The Crypto Conundrum: What Are We Insuring?

By Lowers & Associates,

With the surge of cryptocurrencies, mainstream investors are looking at them as alternative vehicles for transactions and the storage of value. Despite their relative volatility, they have advantages in permitting transactions of any size on-demand, growing worldwide acceptance, anonymity of stakeholders, and independence from traditional financial institutions.

The security of the blockchain is inherent in its technology. Each step forward in time, when a new block is added to the chain with the guarantees of either the power of work (POW) or power of stake (POS), the transparency and permanence of transactions is theoretically immutable, as long as the private encryption keys are secure.

Every unit of cryptocurrency is exposed to investment risk, just like any other commodity that is traded in a market. Investors may seek hedges in the market against loss, but this kind of loss is not insurable in the ordinary sense.

So, the general answer to the question “what are we insuring?” is against the loss of value due to institutional failure or theft. But in the case of cryptocurrency, how is the value determined?

The institutional structure of cryptocurrencies is a wild west of new businesses emerging to manage the flow and storage of value. The most prominent type of business in this ecosystem is the exchange, where the market value of crypto can be traded for a traditional fiat currency. You can sell your Bitcoin for U.S. dollars, products or services, or almost any other currency.

Unfortunately, the exchanges have proven to be insecure. Billions of dollars’ worth of cryptocurrency have been stolen by hackers who break into the online system. In an odd feature of the blockchain, it has been possible to see which accounts received the stolen money, but without the encryption keys it cannot be recovered.

Shifting the risk offline.

A response to the risk of storage of value on a crypto exchange (in a “hot wallet” online) is to move the currency to a “cold wallet” that is offline. In other words, you download the value onto private keys.

Therefore, the insurable event is when either the encryption key or the currency value, or both, are stored offline. Whenever this happens, you are no longer in the purely digital world of the blockchain, and the risk of loss through theft arises.

Insurers will want to replace the fiat currency system’s security rules with procedures and processes that duplicate their functions. For instance, they will want to replace ‘Know Your Customer’ regulations with procedures that identify the owners of the currency and/or encryption keys. They will also want to see custodial procedures that safeguard the offline items with security commensurate to the value.

There is some irony in the fact that the blockchain, which was devised to do away with all the cumbersome regulations of fiat currencies, maintain anonymity, and offer a high level of confidence, is now evolving toward systemic guarantees much like fiat currencies already have.  There is a cost for having secure transactions and storage.

For much more information about cryptocurrency storage and transportation, see our new white paper, Custodial Crypto Transportation and Storage: Understanding the Risks.

  Category: Custodial Crypto
  Comments: Comments Off on The Crypto Conundrum: What Are We Insuring?

Custodial Crypto Transportation and Storage: Understanding the Risks [Whitepaper]

By Lowers & Associates,

custodial-crypto

Cryptocurrencies such as Bitcoin and Ethereum are emerging from the dark side of the web. These currencies have multiplied in number and increased tremendously in value despite their volatility.

However, sad experience has taught storing crypto safely in online exchanges is risky at best. In the infamous case of Mt. Gox, almost $500 million worth of bitcoin was hacked. Some of it seems to have emerged in the hands of potential thieves, but there’s still mystery surrounding the incident. Many other hacks of exchanges have occurred since Mt. Gox, leading to a scramble to find more secure ways to manage cryptocurrency.

The super-hacks have shined a spotlight on the issue of custody. As Philip Martin of Coinbase, a large cryptocurrency exchange, stated in a recent Wired Magazine interview,

“Cryptocurrencies have a threat model that’s fundamentally different from what’s come before. We’re taking the lessons from the past about physical security and blending them with well-structured cryptography.”

Crypto investors are understanding that a diversified approach to storage is wise. They are turning to cold storage (offline storage) for at least a percentage of their coin as a way of managing their risks of loss.

