How secure are digital assets?

What are the security risks for digital assets?

Any holder of digital assets should take steps to protect them, and there are a range of options with varying levels of security. Owners of crypto assets also need to be as vigilant of scams and hacks that target them personally as they would be with traditional money.

The best methods of protection depend on how a user stores assets and with which institutions, as security and reliability differ significantly in this burgeoning field. Over the past 10 years, there have been 126 major breaches, totaling $ 3.1 billion, from crypto “wallets” (see below) and exchanges, according to data compiled by Crypto Head, a site of industrial intelligence. The average breach cost around $ 25 million. Bitcoin, the most popular cryptocurrency, remains the most targeted digital asset.

Where should I keep my digital assets?

Holders of digital assets need their unique “private key,” a long password that serves the same purpose as a bank card PIN to unlock access to their crypto. It is essential not to lose or forget this private key. Decentralized digital assets are not guaranteed by banks and will not have a password reset hotline, which means that digital keys are almost impossible to recover once lost. According to Chainalysis, a blockchain data provider, more than $ 100 billion worth of bitcoin may have been lost in this way.

Keys – and therefore crypto – can be kept in online or mobile wallets, called hot wallets. This facilitates quick access to funds, for example for traders who want to quickly connect to exchanges, brokers or other services. This is because many cryptocurrency exchanges offer online digital wallet services that seamlessly connect to their trading systems.

It is, however, the least secure method of holding crypto, leaving digital assets more vulnerable to hackers. In 2014, Mt.Gox, then the world’s largest cryptocurrency exchange, filed for bankruptcy after losing more than $ 450 million, mostly in bitcoin, when hackers allegedly stole its hot wallet private keys.

Today, some major exchanges, such as Coinbase, have added investor protection in the form of crypto insurance. If an individual’s password is compromised, they will lose their funds forever. But if, for example, the business itself is hacked or breached, the insurance will cover the losses for the user.

Are there more secure options?

Yes. The most popular alternative is something called cold storage, a device that is not connected to the internet. Hackers would typically need access to this device, along with any associated passwords or codes, to steal crypto assets.

Cold storage options for controlling digital assets that don’t involve middlemen include physical USB drives, specific offline computers, or sophisticated hardware wallets – small USB-like devices designed to be impenetrable by hackers and that can cost several hundred dollars.

Cryptocurrency exchanges, especially the larger ones, are increasingly offering cold storage options. Other specialist third-party services go even further to protect customers’ crypto assets, for example by holding private keys in vaults with human guards.

In southern England, Volt, which was bought out last year by cryptocurrency trading firm Genesis, has an underground bunker patrolled by former military personnel, according to Forbes. The servers are configured to delete digital assets stored there if intruders trigger hidden triggers (Vo1t has backup servers in other countries). Other services offering military-grade protection, such as Prosegur Crypto, use biometrics, including facial recognition and fingerprints, so customers can access their digital assets.

Are there other risks?

In addition to attacks on exchanges and digital asset custodians, hackers have been able to exploit the nascent code of new crypto initiatives in the growing field of decentralized finance (DeFi). About $ 1.1 billion in attacks have taken place in this area over the past 10 years, according to Crypto Head.

One of those digital heists this year targeted Poly Network, a decentralized trading network that developed a computer protocol that allows users to transfer tokens tied to a blockchain to a different network. Hackers have stolen around $ 600 million worth of cryptocurrency, one of the biggest thefts of its kind, due to a flaw in the protocol itself.

Finally, crypto frauds remain the biggest form of crime through which holders of digital assets lose funds. Losses amount to nearly $ 15 billion over the past decade, according to Crypto Head, averaging $ 364 million per fraud. The biggest crypto fraud to date was the $ 4 billion OneCoin Ponzi scheme, which billed itself as a new cryptocurrency. Ruja Ignatova, its Bulgarian founder, has been on the run from law enforcement since 2017, although she was indicted in absentia in 2019 for securities fraud. Last year, the PlusToken Ponzi scheme defrauded millions of investors totaling around $ 2 billion, according to Chainalysis.

Becoming a victim of a fraudulent scheme is always possible where the crooks are very convincing and sophisticated. But investors are advised to always do their due diligence and explore the “white paper” and other documents on any digital asset initiative.

Weekly bulletin

For the latest fintech news and opinions from FT’s correspondent network around the world, sign up for our weekly newsletter #fintechFT

Register here in one click