Uncovering the Risks of Crypto Cold Storage and Transportation [Infographic]

By Lowers & Associates,

Carbon Black estimates that more than $1 billion in cryptocurrency was stolen in the first half of 2018 alone. And though cryptocurrency custodians must wrestle with some of the same security risks as traditional financial markets do, the crypto environment presents some unique challenges.

The digital environment needs fortification, of course,  via a secure network, encryption technologies, and other anti-hacking defenses. But the other, not so obvious, risk area is protecting the cryptocurrency assets held in cold storage. With cold storage, private crypto keys are physically stored offline or on a computer that is isolated from the network. In many ways, it’s considered a safer alternative to hot storage, in which private keys are stored online.

To protect these small, but highly valuable assets, custodians must identify and mitigate the risk exposure associated with storage and transportation of the private keys. Those risks include the size of the devices, identity management, access control, physical and operational risks, and the potential for violence.

In the infographic that follows, we explore each of these risks in more detail and highlight why cryptocurrency fraud prevention requires special consideration.

crypto cold storage risks

4 Key Sources of Cryptocurrency Exchange Risk

By Lowers & Associates,

It is no secret that cryptocurrency is captivating audiences and opportunists on a global scale. By utilizing the cryptocurrency model of block chain technology, users can perform transactions more quickly and anonymously. As such, many believe cryptocurrency was initially created to facilitate illicit activity such as human trafficking and narcotics. That impression has since been replaced as more and more people discover the ability to purchase goods and services without bank fees and potentially a higher gain on the amount of currency invested in the blockchain system.

Still, many risks remain. And the crypto exchanges are looking for new ways to mitigate these risks, which include:

Dispersed Risk:

Spreading risk is a widely accepted way to succeed in the financial market. But the complex way in which certain risks are dispersed across anonymous networks or computers in a crypto exchange makes is difficult to pinpoint the exact source of a threat or risk in the system.

Anonymity:

The anonymous, digital nature of cryptocurrency transactions means there is a natural lack of control and physical security. This allows new opportunities for someone with malicious intent.

Lack of Control:

Typically, network administrators and advanced computer engineers can develop robust controls to ensure the cryptocurrency is able to be stored and used as appropriate. But what happens if the device is stored on a thumb drive and is stolen or damaged? What happens if someone performs a tiger kidnap and forces transactions to take place?

Potential for Significant Loss:

Unlike in a vault robbery where millions of dollars in bulky and heavy currency takes multiple trips to remove from a vault, the same amount can be removed in seconds with a thumb drive into an anonymous sea of computers.

These and many other areas of risk are driving the cryptocurrency exchanges to invest in insurance. Insurance syndicates and others are responding by addressing how to validate the actual quantum of the currency and how to define the policies and exclusions that will protect these growing networks.

Meanwhile, the cryptocurrency exchanges will continue their efforts to identify and mitigate current and future threats to the trust and safety of their networks.

7 Burning Issues for Crypto Cold Storage [Slideshow]

By Lowers & Associates,

crypto cold storage

Demand is on the rise for cold storage vault services for cryptocurrency. As CIT and vault providers work to meet the demand, they are facing risks that are at once similar and very different from those they encounter with their cash services.

As a vault or transport provider, how well do you understand the risks of cold storage?

Our latest slideshow highlights 7 components of a risk assessment for cold storage providers of cryptocurrency. It looks at the following:

  1. The right safe for the job
  2. Control of digital threats
  3. Control of physical threats
  4. Identity verification
  5. Dual controls
  6. Access logs
  7. Procedural integrity

Flip through the slideshow here:

 

To learn more about custodial crypto transportation and storage, we invite you to download our whitepaper, Custodial Crypto Transportation and Storage: Understanding and Mitigating the Risks.

  Category: Custodial Crypto
  Comments: Comments Off on 7 Burning Issues for Crypto Cold Storage [Slideshow]

5 Risks the CIT Industry Faces in Crypto Transportation

By Lowers & Associates,

Custody of cryptocurrency in transit or in storage poses some specific risks that differ somewhat from the usual high-value small sized items, like jewelry. Cash in Transit (CIT) service providers will have to adjust security routines to take these differences into account.

By definition, providing transportation or storage of crypto means that it is in “cold” storage, meaning that it is offline — there is an air gap between the crypto and the Internet or some other digital network. Given that cryptocurrencies are always stored in digital files means that access to them is controlled via strongly encrypted “private keys” using 128-bit encryption generated by a “wallet” (a storage file).

Some risks carriers and vaults must take into account for secure custody of crypto include:

1. Items in custody come in small, somewhat fragile packages.

Even if the digital asset is worth millions of dollars, it can reside on a device the size of a thumb drive. The private key may be written on a piece of paper. Obviously, either of these would be easy to slip into a pocket, and neither weighs more than a few ounces. Packaging and handling have to take into account how easily these items can be damaged, as well as maintain an absolute lack of description of the contents to the casual observer.

