{"id":144912,"date":"2020-12-31T18:47:00","date_gmt":"2020-12-31T15:47:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/a-crypto-new-years-resolution-modernize-security-infrastructure\/"},"modified":"2020-12-31T18:47:00","modified_gmt":"2020-12-31T15:47:00","slug":"a-crypto-new-years-resolution-modernize-security-infrastructure","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/a-crypto-new-years-resolution-modernize-security-infrastructure\/","title":{"rendered":"# A crypto New Year\u2019s resolution: Modernize security infrastructure"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a24bfff93b16\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a24bfff93b16\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/a-crypto-new-years-resolution-modernize-security-infrastructure\/#KuCoin_hack_275_million_in_customer_funds_stolen\" >KuCoin hack: $275 million in customer funds stolen<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/a-crypto-new-years-resolution-modernize-security-infrastructure\/#OKEx_withdrawal_freezing\" >OKEx withdrawal freezing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/a-crypto-new-years-resolution-modernize-security-infrastructure\/#Nexus_Mutual_breach_8_million_stolen\" >Nexus Mutual breach: $8 million stolen<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/a-crypto-new-years-resolution-modernize-security-infrastructure\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># A crypto New Year\u2019s resolution: Modernize security infrastructure <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjAtMTIvNjZmYzg0MmUtM2E0YS00OWI0LThjYmItZmIyZjg2MTVjOTQ2LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a>It\u2019s safe to say that 2020 has been a banner year for the digital-asset space. Bitcoin (BTC) soared past its previous high, and many other prominent cryptocurrencies reached their highest levels since the heyday of 2017 and early 2018. Across the financial services industry, institutional voices are expressing reinvigorated interest in digital assets. The growth and maturation of this space has been impossible to ignore, engendering plenty of optimism among those who build the platforms and systems on which it runs.<\/p>\n<p>Unfortunately, not all the headlines from the past year have been positive. Several well-known crypto exchanges and other organizations were hacked, which led to significant losses. Events like these are not only damaging to a firm\u2019s reputation and potentially devastating for investors, they also erode hard-won trust in the digital-asset space among institutional investors and the public.<\/p>\n<p>Many of these hacks could have been avoided if the companies in question had taken proactive steps to modernize their <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> infrastructure. As we close this whirlwind year for digital assets, one of the industry\u2019s top resolutions for 2021 should be to reexamine its <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roach to infrastructure and make changes to ensure that investors of all s<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/trip-and-travel\/\" data-internallinksmanager029f6b8e52c=\"10\" title=\"Trip &amp; Travel\" target=\"_blank\" rel=\"noopener\">trip<\/a>es can trade and transact with security, efficiency and peace of mind.<\/p>\n<p>Let\u2019s review three of the most consequential hacking events of 2020 and examine how a more intelligent approach to infrastructure could have led to a different outcome.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"KuCoin_hack_275_million_in_customer_funds_stolen\"><\/span>KuCoin hack: $275 million in customer funds stolen<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>On Sept. 25, crypto exchange KuCoin was on the receiving end of a major hack that affected its Bitcoin, Ether (ETH) and ERC-20 hot wallets. While initial analysis suggested the hackers stole around $150 million, estimates began to increase in the ensuing days, ultimately making it one of the largest hacking events in the history of digital assets.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>KuCoin hack unpacked: More crypto possibly stolen than first feared<\/em><\/strong><\/p>\n<p>As it turns out, the hack was the result of private keys being stolen. While still prevalent in the digital-asset space, private keys mean there will always be a single point of failure through which bad actors can claim unfettered access to hot wallets. Put simply, they are a business risk.<\/p>\n<p>A better approach would have been to leverage multiparty computation protocols, which eliminate the need for private keys and sign every transaction in a secure, distributed way, coupled with an enforced governance-and-control mechanism.<\/p>\n<p>In the KuCoin case, even if the exchange was successfully breached, the hacker would not be able to execute any transaction not authorized by the institution\u2019s infrastructure-provided policy engine.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"OKEx_withdrawal_freezing\"><\/span>OKEx withdrawal freezing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>For five weeks in October and November, investors were unable to make withdrawals from cryptocurrency exchange OKEx. In a letter to customers, OKEx <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.okex.com\/support\/hc\/en-us\/articles\/360051090391-Suspension-of-Digital-assets-Cryptocurrencies-Withdrawals\">revealed<\/a> that one of its private-key holders was cooperating with a police investigation, which kept them out of touch with the company and prevented its multisignature authorization process from being fulfilled.