Traditional crypto custodians increase security to meet institutional demand

Institutional investors are paying close attention to digital assets as Bitcoin (BTC) continues to rise to record levels, reaching the $ 24,000 valuation for the first time in its history.

Recent findings from a Bank of America-Merrill Lynch survey conducted Dec. 4 to 10 show that about 15% of fund managers with $ 534 billion under management believe Bitcoin is the third most crowded trade behind being long on technology shares and shortening the US Dollar. In addition, a recent loyalty survey found that out of nearly 36% of respondents, or 774 institutional investors, owned crypto assets.

And yet as Bitcoin continues to capture the attention of professional investors worldwide, security measures, along with insurance guarantees, are becoming more important than ever before. This has especially been the case with more traditional custodians and banks adding support for digital assets.

Offline security is essential for protecting digital assets

A report released this year by Big Four company KPMG shows that the key key steps for crypto-asset custodians seeking to build a sustainable business model are enabling next-generation security and resilience. The KPMG report notes that this includes the incorporation of leading cryptographic techniques, including multi-sig computation, multi-party sharpening and computing, and bespoke physical hardware. That is, online and offline security measures are needed for the protection of digital assets.

Lior Lamesh, CEO and co-founder of GK8 – Israel’s blockchain cyber security company – told Cointelegraph that when it comes to traditional organizations with large sums of money and a good reputation to manage, offline security procedures, in particular, are essential for the protection of digital assets:

“Because blockchain is a portable ledger, organizations must do everything possible to avoid hacks. When it comes to hot wallets, it’s easy to understand why these are vulnerable – they’re always connected to the internet. However, this is not safe enough for traditional banks and custodians. ”

For example, Lamesh said the team of former Israeli military cyber security personnel behind GK8 has developed a completely offline solution for traditional custodians and banks seeking to protect digital assets. It features a cool “taped vault” vault which provides the ability to create transactions on a blockchain network while operating completely offline.

Implementing offline blockchain transactions eliminates all possible attacks on users’ private keys, providing full protection against cyber threats, according to Lamesh. While he couldn’t reveal all the details, Lamesh shared that this solution is possible due to patented cryptography that enables the vault to create, sign and send blockchain transactions in a single address connection, without receiving any digital input that may contain malicious code . In addition, GK8’s cold vault is backed by $ 500 million insurance.

Offline storage is believed by traditional players to be essential

One company that leverages an offline custody solution is Prosegur, a Spanish security company that serves as the custodian of physical security for traditional banks and manages over 360 billion euros a year.

Last year, the company was attacked by Ryuk’s ransomware, a Trojan virus that encrypts files on a compromised device, typically requiring payments in Bitcoin to decrypt it. This particular attack is of concern for a number of reasons, but security has become even more of a priority for Prosegur ever since the company launched “Crypto Prosecution,” a service for digital asset preservation and management.

Raimundo Castilla, CEO of Prosegur Crypto, told Cointelegraph that Prosegur’s new service addresses growing market demand for digital asset protection, especially as more organizations become part of crypto.

According to Castilla, the company explored a number of various security offerings, including cloud solutions and hardware security module cryptography. However, he noted that the offline solution is different in that it leaves no risk for possible external attacks because it is completely offline. “This is definitely the safest solution we’ve come across and that’s exactly what we looked for as security experts,” he said.

Yet companies like Prosegur are not the only ones choosing offline security solutions. OSL, one of Asia’s leading digital asset platforms and a member of BC Technology Group, also uses military-grade offline security protocols to protect digital assets for hundreds of institutional clients and professional investors.

Wayne Trench, CEO of OSL, told Cointelegraph: “These include military-grade online and offline security protocols, strict Anti-Money Laundering and Know Your Customer requirements, market surveillance and client asset separation. “

Trench further shared that OSL has a number of rigorous procedures in place, along with full insurance cover for hot and cold wallet offenses. Security measures are mandatory for OSL, which recently became one of the first public companies licensed by the Hong Kong Securities and Futures Commission to operate regulated brokerage and automated trading services for digital assets.

Is offline protection adequate?

While offline security procedures are necessary for protecting billions of dollars in digital assets from cyber threats, there are some challenges worth acknowledging.

For example, cold storage facilities are essentially less liquid than online solutions. While some investors may not consider this a deal, KPMG’s “Institutionalization of Cryptoassets” report notes that digital assets typically use key public infrastructure. However, PKI has presented challenges in the past in disaster recovery. The KPMG report highlights that challenges like these are magnified for crypto operations, which rely on the availability of public and private keys to transfer assets.

The report further states that organizations managing key pairs will need to develop disaster recovery plans for securing private keys in all layers of storage, for all types of digital assets. However, traditional techniques, such as using a hardware security module as mentioned, may fail, given its physical dependency. The report states:

“Destruction or not available [hardware security module] it could mean lost or unavailable cryptoassets. In addition, other traditional durability techniques, such as high availability, either compromise security or simply are not technically possible for an air-tight cold wallet. ”

Despite concerns, traditional custodians and banks are well aware that security is the most important feature in supporting digital assets. And yet, this has been challenging to navigate, as Castilla noted that the custody market typically offers standard cybersecurity solutions that have not always been vulnerable against the risk of loss of excessive physical access .

As such, Castilla explained that going forward solutions should demonstrate not only the physical protection of assets and access to systems but also the cyber security of space, where asset management takes place: “This is the way to manage secure transactions for blockchain. assets on a basis, as this is an aspect of huge vulnerability that institutional investors must consider in their custody decision. ”