The crypto threat landscape is littered with hacks, scams, lost keys, and hardware devices. Crypto investors and businesses have lost billions in digital assets, while crypto platforms have suffered enormous financial losses and severe reputational damage. As the market has matured, we've learnt that many losses could have been prevented by implementing stricter security protocols and using protective tools. All of us that exist in crypto ecosystem are responsible for making the landscape as safe and secure as possible.
TradFi vs Crypto
We can learn a few lessons from traditional finance (TradFi). The elder brother of crypto has developed many tools to reduce the risk of fraud and loss through human error. For example, password resets and fraud alerts if your card is used at an unusual location.
Regulatory protection supports these measures - if financial services such as banks and credit card providers don't have security measures, regulators can issue significant fines. There are also schemes in place to reimburse financial losses. For example, the Financial Services Compensation Scheme in the UK covers consumers up to £85,000 if an authorised banking provider fails. Alternatively, the European Banking Authority also provide a Deposit Guarantee Scheme protecting consumers’ deposits up to €100,000.
Consumers and businesses alike are used to having protection for their money and investments, so the expectation is that their digital assets should be similarly safeguarded. Unfortunately, criminals are always looking for their next scam. There are many opportunities for deception in the crypto world, where the financial system is decentralised with no governing body.
In a decentralised system, security is the service provider's responsibility - and there is also an expectation on customers to protect their own assets. However, governments and regulators have a growing focus on the crypto ecosystem, and structured regulation isn't faraway. So, getting your house in order before we're forced to implement it is a sensible approach.
Prevention is better than cure
It's an adage but putting controls in place to prevent hacks and limiting the opportunity for human error is infinitely better than buying expensive insurance policies' just in case'.
The number of hacks on crypto networks has snowballed over the past few years. In 2022, $2.2 billion was lost to criminals exploiting weaknesses in blockchain security. If transactions had been monitored effectively by a third party like Coincover, the industry could have avoided some losses.
Monitoring transactions in real-time to detect out-of-the-ordinary and suspicious activity, like sending funds to an illicit wallet, reduces the risk of unauthorised access to funds and protects them from theft. In addition, Coincover's alerts warn service providers to suspicious transactions and create an audit trail for forensic investigations.
Smart contracts are essential to the blockchain, as they remove the need for an intermediary to verify or execute transactions. However, six out of the ten biggest hacks of 2022 were caused by hackers exploiting vulnerabilities in smart contracts.
Smart contract code needs to be continually audited by reputable, third-party sources or software. An audit typically involves analysing the contract's code to find bugs, security issues and coding errors and suggesting ways to resolve them.
Backing up critical information
How often have you forgotten your password to a site you don't use much or misplaced a USB stick only to find it gathering dust in a drawer months later? Using a third-party to back up critical data, such as private keys and seed phrases, can prevent those heart-in-mouth moments when you think you've lost access to your crypto. It also lets investors know that their digital assets are safeguarded.
We see daily reports of attacks and exploits in crypto, alerting us to the dangers and highlighting the need for response plans to protect service providers and their customers.
Having a robust incident plan and testing schedule in place means that when a security exploit happens, a quick response can minimise the impact on lost funds and reputational damage.
There's no one size fits all solution to crypto protection. However, taking a security-first approach which includes monitoring, auditing, data backup and response planning, will eliminate security risks and reassure customers and investors that their assets are safe and secure.
Read more about how to keep hackers and human error at bay in our guide - Keeping crypto safe.