Adeetya Tantia considers the rising need for cryptocurrency insurance
In 2008, Satoshi Nakamoto released their Bitcoin paper proposing a system where no central authority was required to validate transactions. This blockchain-based system would use cryptographic proof instead of trust, involve a new level of anonymity and eliminate double-spending – a risk in digital currency, where the same currency is spent twice through duplicated digital information.
There had been previous attempts to build a digital currency, but no one had been able to create a system without any central authority. Satoshi put forth their reasons for such a system in a 500-word essay accompanying the launch of Bitcoin in January 2009: “The root problem with conventional currencies is all the trust that’s required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust.”
Bitcoin was essentially outside the system – and was adopted for nefarious activities, becoming the payment method of choice for ransomware. Consequently, the status of cryptocurrencies is mixed – some countries have outright bans, while in others, they are traded as options and futures. Criminal exploitation is also faced by the conventional banking system, but cryptocurrencies also need to co-operate with law enforcement for anti-money laundering and Know Your Customer activities, and for reporting suspicious transactions.
As with any new system, there are bugs ready to be exploited – and Bitcoin was no different. Attacks on the system started as soon as it gained any real value. Multiple exchanges such as MyBitcoin (2011), Bitcoinica (2012; twice), Mt. Gox (2014) and Yapian (2017) have been hacked, with most shutting down due to the scale of these hacks and the amounts of assets compromised. In 2018, an estimated US$1.7bn was lost due to cryptocurrency scams, thefts and fraud.
Even without external threats, blockchain security means that, if a private key is lost, currency in the wallet becomes inaccessible. In 2011, Bitomat lost access to its wallet database file containing 17,000 Bitcoin, which was running on a compromised Amazon Web Services virtual machine and was erased when the machine was shut down. In another example, QuadrigaCX CEO Gerald Cotton was the only person with passwords to the company’s cold storage wallet, which became inaccessible when he died in 2018 – resulting in a US$190m loss. The company is currently engaged in bankruptcy proceedings.
With more than 300,000 Bitcoin transactions taking place daily, there has been significant demand for insurance cover for Bitcoin operations. While volatility and regulatory risk have always been a concern, theft is what seems to concern most. Private keys to large wallets should be protected physically in the same way you would protect a sum of cash or gold. In addition, hot wallets – so named because they are connected to the internet – are more susceptible to security attacks. Cold storage wallets, on the other hand, are not connected to the internet and are less susceptible to security attacks.
In 2014, faulty implementation of a key generation algorithm led to hackers being able to determine the private key for a wallet by analysing its public key. Another attack variant is the 51% attack, which involves a single entity taking control of at least 51% of the nodes in the network. In this case, this majority holder can in effect act as the central authority, wreaking havoc. There are also Sybil attacks, in which an attacker ‘surrounds’ their victim with malicious nodes to the extent that the victim must connect with one of these nodes to access the network. Such an attack is worrisome, as fraudulent information can be sent to the victim without them being able to tell – but there are few technical limitations for a successful Sybil attack today.
Of course, increased threats have led to increased security measures. Digital asset trust company BitGo has instituted multi-signature procedures that may require multiple authorisations for any transfer, while Blockchain.info allows users to store private wallet keys in an encrypted format so the key may be retrieved even if the user’s computer is lost or damaged. In 2020, Lloyd’s Product Innovation Facility introduced a new type of liability insurance policy for cryptocurrency theft in collaboration with Atrium and Coincover; it has a dynamic limit that increases or decreases in line with the price changes of crypto assets. Such products will reduce concerns around protection as more of them are developed.
Adeetya Tantia is student editor
Image Credit | Simon-Scarsbrook