This article first appeared in Digital Edge, The Edge Malaysia Weekly on December 12, 2022 - December 18, 2022
Cryptocurrency’s biggest selling point is its decentralised system based on blockchain technology, which is a distributed ledger enforced by a disparate network of computers. In other words, it is nearly impossible to counterfeit.
Although the many built-in security features in blockchain technology make it difficult for cryptocurrencies to be hacked, it is not impossible. Heists on cryptocurrency networks run into the millions. The latest to be hacked is Binance, the world’s largest cryptocurrency exchange, which reportedly lost US$570 million (RM2.51 billion) in October.
Despite complex security measures such as remembering unique phrases to access a user’s digital asset wallet, many users are still unaware of the loopholes in the cryptocurrency ecosystem that hackers take advantage of. Digital Edge speaks to Mohammed Fouladi, regional head of customer value proposition at Advance.AI, on the common security threats associated with cryptocurrency exchanges and how users can trade safely.
What are the common security threats at cryptocurrency exchanges?
First of all, when it comes to creating a wallet to store a user’s cryptocurrency, there are multiple steps and stages involved. Contrary to opening a bank account, it is a complex process that many users are not knowledgeable about. Therefore, it is very easy for somebody who knows this process very well to game the system in a way that they can cheat users at any step during onboarding. That’s the first vulnerability for a user.
Second, cryptocurrency has no regional connotation to it. Cryptocurrency exchanges, wallets or currencies are not designed to distinguish between users from different regions and the risks that come with different user demographics.
This is because cryptocurrencies are invented by start-ups and immediately pushed into the global market due to the decentralised system. They do not have the time, capability or capacity to conduct country-specific risk assessments and actually change the onboarding journey by country.
Third, cryptocurrency is transparent due to the blockchain technology, which enables all users to view the transactions, making it easier for users to know which wallet has the most financial assets.
Furthermore, cryptocurrency users would not be able to retrieve their wallet accounts if they ever lost their login phrase. Users will not be able to recover their accounts after a hacker has gained access, even if they are the genuine users.
All these factors contribute to giving hackers a unique set of tools to violate the ecosystem and cheat money out of users. There are a lot of people who actually lose money in the crypto world, and the majority of the time, it is due to their own negligence, and they are not able to reach out to any governing agency for help. The amount of money lost in the crypto space is greatly underreported.
The biggest cryptocurrency hacks have occurred at large, famous networks such as Axie Infinity by Ronin Network, which cost US$60 million. In your opinion, what are the loopholes in these cryptocurrency systems that allowed such heists to happen?
It happens mainly around the security of the system itself. Most start-ups that generate their own cryptocurrency have not thought 100% about the scenarios that could actually happen. Let’s say there are 100 possible heist scenarios. As a start-up, you would follow the 80:20 rule by solving 80% of the issues that you would like to solve before launching your product in the market.
That being said, there are some gaps in the ecosystem. Anyone who figures out that gap can actually exploit the system and carry out the heist. A lot of the time, based on the biggest cryptocurrency heists that I know, they happened because the founders of the network were not up front about their intentions with their cryptocurrency strategies, which led to major losses among investors.
Cryptocurrency has received mixed reactions from regulators. Some countries, such as China, have completely banned it while the Nordic countries view it positively. In your opinion, what are the regulators’ concerns when it comes to cryptocurrency, and is security involved?
As a government or as a regulator that has the power to protect the country’s interests, cryptocurrency steps on the toes of sovereignty with its decentralised system because financial wisdom is indeed a pillar of a country. Hence, that makes a lot of countries uncomfortable with it.
A country that is very strict about its control will block it in order to not take any risks. There are also some countries that would take the initiative to understand the cryptocurrency ecosystem, such as Singapore, which is known for its financial innovation. Throughout the whole process, regulators play an important role in protecting its citizens’ interests by issuing licences.
In conclusion, regulators respond differently to cryptocurrency as it depends on how much they feel threatened by it. In my opinion, Colombia is a fast-growing country as it is crypto-centric to the extent that people trust cryptocurrencies more than the local currencies in some Latin American countries.
I would suggest that different cultures, different countries, the history that they have and their experience with the local currency will define the direction people swing towards in cryptocurrency.
What are some of the things cryptocurrencies such as Bitcoin and Ethereum are doing to increase the security of their networks?
Many cryptocurrency companies have hired their own compliance teams in recent years to comply with government regulations. The rules may be annoying, but regulators have learnt from the past cycle of problems that occurred with cryptocurrencies and want to ensure the same issues will not arise again.
Second, cryptocurrencies are becoming more technologically advanced in order to improve security and the customer journey interaction. Cryptocurrencies rely on technology as they are not able to replicate a traditional bank with branches to service customers on the ground, plus having traders on a global scale. Hence, companies such as Advance.AI help bring security at scale with anti-fraud technology.
What are some of the ways to identify the safety of a new cryptocurrency network?
The first sign for me is the currency circulation itself. The bigger the cryptocurrency, the more stable it is. For example, the circulation of Bitcoin is at 19.22 million (worth US$329 billion) as at Dec 1, 2022.
However, when it comes to investing in a new cryptocurrency, users may look at what the cryptocurrency is backed by. There are some gold-backed cryptocurrencies such as PAX Gold and Tether Gold. Fiat currencies such as the ringgit also used to be backed by gold before being fully backed by the central bank.
It is also important for users to know the team behind the cryptocurrency. I typically don’t trust people who remain anonymous. These are some of the things that I check before trading cryptocurrency.
We have licensed digital asset exchanges in Malaysia: Luno, MX Global, Sinegy and Tokenize. What is your observation of the security level of the current Malaysian cryptocurrency market compared with the global market?
In my view as a global user, some of Malaysia’s digital asset exchanges are available globally. Hence, they have learnt from the global risks that they are exposed to. However, for local companies that are Malaysia-centric, the blockchain system may not be 100% as secure as its global counterparts, but they are more accustomed to local risks. As a result, they are better at identifying good traders in Malaysia than in the rest of the world.
Becoming a global and localised cryptocurrency has its own advantages and disadvantages. Global cryptocurrencies have a global demand and supply, which offer some sort of stability in the global market but are also susceptible to fluctuations at the same time. Localised cryptocurrencies, however, are focused on a specific country’s demand and supply, which does not offer much elbow room to recover if the demand and price fall substantially.
What is your advice to cryptocurrency investors to ensure that they’re trading safely?
A safe cryptocurrency can be measured from both its security and investment points of view. I would say circulation is a big part of it. If the cryptocurrency has high circulation, it is more likely to be more stable compared to the rest.
Second, traders may look at the technology that is being applied to the cryptocurrency ecosystem. As a user, you may not have the knowledge to actually check whether a cryptocurrency has a secure system or not, but if in doubt, avoid it. Traders may know that a cryptocurrency is secure when it has stringent rules. It will feel like a bank — more challenging to go through.
The third part is whether the cryptocurrency is transparent about the team running the ecosystem. It’s very easy for traders to do a quick check on business-oriented social media sites such as LinkedIn and hover over their profiles to determine whether they are trustworthy. Additionally, traders may also look into whether the cryptocurrency company takes out insurance to protect both the company and themselves if any issues arise.
Lastly, the obligation and the onus to be safe and secure are also on us. We need to be educated on the cryptocurrency customer journey instead of just clicking aimlessly without actually thinking through it, as we are prone to being hijacked and having our accounts hacked.
Save by subscribing to us for your print and/or digital copy.
P/S: The Edge is also available on Apple's AppStore and Androids' Google Play.