Crypto security just took another step forward with the news that Unbound Tech has launched the second version of its Crypto Asset Security Platform (CASP).
The company is a provider of institutional-grade key management solutions, servicing multiple Fortune 500 and exchange clients, including the Liquid exchange. The CASP uses cutting-edge, multi-party computation to secure private keys and crypto assets against any attackers, whether they’re external or operating from within the company.
Businesses in charge of protecting crypto assets on behalf of users have a few different options at their disposal. Multi-sig is one, requiring two or more signatures to a transaction. However, a user has no way of knowing if one party may have access to all private keys, and multi-sig doesn’t protect the keys themselves. Hardware security modules (HSMs) are physical devices designed to protect private keys and crypto assets. However, in some circumstances, they could be vulnerable to internal fraud, particularly if multiple employees colluded.
SMPC - The Latest in Crypto Security
Secure multi-party computation (SMPC) is the latest innovation in private key security and crypto transactions. SMPC enables multiple parties to work together on computing a function, but each party’s inputs remain private.
The CASP utilizes this concept with the function as a crypto signing transaction, and the inputs being shares of the private key. The shares of the private key are distributed across multiple endpoints, such as different devices or cloud servers, so no individual within or outside the organization can ever get access to the full private key.
Therefore, SMPC is perhaps the most secure means of protecting crypto assets available on the market today, solving a critical challenge for crypto custodians and exchanges. The upgraded version of Unbound Tech’s CASP, which it dubs a “virtual HSM’ offers users new features including offline approvals and a tamper-proof audit log, as well as integration with XRP.
The CASP is the first virtual HSM to obtain the FIPS 140-2 Level 2, an industry standard for assessing the effectiveness of cryptographic hardware.
Cat and Mouse Games
Crypto asset security has proven to be one of the most challenging issues facing the sector, averaging around one each month. In 2019, there were 12 breaches in total. Among those was Binance, which had previously boasted a flawless security record. Most recently, Italian exchange Altsbit was attacked by black hat hacking group Lulzsec.
Whereas Binance operates an internal insurance fund known as SAFU, which exists to cover user losses in the event of a hack, Altsbit was a relatively new exchange. The company has said it won’t be able to cover all of the users’ lost funds and will be closing down as a result of the incident.
Despite many exchanges having taken measures to beef up their security measures, it’s evident that these efforts aren’t sufficient. A report from Chainalysis covering the state of crypto security in 2019 highlighted how crime syndicates like North Korean Lazarus Group are implementing ever-more elaborate scams. In one instance, they even went to the extent of setting up a fake company as part of a phishing attack.
Attacks such as these illustrate the need for exchanges and crypto custodians to eliminate any and all points of weakness in their security measures. The more often that hackers are successful in their attacks, the more it will attract others to attempt to do the same.
Until more exchanges follow the lead of Liquid in implementing the highest possible level of crypto asset protection, it seems inevitable that they’ll remain a target for hackers.