Cryptocurrencies have exploded, drawing businesses and private individuals into an investment frenzy. This has been very lucrative for some, and despite the speculative process of working with cryptocurrency, it does not seem to be deterring too many people from entering the crypto vortex. However, as with all monetary enterprises, this has also attracted scammers and hackers. Is there a way to build a trusted world for crypto-payments?
This was a question posed to Nitin Gaur, Director, IBM Financial Sciences and Digital Assets on our recent Security Sessions podcast episode 12. Nitin was able to give us a fascinating insight into the current messy and chaotic state of crypto currency and how it is also progressive and exciting, here are some of the key points of what we learned.
What started as, and still remains an experimental endeavor, has matured over the years. For example, the emergence of Non-Fungible Tokens (NFT) has fueled a convergence of society, art, and technology. That maturity opens up cryptocurrency to not only financial institutions, but also non-financial enterprises.
At the heart of the security challenge is the underlying blockchain technology upon which all cryptocurrencies are built. The assumption is that the blockchain systems maintain a very serious security posture. Along with that the biggest challenge lies in what is known as the “last mile”, that is, the individuals who are dealing with the system; this is the source of most of the errors and vulnerabilities with cryptocurrencies.
A lot of the concern about blockchain security revolves around two aspects of the technology: Trust, and Expectation Management.
Fundamentally, the systems are designed for large participation via a decentralized infrastructure, but within that arrangement, the building blocks need to be affixed to entities that are trustworthy. If one examines the evolution of blockchain protocols, the terms “trust systems” and “securing the network” are overarching principles. The intent is to trust the system itself, and everything that is transacted on it. This means that it is best built by entities with expertise in the technology.
Expectation management is required for assuring that the systems perform to a particular standard. When one thinks of the way that the internet functions, it is as simple as typing in a web address and receiving the expected result. The desired state for the cryptocurrency landscape is with the same; it should be ubiquitous, smooth, and worry-free. The wallets, exchanges, liquidity, and recovery should all function with the same expectations as existing payment systems. Part of this requires explicit trust of the individuals who access the system. Fraud, and theft prevention are the imperatives for assuring trust and security expectations.
Another serious concern is to have interoperability between all the participating disparate networks, and some form of governance that adds reliability and trust to the process. One method for this is the Hyperledger fabric. Hyperledger can build the standards that will support the concept of ubiquity, while also supporting cryptocurrency at a global scale. While hyperledger is the foundational technology, its maturity lies in advancing it to the digital equivalent of some of the analog counterparts, such as treasuries and exchanges, while still maintaining decentralization.
In its current form, cryptocurrency is still somewhat “klunky”. It has the expectation that the average person understands key management, and the concept that the asset is not physical, residing in the blockchain system. In order for more global adoption and use, the entire process needs to be simplified and unified while keeping it open for the diversity of the different asset classes. Right now, a person needs multiple digital wallets to transact cryptocurrencies across multiple exchanges. This is unmanageable.
The good news is that all of the building blocks already exist, from cryptography, and root of trust, to database management. Similarly, the language of smart contracts is not new. This all makes the forward momentum for cryptocurrency adoption that much easier. Yet, we have to enhance these technologies to work with omnibus accounts, and segregated wallets.
Of course, it would be negligent to ignore the dark side of cryptocurrency. We all know that the anonymity of cryptocurrency makes it an attractive monetary instrument of criminals, not just for ransomware attacks, but also for other illegal transactions. At least one recent report indicates that the majority of cryptocurrency activity is not centered around illicit activity, but the perception has not changed.
One of the most important aspects to ensure the credibility of the cryptocurrency technology is to make sure that the security of any system is built in at inception. The perceived collision-course of the traditional financial Industries and the emerging cryptocurrency systems does not need to be disastrous. There is a lot that can be shared, resulting in better systems as the two technologies converge. Cryptocurrencies are not an imaginary construct. They are here, and as we continue to improve upon this new monetary vehicle, it is also an opportunity for security to evolve.
To learn more, tune into the Thales Security Sessions Podcast episode.