/https://specials-images.forbesimg.com/imageserve/60dba3c7a07832c752a61bcb/0x0.jpg?cropX1=0&cropX2=2268&cropY1=115&cropY2=1390)
Cryptocurrencies have their own set of security concerns. (Smith Collection/Gado/Getty Images… [+] Images)
courtesy of Getty Images
In May, the ransomware attack against Colonial Pipeline made headlines. To recover access to their systems, Colonial Pipeline chose to pay the hackers roughly $5 million (75 bitcoins). According to Bloomberg, the FBI tracked the address of the wallet the thieves gave to Colonial to make the payment over the next few weeks. Federal authorities confiscated the assets at that point, recovering 2.3 million dollars in bitcoins. In their request for a warrant, the FBI stated that its agents had the private key to that bitcoin wallet in their possession. It’s unknown how they got their hands on the private key, which is kept secret. One possibility is that hackers chose to entrust their Bitcoin private key to a cryptocurrency exchange, which was forced to hand up the assets to the FBI.
This incident serves as a stark warning of the dangers of cyber assaults on key infrastructure in the United States, as well as the use of cryptocurrency in ransomware attacks. Because of the pseudo-anonymous nature of the technology, criminals prefer Bitcoin and other cryptocurrencies, and funds in the wallet can only be accessible with a difficult cryptographic key.
It can also be used as a case study on the dangers and controls associated with cryptocurrency platforms that promote cryptocurrency trading.
Every transaction can be traced through the blockchain that underpins the technology thanks to advancements in blockchain explorers, or crypto search engines. Every transaction is publicly recorded in the digital ledger, with users identified by a string of characters known as a “wallet address.” If a third party determines who owns a wallet, it has access to the owner’s entire transaction history.
If the private key is kept in the crypto exchange’s custodial wallet, the funds can be stolen if the crypto exchange’s servers are hacked. The private keys linked with consumers’ wallets on centralized cryptocurrency exchanges like Coinbase and Paypal are kept on the platform. When users leave their Bitcoin or cryptocurrency on the exchange, they rely on the controls in place.
More educated and security-conscious crypto investors retain their money in ‘cold’ wallets and USB sticks, away from big trading apps. In response, Square, a fintech company, is said to be working on non-custodial bitcoin hardware wallets, which would allow investors sole access over their private keys and offer them more control over their Bitcoin.
ADDITIONAL INFORMATION FOR YOU
Because of the rise in cryptocurrency investment, the business has become a tempting target for unscrupulous hackers and thieves looking to commit frauds, scams, and thefts. According to CipherTrace’s annual Crypto Anti-Money Laundering and Crime Report, bitcoin crimes totaled $1.7 billion in 2018. This amount increased by about 165 percent year over year to $4.5 billion in 2019, before falling to $1.9 billion in 2020.
Crypto exchanges are vulnerable to a variety of threats, ranging from human mistake and security weaknesses to malware that infects hard drives in search of wallet passwords and private keys. As a result, regulators have called for better customer and investor protection. Internal controls modeled after well-known financial institutions include thorough account verification that conforms with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. Standards of integrity and security are inconsistently enforced because most bitcoin businesses and exchanges operate outside of financial services rules.
On the internet, there are even cases of cryptocurrency exchanges claiming that they do not conduct KYC verification of consumers and that customers are free to keep their personal information private. Binance, the world’s largest crypto exchange and situated overseas, is one such exchange. Binance is now being investigated by the Internal Revenue Service and the Department of Justice in the United States for money laundering and tax evasion.
Maintaining the same level of security, anti-fraud, and other capabilities while dealing with higher volumes and types of transactions is a difficulty for trading technology. In the face of significant market volatility, more centralized crypto exchanges have had to deal with system outages. To meet their risk management and compliance plan, they are employing RegTech technologies for sophisticated KYC/AML risk monitoring and analytics.
Insiders are concerned that tighter internal controls and increased regulation will stifle innovation and force the company to move its operations offshore. In a recent paper published in the Journal of Financial Regulation, Brian Feinstein and Kevin Werbach, Wharton professors of legal studies and business ethics, argue that greater regulation of cyber platforms would not necessarily dampen enthusiasm for crypto or push trading to more laissez-faire countries. Following important cryptocurrency regulation developments, they looked examined trading behavior on multiple exchanges across the world. Bad business is driven out by good business. They suggest that when unscrupulous actors leave, genuine investors, ranging from day traders to huge investment institutions, will gain prominence.
Finally, the Colonial Pipeline attack and FBI investigation have given a case study of crypto currency trading venues’ processes and procedures, particularly in terms of security breaches, KYC/AML, and private key custody. Exchanges and other platforms are still susceptible, and security and compliance frameworks must be strengthened to prepare for and protect against future intrusions and thefts of customer assets, as well as to keep fraudsters and money launderers out. This could give you a leg up on the competition./n
