As Cryptocurrencies continue to gain popularity, recent breaches reinforce the need for vigilance and knowledge to protect online assets. In the case of cryptocurrencies, we are presented with a new set of challenges in how security, identity and access are managed. Due to their decentralised nature, cryptocurrencies present both an opportunity and a challenge in terms of how they may (or may not) interact with our current financial system. In terms of those who use cryptocurrencies, it is important to understand how to prevent these digital assets from disappearing into the wrong hands. Cisco has released information on how to keep your digital assets secure.
First, some basics. At the heart of any currency is trust. Throughout much of the modern economy, we have relied on intermediaries like banks, governments and insurance companies to establish trust in our economy. These ‘middlemen’ have established systems to identify people and capture data in order for transactions to take place. With blockchain (the ‘trust fabric’ of cryptocurrencies), trust is decentralised. Given that blockchain is a shared database consisting of a ledger of digital transactions – or ‘blocks’ – maintained by a group of networked computers over the Internet, each encrypted block contains the history of every block that came before it, timestamped to the second.
Mining: your business
With cryptocurrencies, the top-two risk areas are blockchain ‘mining’ (or owning a piece of a cryptocurrency), and storage. In terms of blockchain mining risks, these are limited. The inherent security of a blockchain is in the collective processing power and connectivity of individual devices or nodes connected in a network. In other words, from a mathematical perspective, more machines mining results mean more inherent security on a blockchain network, effectively making it more decentralised and therefore, more secure. Theoretically, one could have a ‘51% attack’ in which a dominant holder of blocks can force their own chain, but this is highly unlikely if a cryptocurrency is openly ‘subscribed’.
If a blockchain is set up with millions of blocks and mining devices (dedicated computers with mining software that only mines – i.e. no operating system or browser), there should be sufficient protection provided by the collective computing power and connectivity of ‘dumb’ devices with simple functionality. If, however, one puts software on a laptop or PC (which has limited processing power) there are potential vulnerabilities. For example, the mining infrastructure could be exploited – through remote code execution or a phishing email – to send a block to an attacker’s ‘payout address’.
Common housekeeping practices for software and prudent internet access apply in terms of keeping a computer and its contents protected, including:
- Installing up-to-date anti-virus software;
- Ensuring an end-point protection platform;
- Having a firewall in place to stop inbound access; and
- Application whitelisting that only allows certain programmes to run on a machine.
Watch your wallet
Through a ‘digital wallet’, a blockchain can be created around virtual money as well as the pieces of data that make up an individual’s identity. With cryptocurrency storage, there are three options, each with its own set of risks:
1) Offline – physical
The first option is when a mined cryptocurrency is taken offline by creating a piece of paper or a coin with a unique code or ‘private key’ associated with it. In this case, the risk presented is akin to carrying a briefcase of cash or a Kruger Rand, which should ideally be secured in a safety deposit box or a safe, making it difficult to steal.
A more sensible storage option is the use of a specially designed e-wallet as it provides more protection than an actual coin. With an e-wallet, a cryptocurrency can be held offline in a kind of e-vault, otherwise referred to as ‘cold storage’. An example would be Trezor, a hardware wallet for Bitcoin.
This third option for storing cryptocurrencies, unfortunately, includes some vulnerabilities. While one can have intermediaries, such as Bitstamp or Coinbase as online repositories and trading platforms, one can also download software onto a laptop or desktop to create a ‘hot wallet’, offering immediate access to store, send and receive a cryptocurrency.
While online trading or mining platforms are considered reliable unto themselves, security concerns arise in sending a cryptocurrency or using it to buy a product. In this case it is possible for a hacker to steal a user’s private key, cashing in on the individual’s address(es). Another threat to an individual’s ownership of a cryptocurrency is through a conventional phishing attack. Essentially, this involves a hacker impersonating a trading platform and convinces the recipient of an email to provide their username and password, thereby giving the perpetrator access to the individual’s cryptocurrency.
Blockchain – including cryptocurrencies – presents a powerful technology capable of driving further adoption of decentralised networks, as well as evolving transactions toward a ‘connective intelligence’. Before we get to Web 3.0, however, basic housekeeping practices must be in place to ensure the security of these networks. Just as personal hygiene is an important aspect of preventing pandemics from emerging, and simple security measures can deter some criminal behaviours, the exciting world of cryptocurrencies presents a requirement for individual responsibility to prevent a collective crash.