The weak points in blockchain-based asset storage and transaction couldn’t be the blockchain itself. So how were bad actors targeting digital assets?
The same way that Riscure and FoxIT got around advanced encryption standards. Faced with effectively unbreakable AES 256-bit encryption, they attacked the device instead, developing the capacity to steal encryption keys from a distance of a meter so they could bypass the encryption they couldn’t overcome.
Attacks on digital assets similarly don’t usually attempt to take on the complex mass of encryption that is a blockchain. Instead, they target storage tools and asset exchanges.
Storage and exchanges: the vulnerable points of the digital asset economy
Among the first major digital asset crimes were perpetrated against centralized exchanges, where assets were stored with no greater security than a standard web application can provide — and sometimes not even that much.
After seeing millions of dollars of assets stolen this way, the community that was growing around digital assets began exploring solutions to storage and exchange that mitigated risk. In particular, exchanges sought ways to reassure their users that their assets were reliably kept.
Among the first was the cold wallet.
Hot and cold wallets
Hot and cold wallets work a little like a savings account and a current account: one holds the money you deal with on a daily basis, the other contains perhaps the bulk of your wealth but it’s not so easy to make withdrawals.
Under the hood, a cold wallet is an airgapped digital storage device. Airgapped means that it’s not connected to the internet and, crucially, never has been. So there’s no chance that it gets hacked.
The only remaining attack options, for criminals who want to get at those assets, involve social engineering, like tricking you into connecting with a scam email, or physically stealing your cold wallet device. There’s no technological solution to it.
Exchanges began advertising themselves as storing the majority of their assets in cold wallets, while individual investors began buying consumer versions for their own portfolios.
That sounds like cold wallets should be a working solution to digital asset security. But things haven’t turned out that way.
The flaws in the hot/cold wallet system
Cold wallets are like most user-level security interventions: they work if you work them, but people often don’t work them.
In many recently publicized cases, exchanges that said they used cold wallets actually didn’t. Even where they intended to, proper policies and procedures were never laid out and enforced, so staff defaulted to convenience — then companies and individuals paid the price when hot wallets were raided by hackers.
Despite the risks, and the evident shortcomings of the cold wallet system, there hasn’t been a significant reduction in the number of companies that self-custody clients’ digital assets. It’s been a contributor to the large number of exit scams, where companies will carry out an ICO, claim to have been hacked, and keep the money. Clearly, this problem of secure storage is an issue for the whole digital asset space.
Thousands of new businesses are springing up in the digital assets space. Exchanges, funds, payment providers and others proliferate, and they all need a way to keep their clients’ assets secure. The hot/cold wallet system remains as prevalent as ever.
The core of the digital asset economy has a persistent security problem
These new businesses form the core infrastructure of the new digital economy. Digital assets have the potential to accelerate commerce, create a universal store of value, and eliminate middlemen. But that can’t happen so long as the majority of digital asset wealth requires similar physical security to non-digital assets. If you have to lock digital assets away in a bank vault, you remove many of the advantages they possess over non-digital assets.
Hot/cold wallets introduce new problems
Crypto funds will struggle to function if there is a delay of three to four hours while their finds are accessed. And clients aren’t satisfied with these speeds. How can exchanges preserve liquidity in a highly-fluid market and sequester the majority of their funds in cold wallets requiring several hours to process?
In addition, funds and exchanges that keep 95% or more of their assets on cold wallets are effectively announcing that they keep around 5% of their funds in an easily-hackable location. This obviously comes with serious risks and all the simple ways of ameliorating those risks, such as using multiple hot wallets to reduce the honeypot effect, are problematic for their own reasons.
Finally, consider the case of QuadrigaCX, whose founder and CEO self-custodied the exchange’s funds in a cold wallet. When he vanished, apparently dying in India, it was discovered that the funds were inaccessible; using a cold wallet to prevent theft had resulted in the loss of $190 million.
The relative maturity of the digital asset economy
The introduction of blockchain technology has been likened to other revolutionary technologies, such as steam and internal combustion. In each case, even once the technology had proved its worth and was in the process of becoming widely adopted, boilers burst, trains ran off rails and vehicles crashed or blew pistons; the power of the technology was understood, but we still had to learn to mitigate the new risks it represented. That’s where we are with digital assets right now.
Just like steam engines would have failed without tracks, coal and water, the digital asset industry will never evolve if the assets are not connected to the very fabric they were intended to operate on.
So if hot/cold wallets aren’t the solution, what is?
Alternatives to hot/cold wallet storage
We can look to older business sectors that have successfully made the transition to a mostly digital world, and seek to learn from them. Banks are among the oldest businesses extant, and while many have moved a lot of their provision online, they also spend millions of dollars every year hardening their infrastructure against attack and mitigating risk, both to themselves and to their customers.
This strongly suggests that the technology to build secure storage systems for assets that are digitally accessible already exists and is already in use. Banks have been using secure chips and Hardware Security Modules ("HSM") for years now to handle encryption key lifecycles: the technology to solve the digital assets custody problem essentially already exists, as do the required business structures. Companies like Ledger realised this and begun working to provide institutional-grade HSM storage for digital assets.
The end of the road for ad hoc and consumer solutions
This brings us to a point we’ve touched on a couple of times, but not really addressed: the difference between institutional and individual tools. Systems designed for the consumer market are far less capable than those intended for institutional use, for obvious reasons of requirements and budget. What we’ve seen with digital assets is an industry outgrowing the consumer-grade products that sustained it in its infancy.
Some exchanges have attempted to solve the problem with proprietary tools, but a key player like Ledger brings something important to the table: specialization. Ledger has just one job to do, and their reputation and business depend on doing it well.
Specialization and separation: the future for security and custody in the digital assets space
For an analogy, consider the automobile industry. Carmakers buy their tyres from Pirelli or Goodyear, their onboard computers from third parties like Bosch. It makes sense to hand off complex, specialized tasks to contractors or partners, rather than try to be an electronics manufacturer and a carmaker simultaneously. In the same way, it makes sense to source storage solutions from specialists rather than attempt to solve the problem in-house, especially when the problem isn’t tractable without significant investment, effort, risk and skill. Ledger has raised a Series B round of $75 to solve this problem; that’s a lot of cash for a crypto exchange to drop.
It makes sense, too, for exchanges and crypto funds to move themselves away from self-custody as much as possible and use independent third-party custody solutions that deliver security and liquidity simultaneously, instead of the hot/cold wallet systems that oblige businesses to choose — and frequently deliver neither.
Rather than hiding assets in a vault or leaving them exposed to hacking, appropriate professional custody based on HSM delivers an equivalent to traditional banking security, based on appropriate technology for the digital asset space.
This is why Legacy is now proud to offer crypto custody solutions powered by Ledger's Vault technology. It’s qualified custody that ticks all the regulatory check-boxes and a proven track record for physical security and internal controls, powered by industry leading hardware. Moreover, we can provide near-instantaneous transactions, tiered access controls, and 24/7 access to digital assets without sacrificing security.