Op-Ed: Crypto-Security – the Good, the Bad, and the McAfee

If you’ve been following the news over the past few days then you might have noticed CCN’s coverage on reported acquisition of unauthorised hacker access to the recently released Bitfi hardware wallet, created by controversial cybersecurity veteran John McAfee (ex-McAfee Associates, Cloak Phone).

Whilst the Bitfi security saga has gained widespread media attention, largely due to Mr. McAfee’s involvement, it has also gained prominence due to the fact it is a rare-breed — a bold new competitor entering into the nigh-impenetrable hardware cryptocurrency market. At present, the market is all-but-dichotomized by offerings from Ledger and Trezor.

Perhaps more concerning, however, is how this piece of news fits as part of an ongoing a narrative of reportage and incidents which expose security vulnerabilies that previously thought-of secure storage solutions for crypto funds. An endemic issue reflected in the decision taken by Bitfi to take advantage of it in their marketing strategy.

There is a burning need for a standardization of security expectations and delivery across different areas of the industry – with a focus on preventing all risks to investors and the public with regards to funds and data sanctity.

Wallets and Exchanges are High-Value Targets

Since their inception, cryptocurrency exchanges and wallets have proven themselves repeatedly as a strong target for bad actors such as hackers and thieves.

In fact, some exchanges have been accused for internal breaches of responsibility and trust — like the Coinbase insider trading allegations.

Binance is a cryptocurrency exchange that was founded in China and relocated to Malta considering recent legislative changes comprehensively banning cryptocurrency in the PRC.

They are also listed in first place on the CoinMarketCap rankings for ‘Markets with Fees’ based on reported 24hr trade volume (in USD).

In March 2018, serious security flaws were exposed in Binance’s security architecture when a “well-organized phishing and stealing attempt” was foiled by the company at withdrawal stage: thanks to a company risk management system.

This was only, however, after

“Hackers used account information obtained through several months of phishing and strategically placed a large number of market buys on the VIA/BTC market… in an attempt to move the Bitcoin from the phished accounts to 31 accounts controlled by the hackers.”

Coincidentally, the number which the exchange offered $250,000 as a bounty for “information leading the arrests of those responsible” — identical to that advertised by Bitfi and John McAfee…

None of the Exchanges Are Lauded for Security

Results of a survey conducted just a few months ago by Encrybit (a decentralized cryptocurrency exchange) concluded that the greatest concerns facing cryptocurrency exchanges today in order are:

  1. Security,
  2. High trading fees
  3. Lack of liquidity

Another interesting result was that The most used exchanges, as voted for by over 1000 participants, in order were: Binance, Huobi.pro, and OKEx – confirming the qualitative consensus previously mentioned from CoinMarketCap.

Nevertheless, the CEO and co-founder of the company Jitendra Rajput disclosed his observations on the current state of cybersecurity in the industry, in reference to the survey results, “none of the exchanges [are] lauded for their approaches to security.”

A consensus shared by many other industry experts and pundits, including our own Jonas Borchgrevink, who wrote as early as 2014 on CCN about ‘Security Regulation Within the Crypto Currency Business’. This is in addition to governments and independent political groups and lobbyists worldwide.

Is Regulation the Future?

One cause of the ongoing saturation of scammers, hackers and other such parties, is arguably due to lack of regulation; and subsequent pen, standards and controls to deter potential and repeat bad-actors.

There are countries which have taken it upon themselves to carry the torch of progress in this regard.

Japan has already created a regulatory task-force whose primary field of interest is cryptocurrency. In the USA , the Securities and Exchange Commission (SEC) made crypto-press headlines numerous times throughout the past year.

China has taken a much more hardline stance on the issue on the issue in comparison, catalysing mass stratgic relocations of key Chinese blockchain organisations to countries with more lenient or pro-crypto stances: such as Malta, Japan, and Vanuatu.

Sensationalist feature-based tabloid Vice even went as far as to preach the fear-mongering theory that “China plans to kill most of the world’s bitcoin mining operations”!

Final Thoughts

Until inter-country agreements and standardised definitions of cryptocurrency are agreed upon on at least a regional level (with the ideal being the negotiation of international protocol), we are unlikely to see a more comprehensive and investor-beneficial framework of regulatory guidelines and legislation.

In the meantime, it appears that many organisations are going to follow the Chinese entrepreneurs by taking advantage of ‘crypto havens’ and nation states (Taiwan, Singapore, Hong Kong) which possess autonomous jurisdiction.

Comments

comments