Many are finding that the simplest way to avoid the threat of losing digital coin to a hacker is to move it to an offline storage device, called a “cold wallet”. At the same time, the 128-bit encryption codes that permit access to the currency (especially the private key) have to be securely stored where they can be retrieved.

The moment digital files or keys are transferred to a physical medium, whether it’s a device or plain paper (which may be a legitimate way to store an encryption key), custody is the crucial issue. Many of the same risks exist for offline cryptocurrency as apply to other easily transported high-value items like gems.

The encryption keys add a layer of complexity. There are two high-value items, the currency and the key that accesses it, that must be transported and stored separately in a way that they can be rejoined when the legitimate owner wants access.

Our latest white paper plots a path to security in the storage and transportation of cryptocurrency. Carefully managing the risks involved with the activity is necessary to make cryptocurrency insurable. Get your copy of Custodial Crypto Transportation and Storage: Understanding the Risks.

  Category: Custodial Crypto
  Comments: Comments Off on Custodial Crypto Transportation and Storage: Understanding the Risks [Whitepaper]

When Crypto Keys Go to the Grave: A Case in Risk Management

By Lowers & Associates,

crypto-risk-management

This is one of those things that seems so obvious that you would have prepared for it. If you are the only one who has the encryption keys to a big stash of cryptocurrency, wouldn’t you take precautions to mitigate the possibility of your death?

In what must be one of the worst nightmares of cryptocurrency investors, news sources report that Canadian firm QuadrigaCX exchange CEO, Gerald Cotton, died in India on December 9, 2018 of complications of Crohn’s disease. He was reportedly the sole possessor of encryption keys to currency worth somewhere between $135 and $150 million. If these keys cannot be recovered, the company and the investors who trusted in it may simply have lost the digital money.

There have been very large losses from cryptocurrency exchanges before, but they have been due to hacker attacks that succeeded. Coindesk, a large American crypto exchange, reports that 2018 saw by far the largest losses of crypto due to hackers breaking into exchanges. They warned against keeping ‘hot’ wallets (coin storage) on the exchanges because the hackers were winning the technology race at the moment. The article argues that using hardware wallets (offline devices to store currency) “gives you the highest protection level.”

It is not clear in reports on this widely-circulating story whether Cotton kept the currency on hardware devices, or if he was just in sole possession of the encryption keys. Regardless where the digital coin is kept, you must have the keys to access it. The keys themselves must be stored in a secure fashion, with a method for retrieving them. Cotton’s wife claims that she has searched diligently for the keys to no avail—highly skilled coders are seeking ways to regain control of millions of dollars, with no success to date.

There has to be a plan.

Further, hardware keys in themselves are not the final security solution. Once encryption keys and/or currency are transferred to any offline medium, you have created an item that in itself is both valuable and vulnerable. Like jewelry or cash, offline stashes of cryptocurrency or the keys to access it become easily transported, high value assets.

Like jewelry or cash, offline crypto storage raises issues of transportation, hand-offs in the chain of custody, and storage security. All of these steps are exposed to significant risks of loss.

Some may look at the QuadrigaCX episode and conclude that cryptocurrency may be too risky for legitimate investors, and not ready for prime time. In the early years, crypto was often used in dark web transactions for drugs and money laundering, and there is a case to be made that it cannot function in a normal economic environment.

However, a greater certainty is that the crypto dream of creating a purely “free” means of exchange beyond the reach of any government is not without significant problems. Standard fiat currencies exist within structured sets of rules that track and evaluate transactions that provide some security. Money transport and storage businesses operate within these systems using carefully crafted risk management protocols to mitigate known threats.

Crypto may need to develop similar rules and work within fiat systems and/or adopt physical security similar to cash—to get the same level of security. To realize the potential advantages of cryptocurrencies for ordinary economic transactions, there needs to be a much higher level of control.

 

  Category: Risk Management
  Comments: Comments Off on When Crypto Keys Go to the Grave: A Case in Risk Management