The greatest weakness in any system is invariably human error or malpractice. The vulnerabilities associated with the human risks surrounding digital assets are well publicised. One unfortunate example is the December 2018 death of Gerald Cotten, CEO of crypto exchange Quadrigacx, which revealed the loss of $145m worth of digital assets. Unfortunately, this was not an isolated incident, indeed it is purported that fraud and theft accounted for more than $1.2 billion in digital asset losses in Q1 2019 alone. Had Quadrigacx implemented robust protocols and security standards that mitigated the human risk associated with a single member of the organisation controlling access to the offline cold wallets, this could have been avoided.
State of Play
Digital assets are attractive targets for theft as hackers only have to gain access to private key details and then digitally transfer the assets to their own anonymous accounts. By their very nature, digital asset exchanges typically hold significant amounts of such assets, making them all the more lucrative targets. What’s more, in many recent high-profile exchange heists, digital asset holders have been reimbursed directly by the exchange to preserve face and to quell client discontent. This should not content investors however, these exchanges are making reactionary decisions, and from a crisis management and risk mitigation perspective, may be operating at a sub-standard level, particularly when examined from the stringent criteria required by institutional investors.
Whilst cybersecurity is crucial to investor assurance, most points of risk are vulnerable to human error or abuse. One example would be a single individual having access to a significant number of keys. Reports of kidnappers and armed robbers forcing entry into the homes of traders and high net worth investors to force the surrender of digital asset keys have provoked a heightened trepidation of adversarial threats amongst the digital asset investor community.
When holding digital assets via a custodian in ‘cold’ or ‘offline’ storage, adversarial cyber risks are invalidated. Advanced Hardware Security Modules (HSMs) used to hold the keys offline incorporate a series of security fail-safes against the theft of private key data, thus mitigating the risk of technological compromise. In order to ensure the most iron-clad levels of protection, we must turn our attention to the next layer of potential security compromise and establish robust human risk mitigation.
Human Threat Scenarios
Whether it be clandestine actors, employee collusion or blackmail scenarios, humans are vulnerable to compromise. All of Digivault’s staff are vetted and Open Source Intelligence (OSINT) checks carried out to ensure the business is able to manage any associated risk accordingly. Malca-Amit’s sites have strict entry procedures and its security vaults are secured behind multiple layers of physical access points. Private keys are dis-aggregated by Digivault across four physical locations to mitigate risks of collusion. Moreover, even if a stakeholder were to involve themselves in a conspiracy against the interests of the investor, their actions would be futile.
Digivault’s Kelvin – A Gold Grade Maximum- Security Vaulting Solution
Digivault has taken measures to safeguard against human threat scenarios with a stringent and bespoke, ground-up, risk assessment based, technical solution. Digivault has ensured that the processes that wrap around the hardware and software mitigate human interaction risk to ensure that the risk of this situation arising is highly unlikely. No single individual within either Digivault, or the parent company, Diginex, has access to, or the ability to request access to, client private keys. This mitigates the possibility of private keys being lost and prevents any staff member acting alone, or in collusion with any other stakeholder, to transfer client assets in the event of an attempted theft or if a member of the organisation being forced to make a transfer under duress.
Applying a Gold Standard of Vaulting for Digital Assets
Kelvin is a security solution under which digital asset keys are held in an ‘air-gapped’ or ‘entirely offline’ solution stored inside iron-clad vaults. This is the exact procedure that is proven in the best-in-class storage of gold and precious gems. Kelvin converts Digital Assets into physical objects which Digivault then store with Malca-Amit, the definitive global leader in valuable asset storage. Malca-Amit’s vaults’, security and safety systems have been designed from the ground up incorporating a unique tailored mix of physical surveillance, cutting-edge technology, 24/7 monitored CCTV together with alarm, climate, and fire control systems. Security at each Malca-Amit vault is paramount and is overseen by their best in class team of special operations experts.