Crypto Gets Another 'Neighborhood Watch' to Guard Against Hacks

Justine Bone, a cybersecurity firebrand whose research led to recalls of half a million faulty pacemakers, leads the soon-to-launch information-sharing and analysis center (ISAC) for crypto firms.

AccessTimeIconMay 6, 2024 at 1:00 p.m. UTC
Updated May 27, 2024 at 2:24 a.m. UTC

The cryptocurrency industry, for years plagued by hacks and other malfeasance, has a new group dedicated to cleaning things up, headed by cybersecurity veteran Justine Bone.

Bone is the executive director of Crypto ISAC, the industry's second information-sharing and analysis center, essentially a hub for cybersecurity analysis. A leader in cybersecurity and cryptography for more than 25 years, she was the CEO of medical security research firm MedSec, where her work (in partnership with a short-selling hedge fund) led directly to the U.S. Food and Drug Administration recalling half a million pacemakers that were susceptible to hacking. The devices' manufacturer, Abbott (formerly St. Jude Medical), later issued a firmware update to patch the security holes.

The full roster of Crypto ISAC's founding members, who are providing financial support for the organization, will be revealed on-stage May 29 at CoinDesk's Consensus 2024 in Austin, Texas. Included in the list are two of the biggest exchanges, a major stablecoin issuer, one of the best-known custody firms in the field as well as many other household names in crypto.

“Up until now, there has not been a crypto ISAC and some people are surprised when they learn that,” Bone said in an interview with CoinDesk. “So a few years ago, some cybersecurity companies who were then joined by some other heavy hitters in the crypto industry, recognized this gap and started organizing."

A similar effort, known as SEAL-ISAC, launched last month. It is led by Samczsun, head of security for the venture capital firm Paradigm. "The SEAL org[anization] has saved over $50,000,000 for crypto users and projects so far," said a spokesperson for SEAL-ISAC, in a May 7 email to CoinDesk.

About $1.7 billion was lost to hackers of crypto platforms in 2023, according to blockchain-sleuthing firm Chainalysis.

Bringing legitimacy

ISACs were introduced as non-profit organizations in the late 1990s to facilitate and legitimize information sharing around cybersecurity vulnerabilities and incidents between public sector and private sector organizations. They are often compared to neighborhood watch programs.

The unveiling of Crypto ISAC, which has been several years in the making, is something of a badge of honor, as it joins the crypto industry with many other established verticals that use information sharing to protect critical infrastructure, such as healthcare, retail, the financial sector, the automotive industry and many more.

Bone describes an ISAC as “a trusted intermediary that sort of sits in the middle of the conversation around security issues.” Typically these issues could be a heads-up about a new vulnerability in a type of technology, or an active incident underway, where practitioners need to hustle and collaborate to fix the problem, she said.

Bone served for years as a member of the Blackhat Review Board, the internationally recognized cybersecurity event series and provider of security research. She also worked as an information security lead at Dow Jones and Bloomberg, has advised several Fortune 50 companies and continues to serve on tech giant HP's advisory board.

Diverse membership

The organizers of Crypto ISAC run the gamut "from crypto-native companies through to investors ... and cybersecurity solutions providers who specialize in crypto and Web3," Bone said. The team has met with and briefed government officials, she said.

The information-sharing protocol underpinning the platform is thoroughly vetted and already adopted by most other ISACs, she said. As well as having the necessary cybersecurity certificates, she said the Crypto ISAC will be "FedRAMP-ready," an important designation that qualifies an organization to deliver services to the U.S. government.

“We’re going to be setting up this platform in the next couple of weeks, so when we launch at Consensus, our members will actually have a platform they can log into and see this threat intelligence,” Bone said.

UPDATE (May 6, 2024, 19:10 UTC): Clarifies government officials' role in 10th paragraph.

CORRECTION (May 7, 2024, 17:00 UTC): Adds passage about a similar group, SEAL ISAC; tweaks headline and subheadline accordingly.

Edited by Marc Hochstein and Nick Baker.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Ian Allison

Ian Allison is an award-winning senior reporter at CoinDesk. He holds ETH.