<\/p>\n<p>For a platform that users leverage to carry out important investment decisions, the idea that a single person becoming compromised could result in a critical functionality being disabled for over a month is clearly untenable.<\/p>\n<p>There is a lesson here: When firms use blockchain features designed for security to implement a policy, the result is overwhelming inflexibility. This is one of the paradoxes of the digital-asset space \u2014 blockchain transactions are secure and irreversible, but without the right approach, that same rigidity can spell disaster if things go awry.<\/p>\n<p>To prevent this, firms must ensure their infrastructure includes a policy engine that, while not compromising on security, enables a more flexible policy control for multiple approvers, including the separation of signing on and approval of transactions. With this kind of solution in place, OKEx\u2019s ability to fully operate would not have hinged on the availability of any key person.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Nexus_Mutual_breach_8_million_stolen\"><\/span>Nexus Mutual breach: $8 million stolen<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>These hacking events were not limited to exchanges, as evidenced by the December breach of Nexus Mutual, a decentralized finance platform that serves as an alternative to insurance. The hacker managed to access the personal device of CEO Hugh Karp and install a compromised version of MetaMask, which led to Karp inadvertently signing a transaction that sent 370,000 NXM, worth $8.2 million, to an attacker-controlled address.<\/p>\n<p>The issue here has to do with locally run wallets. These local wallets are unable to provide an out-of-band policy engine, so there is no way to verify that a contract and counterparty address are whitelisted, that the amount and issuer comply with company policy, or that there are additional approvers for certain transaction parameters.<\/p>\n<p>Enlisting a third party with a more flexible, secure approach to infrastructure is the way to address these risks. This is especially important to reduce counterparty address manipulation, which is a risk in many scenarios. Even in the unlikely event that a provider like this is breached, there are safeguards in place to verify counterparty addresses, giving firms multiple lines of defense.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>While digital assets have gained a remarkable amount of momentum in the past several months, many organizations still need to improve their security infrastructure before true adoption of digital assets can start.<\/p>\n<p>This is not meant to chastise these firms, which continue to do important work to serve the industry, but to identify where their focus should be to achieve future growth and bring digital assets to the mainstream.<\/p>\n<p>For all these issues \u2014 private-key security, authorization structure, local wallets and more \u2014 there are approaches that can lead to more efficient, stress-free transacting and fewer headlines that set off alarm bells for the traditional investors we all want to reach.<\/p>\n<p class=\"post-content__disclaimer\"><em>The views, thoughts and opinions expressed here are the author\u2019s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.<\/em><\/p>\n<div>\n<div style=\"background: rgb(239, 239, 239); border: 1px solid rgb(204, 204, 204); padding: 10px;\"><strong>Itay Malinger<\/strong> is co-founder and CEO of Curv, a digital-asset security infrastructure firm. He draws on more than 15 years of cybersecurity experience in both the public and private sectors. Formerly, Itay was the director of enterprise security products at Akamai Technologies.<\/div>\n<\/div>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/a-crypto-new-year-s-resolution-modernize-security-infrastructure\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# A crypto New Year\u2019s resolution: Modernize security infrastructure &#8221; It\u2019s safe to say that 2020 has been a banner year for the digital-asset space. Bitcoin (BTC) soared past its previous high, and many other prominent cryptocurrencies reached their highest levels since the heyday of 2017 and early 2018. Across the financial services industry, institutional&#8230;<\/p>\n","protected":false},"author":1,"featured_media":144913,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2020-12\/66fc842e-3a4a-49b4-8cbb-fb2f8615c946.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74863,74860,74868,74882,83485,117,72287,4965],"class_list":["post-144912","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-cryptocurrencies","tag-cryptocurrency-exchange","tag-defi","tag-hacks","tag-new-years-special","tag-business","tag-security","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/144912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=144912"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/144912\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/144913"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=144912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=144912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=144912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}