Cyber Security in Crypto

Cyber security is paramount for the crypto industry. Several solutions have been developed today that range from physical hardwares and software computations, to networks and audits. In addition, more innovations are likely to come to prepare blockchains for quantum computing.

Photo source: Pexels.com

Hacks have been covering an ample number of crypto headlines in the press. As KPMG estimated in its latest report, crypto assets hacks have resulted in $9.8 billion in losses since 2011. In addition, given that wallet addresses are a non-user-friendly alphanumeric code and can be mistaken and spoofed, your crypto assets could end up in the wrong hands. Consequently, improvements in security have been key for the development of the industry.

Some of the most exciting developments in crypto security are the development of hardware security modules (HSM), multi-party computation (MPC), the creation of transaction networks, and ultimately the performance of security audits. Furthermore, some companies are looking further into the future and preparing for the arrival of quantum computing.

HSM is a secure physical device that uses algorithms to encrypt data and, therefore, cryptographic keys. HSM is designed to execute encryption and decryption routines through what are called ceremonies. A ceremony is a procedure where the master key is generated to start the use of the HSM. Normally ceremonies require different key holders to be present, as no person alone can access the physical device. Also, the key holders need to follow an orderly step-by-step script to be able to encrypt or decrypt the data. HUB security is one company that implements these HSM solutions not only for blockchain, but also for banking, cloud, IoT, etc.

MPC is a software solution that distributes a computation across multiple parties that are dispersed and consequently, allows the split of private keys. Instead of one person or entity having a private key in their possession, multiple parties hold pieces of it. Each party has only access to its assigned piece, but the computation of all the pieces together generates the full key. The question relies on how many pieces are needed for the key to be secured and where are those pieces located, as highlighted by Israeli cybersecurity firm GK8. The MPC method is not exclusive to crypto—it can be applied to any problem involving confidential data. Other companies using MPC include Unbound Technologies, Curv and Fireblocks.

Apart from using MPC for securing private keys, institutional investors need to make sure that when trading, their API credentials are not compromised and cryptocurrencies arrive to the right wallet. Fireblocks has managed to solve for this problem through the launch of its Asset Transfer Network. The network currently has 55+ companies and 25+ exchanges, including Binance and Coinbase, and allows institutions to securely find and connect with each other to transfer assets on-chain.

In addition to securing the trading and safeguarding of assets, it is important to secure blockchain protocols to make sure they work as intended. To this purpose, certain protocols create bug bounty programs by which they encourage coders to identify and submit vulnerabilities. On top of this, companies such as Quantstamp perform security audits to blockchains and smart contracts and provide a certification with the results.

Finally, it is widely known that current blockchain-based systems may become vulnerable with the advent of Quantum computing. Quantum computing uses quantum mechanics to perform calculations rather than binary units as current computers use today. This technology allows devices to perform tasks a lot faster, including the one-way mathematical functions that blockchains rely on nowadays for security. It is predicted to become a reality in five to fifteen years.

One of the companies that works on preparing blockchains for quantum computing is PQShield, a spinout of Oxford University’s Mathematical Institute. PQShield has been working on a post-quantum signature scheme with researchers from Algorand, Brown University, IBM, NCC Group, Qualcomm, Thales and Université Rennes.

Overall, crypto still faces many security challenges and cybersecurity should be a top priority.

As the ecosystem develops, current solutions will likely become outdated and need constant improvement. Also, the more money drawn into the protocols, the more incentives hackers will have to take advantage of vulnerabilities. Therefore, blockchain companies must take steps to avoid being victims of security breaches that hurt the growth of the industry.