Cryptocurrency popularity has skyrocketed in the last few years, recovering from a drastic drop in the market in mid-2021, to recovering and leading to a Bitcoin all-time high in November of the same year. But as more and more people invest in digital currencies, they must be aware of the risks associated.
Danny Lopez is the CEO of Glasswall, a cybersecurity company that offers protection against file-based threats. With reactive detection-based security solutions becoming quickly out smarted by hackers, companies must look at new ways to defend their assets: this is extremely prevalent in the growing crypto sphere. With over 20 years of experience in the financial sector, and six in fintech, Lopez has seen the evolution of payments in the UK and how companies have responded to new threats from fraudsters.
As cryptocurrencies continue to grow in popularity, Lopez spoke to The Fintech Times to explain the security risks of investing in digital currencies and how to secure them so consumers can invest and trade with confidence:
Cryptocurrencies are one of the defining digital trends of the last decade. Used to buy and sell an increasingly broad range of products and services, they have also become one of the most talked-about and controversial investment ecosystems in living memory.
While Bitcoin, Ethereum and Tether are the largest and most popular examples, estimates vary as to how many cryptocurrencies are now available – many put it in the thousands. For investors and analysts alike, they have become synonymous with high-risk volatile performance and a potential route to huge returns.
In November last year, for instance, the world’s cryptocurrencies were worth in excess of £3trillion. By February, that market cap had dropped by over 40 per cent as uncertainty saw investors switching to safer bets. Yet, the longer-term performance trend has seen the value of Bitcoin alone skyrocket from a price of under $70 in 2014 to its most recent peak of nearly $50,000.
In common with any digital asset, cryptocurrencies have their own security implications and vulnerabilities. As a result, organisations should understand their potential exposure to crypto risks. Of increasing concern are issues such as cryptocurrency theft, their use as the de facto banking system for organised crime and the lack of widely accepted security standards and regulatory frameworks, among others. There are some important issues to be aware of:
- Crypto heists
Crypto theft is fast becoming an expensive problem. By adapting familiar techniques such as cyber attacks, phishing and malware, criminals and nation-state adversaries are creating huge risks for organisations and individuals alike.
AP News, for example, recently reported that North Korean hackers are suspected to have stolen $400million in crypto during 2021 via “seven intrusions into cryptocurrency exchanges and investment firms.” Meanwhile, February 2022 also saw the largest government seizure of Bitcoin when US authorities recovered $3.6billion in Bitcoin that was stolen back in 2016 in what has been described as the “heist of the century.”
- Crypto and ransomware
Crypto has also become the preferred payment method for criminal extortion, not least because of its built-in anonymity and the difficulties associated with tracing payments. Most ransomware attacks, for example, demand payment in cryptocurrencies, with one recent study putting the total for 2021 at over $600million – a figure the authors described as “an underestimate, and that the true total for 2021 is likely to be much higher.”
One of the most illustrative case studies is the ransomware attack carried out on Colonial Pipeline in 2021. This incident caused particular concern at the time because it compromised critical infrastructure and resulted in the company paying out $4.4million in Bitcoin to their attackers. Subsequently, the US Department of Justice announced it had recovered around $2.3million of the original amount.
While cryptocurrencies such as Bitcoin and Ethereum can be earned by mining, the technology infrastructure and electricity required to generate a meaningful return are fast becoming prohibitively expensive.
As a result, cybercriminals have resorted to ‘cryptojacking’ – a process that involves secretly using someone else’s computing power for mining. While the risks associated with it are less apparent than other forms of crypto crime, it can prove costly for the victim who must foot the energy bill and who can also see a degradation in the performance of their IT systems.
- Lack of standards
While security standards, regulations and enforcement processes for ‘traditional’ methods of payment are well established, equivalent frameworks for cryptocurrencies are still a work in progress.
Considered a ‘go to’ standard for securely managing crypto is the open source Cryptocurrency Security Standard (CCSS), which is focused on ensuring organisations have protections in place for the proper storage and handling of cryptocurrency wallets. Its multi-layered requirements are designed to make them more resilient against compromise – a vital consideration considering how difficult it is to recover funds that have been stolen.
However, the differing approaches seen from one country to another contribute to an ongoing debate about who should be responsible for regulation and how it should be implemented. This represents an important hurdle for the long-term, ubiquitous adoption of secure digital currencies. As Deloitte puts it, “As cryptos are expected to shift into the mainstream, one of the biggest challenges is confidence.”
Today, cryptocurrencies present a growing variety of risks with the potential to impact organisations and test the effectiveness of their security processes and technologies. And while awareness is a key component of a rounded strategy, security leaders should also look closely at their investment priorities to ensure that they are able to proactively address their areas of vulnerability.