Cryptocurrency thefts and fraud might have reached more than $1.2 billion during Q1 2019

發佈於 May 6, 2019 | 部落格

According to a recent research published by CyberTrace, a cybersecurity firm, cryptocurrency losses for the first quarter of 2019 could be as high as $1.2 billion, including losses from thefts, scams and fraud.

Cryptocurrency losses caused by theft and scams hit $356 million

In their quarterly report, the company states that up to US$ 356 million were stolen from exchanges or users by scammers and thieves.

According to the same company, the losses from crime in the digital currency sector reached $1.7 billion in 2018, and this new research hints that this year the industry might see an increase in that figure if the trend remains. Latest reports about Binance being hacked with a loss of $40 million point on that direction.

These are only some of the most relevant cryptocurrency hacks between June 2018 and May 2019
These are only some of the most relevant cryptocurrency hacks between June 2018 and May 2019

What are the causes of such a large figure

In some cases, funds were stolen directly from hot wallets containing a large amount of assets. This is simply a high risk practice, since hot wallets are connected to the Internet, and it has been proved time after time to be potentially hackable. There are plenty of safer mechanisms to securely store the private keys. For instance, cold wallets are ideal for long term storage, or semi-cold wallets, such as CYBAVO VAULT are an ideal combination of security and convenience for daily business operation.

The report also includes the funds lost by Canadian exchange QuadrigaCX . In this case, fund loss was caused by the decease of the only person with access to the private keys of all the company funds, the company CEO turned out to be the single point of failure. This situation would not be conceivable in a traditional business structure, yet it happened in this cryptocurrency exchange. A redundant, multi-level, M-of-N approval chain process involving different stakeholders would eliminate this risk of single point of failure, while introducing an approval hierarchy to the transaction process.

QuadrigaCX lost millions in cryptocurrency due to the lack of a business-suitable approval structure
QuadrigaCX lost millions in cryptocurrency due to the lack of a business-suitable approval structure

In some other cases, the fund theft was perpetrated from inside the company. Multi-signature wallets, despite of increasing protection are not enough for a a business environment. In a multi-signature wallet, all signing parties share the same level of authority, which is rarely the case in a company’s hierarchy. This fact makes multi-signature protection mechanism prone to be bypassed if few malicious users agree on signing a transaction bypassing a higher’s authority role in the hierarchy.

How to reduce the risk of becoming the target of such thefts

Although companies working with digital assets are increasingly aware of security, this is a pending business for many of them, whose efforts to protect their assets are not effective enough to significantly reduce the risk of fund loss caused by a hacking attack, negligence or internal theft.

Securely storing funds in different locations, enforcing a comprehensive set of account or user-based transaction policies, or implementing a hierarchical approval chain matching the company’s authority hierarchy don’t sound as the type of precautions a traditional asset manager or a finance institution would skip while evaluating their business security, yet they keep being overlooked in the digital asset economy.

It is in the hand of digital asset centric business owners to ensure the company works with the highest standards of security. However, for some companies this might imply to employ a development team specialized in cybersecurity and blockchain, which might be costly and difficult to organize.

Why CYBAVO VAULT is the best option to protect enterprise digital assets

For those business owners concerned about security but discouraged by the entry wall that might mean to deploy security for their digital asset business, we have developed CYBAVO VAULT, a business-ready turn-key solution for digital asset secure storage and management.

CYBAVO VAULT offers a secure institutional-level storage for digital assets leveraging a unique encryption scheme based on shared responsibility model. The solution has been thoroughly designed and developed by a team of cybersecurity experts focusing in the system security at all levels, from the operating system to policy enforcement. CYBAVO VAULT enterprise-ready, easy-to-use management platform, features different users and permissions, and a complete set of granular policies, including wallet-based and user based spending limits, address whitelisting, and a fully customizable multi-level, M-of-N and threshold level approval chain.

CYBAVO VAULT enforces transaction policies and a business-ready approval process
CYBAVO VAULT enforces transaction policies and a business-ready approval process

The advantage of CYABVO VAULT’s holistic approach is that customers can easily deploy a secure and user-friendly digital asset management platform and start using it out of the box, without the need of any development on their side. This turn-key approach also eliminates the risk of the asset loss caused by security breaches introduced during integration of multiple systems by developers that may lack security expertise.

The recent announcement of the partnership between CYBAVO and Sepior to integrate the latter’s multiparty computation (MPC) technology to CYBAVO VAULT, elevates the security of the solution to new levels, and makes MPC technology available to a wide range of customers who need secure and easy to deploy digital asset management solutions to protect their digital assets.

CYBAVO VAULT ensures a secure private key storage, and a flexible and robust policy enforcement in place, to reduce the risk of cryptocurrency theft to near zero.