More investment managers are trading digital assets as interest in cryptocurrencies continues to grow. AIMA’s Global Crypto Report, released over the summer, showed that around 20% of hedge funds are now investing in the space.
As a fund manager, protecting intellectual property, the complex algorithms, systems and data that allow them to generate returns, is paramount. That is why cybersecurity is an important consideration for both traditional managers moving into the space and newer startup funds.
George Ralph, global managing director of cybersecurity firm RFA, has witnessed a large uptick in crypto clients in the U.K. looking for security and infrastructure solutions.
Ralph says the three biggest challenges that traditional funds cited when looking at a potential move into the crypto space were “regulatory uncertainty, reputational risk and lack of infrastructure.’’
Exploits remain common in the digital assets space, especially in the more experimental realm of decentralized finance (DeFi).
In August, more than $600 million was stolen in one of the biggest crypto heists to date. Hackers were able to exploit a vulnerability in Poly Network, a decentralized finance platform that allows different blockchains to connect to work together.
In an unexpected twist, the hacker responsible returned a large majority of the stolen funds after experts and businesses said they would track their activity on the blockchain. Mt. Gox, the world’s largest bitcoin exchange at the time, filed for bankruptcy in March 2014 after hackers stole $460 million worth of crypto.
“Simple and secure storage solutions are urgently needed for the more than 221 million crypto users around the world who are targets for fraud and theft,” according to Jon Wilk, CEO of CompoSecure.
“More than $8 billion in crypto has been hacked or stolen in 2021 thus far, doubling the previous year, including examples of crypto exchanges being hacked, personal devices being compromised, or usernames and passwords being phished that were part of these growing losses,” Wilk said.
Read more: The Poly Hack and Crypto’s Trust Issues
With regard to crypto fund launches, the key thing in terms of threats is event-driven, there is a huge focus on insider threats, said RFA’s Ralph, and this has been exacerbated by the move to working from home following the COVID-19 outbreak.
Investors looking to launch funds in the post-COVID era are having to hire people they have never met before; conducting checks on potential new hires is harder in this current paradigm, Ralph said.
Peter Habermacher, CEO of Aaro Capital, said the “key targets for criminals are usually bank accounts or the assets of a fund. However, leakage of confidential information, intellectual property and personal data can be equally harmful and the issues in this regard can sometimes be internal.”
But not all that’s new is without precedent.
“Crypto asset funds are like hedge funds in the 1990s”, said Habermacher. “The market is dominated by startup managers who are operationally weaker than their established counterparts in traditional asset management and, as such, they often do not have the necessary cybersecurity procedures in place to completely satisfy institutional due-diligence processes.”
More needs to be done on the regulatory side, Habermacher said, to ensure that “crypto service providers such as exchanges and custodians are properly regulated and adhere to minimum security and process standards.”
Crypto criminals stole $1.9 billion in 2020, according to a report from blockchain sleuthing firm Ciphertrace, down from $4.5 billion in 2019.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.