2. The device is vulnerable.

The digital asset that the CIT or vault provider is responsible for will reside on some kind of electronic device that is capable of memory, and has a way to input the private key. The binary code that describes the asset contains its value, as well as the identity of its private key. Both of these are critical to access the value, and if either is lost, the value is permanently gone—it will be impossible to recover. Devices like this may be vulnerable to electronic or magnetic disruption, either by accident or intention, so CIT services have to be sure the files are not exposed to damaging fields.

3. The identity of the asset owner may be unknown.

Digital currencies were created in the first place to do away with the need for the regulations and controls imposed on fiat currencies like the US dollar. One standard control on ordinary currencies is the Know Your Customer(KYC) requirement. For crypto, where anonymity is a design feature, not a flaw, the custodian has the potentially large liability for criminal or terrorist activity if it does not know something about the identity of the asset owner(s). This information will have to come through procedures, not regulation requirements.

4. The carrier may not know the value of the currency they are responsible for.

Crypto carriers know Anti Money Laundering (AML) requirements, such as suspicious activity reporting, for values of any size. If custodial procedures depend in part on the value of the item, then determining that value is a critical matter. Beyond the ability of an owner to insure the item (whose risks must be known), the custodian is exposed to loss based on the value. This is a precarious situation.

5. Crypto requires unique access procedures that the custodian may need to help facilitate.

Custody of crypto means that there will always be two entities to protect: the digital file containing the currency, and a record of the private key, which may be physical. Since these two items can never be carried or stored in the same place, all of the risks described above apply to two complimentary assets that have to be brought together to access the value in the currency. This in itself creates the need for procedures to coordinate access in a way that ordinary items do not.

 In general, custody of digital currencies takes place outside the financial system framework that regulates business as usual in CIT businesses. For more information about the sources of risks of crypto and policies for addressing them, see our new white paper, Custodial Crypto: Transportation and Storage.

The Crypto Conundrum: What Are We Insuring?

By Lowers & Associates,

With the surge of cryptocurrencies, mainstream investors are looking at them as alternative vehicles for transactions and the storage of value. Despite their relative volatility, they have advantages in permitting transactions of any size on-demand, growing worldwide acceptance, anonymity of stakeholders, and independence from traditional financial institutions.

The security of the blockchain is inherent in its technology. Each step forward in time, when a new block is added to the chain with the guarantees of either the power of work (POW) or power of stake (POS), the transparency and permanence of transactions is theoretically immutable, as long as the private encryption keys are secure.

Every unit of cryptocurrency is exposed to investment risk, just like any other commodity that is traded in a market. Investors may seek hedges in the market against loss, but this kind of loss is not insurable in the ordinary sense.

So, the general answer to the question “what are we insuring?” is against the loss of value due to institutional failure or theft. But in the case of cryptocurrency, how is the value determined?

The institutional structure of cryptocurrencies is a wild west of new businesses emerging to manage the flow and storage of value. The most prominent type of business in this ecosystem is the exchange, where the market value of crypto can be traded for a traditional fiat currency. You can sell your Bitcoin for U.S. dollars, products or services, or almost any other currency.

Unfortunately, the exchanges have proven to be insecure. Billions of dollars’ worth of cryptocurrency have been stolen by hackers who break into the online system. In an odd feature of the blockchain, it has been possible to see which accounts received the stolen money, but without the encryption keys it cannot be recovered.

Shifting the risk offline.

A response to the risk of storage of value on a crypto exchange (in a “hot wallet” online) is to move the currency to a “cold wallet” that is offline. In other words, you download the value onto private keys.

Therefore, the insurable event is when either the encryption key or the currency value, or both, are stored offline. Whenever this happens, you are no longer in the purely digital world of the blockchain, and the risk of loss through theft arises.

Insurers will want to replace the fiat currency system’s security rules with procedures and processes that duplicate their functions. For instance, they will want to replace ‘Know Your Customer’ regulations with procedures that identify the owners of the currency and/or encryption keys. They will also want to see custodial procedures that safeguard the offline items with security commensurate to the value.

There is some irony in the fact that the blockchain, which was devised to do away with all the cumbersome regulations of fiat currencies, maintain anonymity, and offer a high level of confidence, is now evolving toward systemic guarantees much like fiat currencies already have.  There is a cost for having secure transactions and storage.

For much more information about cryptocurrency storage and transportation, see our new white paper, Custodial Crypto Transportation and Storage: Understanding the Risks.

  Category: Custodial Crypto
  Comments: Comments Off on The Crypto Conundrum: What Are We Insuring?