackers could only take assets from the hot wallet, which only contained about 2 per cent of the exchange’s total holdings in BTC.

Binance has taken control of the situation, and is reviewing their policies. But this situation shows both users and exchanges alike lack the technical security expertise to protect their holdings.

Users need to move beyond hot and cold

As this most recent breach has shown, hackers will resort to some relatively old-school methods when trying to access user funds.

Phishing scams remain popular, with the spoofing of emails to gain access to inboxes or even exchange logins.

And when a cryptocurrency thief can’t use tech to get access to assets, they have even begun to resort to physical theft.

Cryptocurrency holders are facing a dilemma, as malicious software develops faster than consumers can keep up with methods to protect their assets.

With a total of $1.7 billion of cryptocurrency stolen in 2018 alone – that’s nearly 1% of the total market cap of all crypto – it’s clear that digital assets are as easily stolen as they are protected.

Institutions need to take more responsibility

Whilst blockchain-based assets are generally built on principles of decentralization, the knowledge gap between holders and thieves is too wide for institutions to take a step back.

The majority of the $1.7 billion worth of stolen cryptocurrency came from exchanges, where too many assets were held in hot wallets, where cold wallets were improperly secured, or where users were left to secure their own funds without an adequate amount of knowledge to do so.

Exchanges play an important role in mediating between different parts of the ecosystem, and bringing it together.

The best exchanges are experts at onboarding customers, attracting new tokens or currencies, maintaining blockchains for exchanges to occur on, and encouraging liquidity.

However that doesn’t mean they are experts at keeping those funds secure – nor were they designed to act as a custody solution for customer assets.

Custody offers the best option

Unlike exchanges or wallets, custody providers are experts in holding assets – digital or traditional – and they are liable for them too.

Custody or trust providers are licenced: they have standards they must meet, and regulations they have to comply with.

This means user assets are protected, as are the reputations of wallet-providers, exchanges and over-the-counter trading desks.

Just like a decentralized network, it is safer to spread assets and data amongst a number of parties.

It doesn’t make sense for exchanges to take a monopoly on responsibility, when there are existing experts that can offer a specialised service, without requiring compromising information.

Despite some of its outdated practices, traditional finance has some lessons to offer the emerging digital asset industry.

Entrusting assets to the guidance of specialised and secure providers is one of them.

Ultimately, the type of wallet in use is inconsequential without the knowledge of best security practices to protect the assets that are being held inside.