As luck would have it, while we were trying to come up with examples to highlight the importance of having an industrial-strength custody solution, our case ended up being buttressed by the news of the unfortunate Binance hack this morning. The biggest crypto exchange in terms of trade volume, at almost $800 million daily, and widely considered reliable and trustworthy hitherto, saw hackers steal $40 million worth Bitcoins from its hot wallets. There is no better example to illustrate why crypto custody is so paramount to both individuals and institutions dealing with cryptocurrencies.
“Keep calm and control your keys” – now that should be on T-shirts and decals!
Fun fact: for a fleeting period of time, Binance was considering the possibility of a Bitcoin block re-org to recover the $40 million that was lost. DAO deja vu. All over again! Crypto twitter, expectedly has something to say about this, expectedly.
Multiple conspiracy theories exist, some of them being
– It is an inside job – plausible, and some smaller exchanges have been suspected of having pulled this off, including most recently QuadrigaCX, but we are talking about THE Binance here. Binance and CZ have far too much to lose, and too much sense to pull off any such stunt. Why rob the bank when you own it?
– It is a way to make Binance’s own soon-to-be-launched DEX more valuable – as we have shouted out from the rooftops repeatedly, DEXs are far more secure, and take advantage of the inherent programmability of blockchain protocols. Binance is soon launching its own DEX, and the theory goes that this could be a (clearly misguided) attempt to drive more traffic to the DEX. Sounds far-fetched, to be honest. It is a bit like claiming the Wright Brothers would have set their stables on fire in 1893, a good ten years prior to actually launching the first successful flight in 1903.
As is customary, it is easier to view these things through the lens of Mr Hanlon – “Never attribute to malice that which can be attributed to stupidity”. It seems like the act was one where someone made a mistake and sent a large number of BTC to the wrong address, rendering it unspendable and unretrievable!
Private key management is a complicated, esoteric task and not many users have the technical nous to manage the keys by themselves. Private keys require extreme care and consideration with regards to storage and security. A failure to maintain the utmost of care may result in loss or theft of cryptocurrency. Anyone who has been around the cryptocurrency space for some time has probably heard about cryptocurrency theft. Some unfortunate few have even experienced this first-hand. The importance of prudent private key management is further exacerbated by the fact that blockchain transactions are by default irreversible. Once your funds get hacked, it is almost next to impossible to retrieve these lost funds. Crypto custody firms use a combination of cold storage and Hardware Security Module (HSM) solutions to minimize the threat of external hacks.
The rise of custodial solutions can be traced back to the Great Depression in the 1920s as investors and regulators understood the risks of self-custody, which was the only form of custody up until that point. As investment management as a service started growing bigger in size and stature, regulators made third-party custody mandatory for all money managers. Although custody companies do not have the legal ownership, they are tasked with safekeeping and transactional responsibilities of the assets under their custody. According to the SEC regulations, any asset manager with more than $150 million under management are required to secure their assets with a qualified custodian. The four largest custody firms (SSG, BNY, JPM, and Citigroup) oversee assets roughly worth about $114 trillion.
While cryptocurrencies are not yet considered to be securities under SEC regulation, and henceforth not subject to the same qualified custodian requirements that other securities are subject to, crypto institutions and asset managers are taking a safer route by letting qualified custodians do the complicated tasks pertaining to wallet management. In fact, lack of reliable custodial solutions has been cited as one of the key reasons why institutional investors are still wary of investing in cryptocurrencies.
Centralized exchanges are a natural fit for the custodian role as they already manage the funds of their users. Therefore it is no surprise that centralized exchanges offer custody as an ancillary service for institutions. However, centralized exchanges, at least in their current avatar, have a fatal flaw – they are essentially honeypots under constant attack from a variety of motivated, unscrupulous, hackers from around the globe, 24×7; the increasing number of exchange hacks highlights the structural deficiencies in the way crypto exchanges manage private keys for their users. A massive architectural overhaul is needed to guarantee the safety of user funds. This is also the reason why multiple players – ranging from startups to traditional Wall Street institutions (JP Morgan, BNY) to crypto-native entities (such as Coinbase), are all trying to solve the problem of safe, reliable, custody.
For the moment, we recommend that you stick to your friendly, neighborhood DEX for all your crypto trading needs, wherever you are. We hear Fordex, for one, is not bad…
“Ant Financial Invests in a Privacy-focused Crypto Startup”
Ant Financial, the financial affiliate of Chinese e-commerce giant Alibaba, has participated in a $10 million Series A round for QEDIT, an Israeli blockchain privacy solutions firm that develops zero-knowledge proof (ZKP) technology. The Series A was reportedly led by MizMaa Ventures, and its closing was announced alongside partnerships with Ant Financial, major software firm VMWare and RGAX, a subsidiary of Reinsurance Group of America. Both latter firms also participated in the financing round, alongside Meron Capital, venture capital firm Jovono, Collider Ventures and Target Global.
“Hackers Steal $40 Million Worth Bitcoin From Binance”
ackers have stolen over $40 million worth of bitcoin from Binance, one of the world’s largest cryptocurrency exchanges, the company said on Tuesday. Binance said the hackers ran off with over 7,000 bitcoin and used a variety of attack methods to carry out the “large scale security breach” which occurred on Tuesday. They also managed to get some user information such as two-factor authentication codes, which are required to log in to a Binance account.
“OneCoin Sued Over a Multi-billion Dollar Fraud”
The company that allegedly ran a multibillion-dollar international pyramid scheme based on the cryptocurrency OneCoin was sued by an investor who’s seeking to represent others who claim they were defrauded. Christine Grablis says in the complaint that she lost about $130,000 that she invested in OneCoin. In addition to asking her suit be certified as a class action, Grablis is also seeking unspecified damages. Konstantin Ignatov was charged in New York in March with conspiracy to commit wire fraud in connection with the scheme. Ignatov’s sister Ruja, the founder and original leader of OneCoin, was charged with wire fraud, securities fraud and money laundering.
“Bitmain Paring Down its Mining Capacity”
Bitmain’s internal bitcoin mining operations are generating 88 percent less computing power than a month ago, suggesting that the industry giant has cut back on capacity. According to the hashing power disclosure that the company releases each month, as of May 7, the hash rate of all Bitmain-owned hardware running the SHA265 algorithm – which the bitcoin and bitcoin cash networks are based on – had dropped to just 237.29 quadrillion hashes per second (PH/s). Just a month ago, it was at 2,072 PH/s. Bitmain, based in Beijing, manufactures mining equipment that it sells to others and also mines coins for itself. The firm started disclosing the hashrate of the machines it owns on a monthly basis in July of last year.