Today in our December round-up of the world of cryptosecurity with conflicting views of the significance of cryptocurrencies to the traditional financial markets.
Cool Heads and Hot Wallets
This month saw the Financial Stability Board still insisting that the $133 billion stable coin market only constitutes a niche segment of the global financial market. Stable coins are cryptocurrencies that attempt to peg their price on a 1:1 ratio, to a fiat currency such as the US dollar. The Financial Stability Board is a consortium advisory body that acts on behalf of the G20, providing recommendations regarding the financial system. Its view of this “niche” market segment suggests crypto still has a way to go before it becomes truly mainstream, but there are definite signs that the tide is turning.
If proof were needed, regulators in both the UK and USA have just published guidance on cryptocurrencies for banks and financial institutions. The Sunday Times reported that the Bank of England is looking to tighten regulation on cryptocurrency investment for institutions over 2022. The report found that currently cryptocurrency holdings by banks and other institutions do not pose a great threat to traditional markets, but that their current pace of growth may do so in the future. This regulation will be likely good news for the industry as it will help provide the trust to banks that they are operating within the confines of the Financial Conduct Authority (FCA) when offering trading and custodial solutions.
Across the Atlantic, the US Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) released a joint statement detailing how they will be clarifying the rules and regulations on how to safely use and offer cryptocurrency services to banks and other traditional financial institutions over the next year. The rules will be designed to give clarity to banks and institutions of what is within the law, what should be regulated activity and what is strictly off limits.
Set against the backdrop of increasing regulation, the cyberattacks continue. BitMart became the latest in a long line of exchanges that have been compromised. A successful attack and resulting hot wallet (private key) compromise resulted in $196 million being lost from the platform. This kind of attack, where an attacker was able to exfiltrate the private key and use it to send the funds to another wallet is a very common example of exchange compromise.Check out my first cryptocurrency post for more on how to deal with this kind of threat,:
In a further successful attack, BadgerDAO (a decentralised payment platform) provided details of how it was compromised, losing $120m. The route to compromise started with compromising the management portal of Cloudflare, BadgerDAOs content delivery network. Once Cloudflare was compromised, the attackers were then able to inject a malicious script into the UI of the Badger web app itself. This replaced the genuine wallet destination address with that of the attackers. The final stage of the attack consisted of prompting the users to allow the foreign address approval. BadgerDAO’s transparency on how the attack was orchestrated and eventually mitigated is something that is not often seen in the world of cybersecurity, and is hopefully a model that more organisations can move to, as everybody can benefit from the lessons learned.
The key takeaway from all this: the wider societal implications of institutional investment in cryptocurrencies warrant far more deliberate cybersecurity approaches. Without that, there is real risk to existing financial systems.