Our tech hacks to safeguard cryptocurrencies and other digital assets

The world of virtual assets has turned into a fierce game of chess. New criminal practices may be emerging, but legal frameworks are developing further and technology opens up new resources for combating crime.

Cryptocurrencies are no longer just a technological novelty and by no means a passing fad. In recent years, these blockchain technology-based digital assets have established themselves as an alternative, decentralised financial market. They are, for the time being, highly unstable and volatile investment assets, but are nonetheless legitimate.

In short, they represent an opportunity for certain investor profiles, primarily the most technophile and most willing to take considerable risks in exchange for high expected returns. In parallel, the strong focus on decentralisation and anonymity that is in the nature of these assets, as well as the gradual increase in their economic impact, makes them a potential target for increasingly sophisticated cybercrimes. As defined by the International Security League (ISL), cryptocurrencies are both an opportunity and a risk, as well as "a solution that creates new problems”.

 

The steady rise of ransomware

Data clearly depict this double-sidedness of the coin. The 485% increase in ransomware attacks by 2020, according to Bitdefender, is highly significant. The ISL notes that in 2021, the theft of passwords and therefore cryptocurrencies reached a volume of 14 billion dollars, nearly doubling the previous year. There has also been an increase in other crimes associated with these assets, such as money laundering (e.g. through video games, online gambling and cryptophishing, movement in physical wallets such as a pendrive), terrorist financing, pyramid schemes or the hiring of hackers and specialised deep web teams.

For all these reasons, some authorities warn that vulnerability to this wide range of potential crimes, particularly the theft of digital currency through complex laundering schemes, could undermine confidence in cryptocurrencies as an investment sector or monetary tool for ordinary citizens, businesses and administrations. What is ultimately at stake is whether crypto-assets will behave in the medium term as a reliable and reasonably safe investment vehicle or whether the logic of arbitrariness and every man for himself will prevail.

Some authorities warn that vulnerability to this wide range of potential crimes, particularly the theft of digital currency through complex laundering schemes,

 

A legal framework for greater safeguards

Responsiveness to this remarkable proliferation of new crimes has been swift. The sixth Global Conference on Criminal Finance and Cryptocurrencies was held in The Hague last September, bringing together regulatory bodies, law enforcement agencies, the private security sector, and many other actors. Its conclusions call for the development and coordination of international legislation, but also welcome important developments, such as developments in European directives towards treating cryptocurrencies like any other asset in terms of supervision.

With the right regulations in place, blockchain technology, which in some cases protects the anonymity of criminals, can become the tool that allows money to be traced in suspicious transactions. This paradoxical conclusion points to some of the cases of traceability, identification and arrest of hackers, fraudsters and laundering networks analysed during the conference.

However, the effective use of blockchain as a weapon of defence and counter-attack requires, first and foremost, an internal transformation in financial firms, which must strive to fully understand the complex workings of the crypto-world, the rapid emergence of new types of crime in it, and, therefore, the signs of fraudulent use. These are very complex issues, so partnerships with providers specialised in cybersecurity, prevention and compliance with increasingly stringent regulations may be advisable to deal with these scenarios.

Key holding companies 

The legal framework regulating these activities is at a critical juncture, as there are continuous developments in EU and Spanish legislation. These include measures to require cryptocurrency exchanges and wallet custodians to collect data on senders, recipients and owners. The mandatory registration of such companies with the central bank and the financial supervisory authority in each country is also beginning to be considered. This is what Prosegur Crypto, leader in the custody of electronic wallets, has recently done before the Bank of Spain.

This commitment not only entails full compliance with regulations, but also the professional preparation of its staff in such a specialised and ever-evolving technological niche. We are talking about protecting a growing volume of both investments and investors: nearly one in ten Spaniards currently owns cryptoassets, according to the Bank of Spain.

 

It is better to rely on the best

Authorities recommend the use of experts with established key custody reputations, especially when dealing with institutional or high net worth clients. In response to this need, and combining its dual expertise in physical security and cybersecurity, Prosegur Crypto delivers a custody solution with state-of-the-art cryptographic technology that operates outside the online environment. There are also vaults designed exclusively to protect private keys. This double shield provides an all-round, physically and virtually impregnable armour.

In colloquial custodian terminology, it is a purely "cold" model, as opposed to "hot" wallets because of their exposure to the internet and therefore to hacking attempts, common among individual users who use mobile or desktop applications to store their keys. But it also differs from models that are advertised as cool when in fact they are rather "warm", because their custodial technology has indirect exposure via USB connections, QR codes or micro SD cards. These are temporary openings and have a generally low level of exposure, but they do not offer full guarantees, as their protection systems can be bypassed.