Three hundred banks are expected to launch Bitcoin trading on their mobile apps this year. The infrastructure for that has been in the works for quite some time. In 2020, Bank of America engineers filed 160 patent applications related to blockchain and digital payments. Still, major banks have some catching up to do if they hope to prevent consumers from switching to younger, crypto-native platforms that have had a decade-long head start.
The first step in ensuring a smooth onboarding of digital assets is figuring out how to store these novel assets. Cash vaults, of course, aren’t going to do it. Considering it has taken modern banks over a hundred years to cultivate and perfect security measures for custody and storage, a hasty transition into crypto will create a perfect storm for hackers looking to cash in on the initial vulnerabilities of the banking industry’s newfound rookie status in the crypto game.
But, there’s a way to prevent that from happening. It depends on banks understanding the gaps between traditional custody and storage, and what it will take to integrate digital assets.
Custody over digital assets is similar, conceptually, to custody over traditional financial assets, like cash, stocks and bonds, in the sense that it involves safeguarding something highly valuable. In short, people trust banks to store their money because they offer a safe place to store cash, backed by insurance guarantees. Beyond that, however, there are major differences that banks should keep in mind when making the plunge into crypto.
One of the most obvious differences is, of course, that digital assets are digital. Someone holding even millions of dollars in bitcoin or NFTs doesn’t have stacks of cash sitting in a giant bomb-proof vault — though it’s certainly true they probably have their crypto wallet in some kind of vault. In this case, it’s the private keys controlling the crypto wallet — or, in the institutional sense, vault — that must be kept safe. While blockchain itself is known for its top-notch security, wallets themselves often have entry points hackers can exploit in an attack.
For example, this past February, a massive hack of the wormhole platform, a token bridge protocol linking several major blockchains, saw 120,000 wETH (approximately $331 million at the time of writing) stolen from its bridge between Ethereum and Solana. Hacks like this and others have become endemic, highlighting the need to further develop and scale crypto security mechanisms.
What are the options?
The crypto market expanded so fast over the last five years that its own security research can’t keep up. Sometimes, the issues are flaws in the underlying infrastructure or faulty code, or even things working as they should, but being exploited by a malicious individual or group. Yet the industry has been able to develop (with varying degrees of innovation and effectiveness) a few custodial mechanisms that could work for financial institutions.
These are mechanisms used by individual crypto investors that would be adopted by banks to scale custody, including some kind of mix between hot and cold storage. Cold storage maximizes security by holding private keys offline, making it much harder for hackers to reach them. This method, however, lends itself to certain UX headaches, as the custodian has to physically access the keys to sign off on a transaction on the customers’ behalf.
This issue is being resolved with crypto vaults like Kirobo’s Liquid Vault, which is backed by the company’s own conditional-transaction technology. This technology allows users to execute transactions that are only executed after specific conditions are met — and are triggered by pre-determined activators. Ultimately, security-wise, cold storage is as secure as it gets.
Still, the label “cold storage” may be misleading, considering almost all cold vaults have to go online to actually sign transactions, which creates an entry point for bad actors. Israeli crypto self-custody solution, GK8, gets around this issue by offering banks a way to leverage cold storage to the fullest extent in tandem with a multi-party computation (MPC) wallet. The resulting architecture is secure and versatile enough to support high-frequency trading, alongside a plethora of other functions, such as DeFi integrations and traditional asset tokenization.
MPC wallets are the option many institutional custodians view as a default these days, as they are seen as the best combination between safe and versatile. The former quality only holds true when compared with hot storage options, though, as an MPC forces the hacker to compromise multiple computers holding parts of the private key.
In terms of pure security, cold storage still has the edge. The most effective path forward for institutions would be to adopt some kind of hot-cold hybrid of both, with cold storage for the bulk of assets and an MPC to hold the pocket cash for rapid transactions. I believe that this should be the industry standard going forward.
Once the digital security of these novel assets is mastered, let’s not underestimate the importance of physical security (even over digital assets). Crypto assets still need to be stored in a physical device, especially at scale. And if digital hacks are no longer an option, we can all bet physical robberies will become a threat. Physical security will always play a role for financial institutions, because, well, they are financial institutions after all, and bad actors will exhaust all of their options if a successful breach translates into wealth.
As regulatory issues become clearer and banks get a better idea of what they are permitted to do in regard to the custody of digital assets, it’s paramount that traditional financial institutions take the necessary steps to provide the highest level of security.
Custodial services are crucial for the widespread adoption of digital assets, but banks looking to become real players in the rapidly expanding crypto ecosystem must demonstrate the ability to provide efficient and affordable security for their customers’ digital assets. Otherwise, consumers will simply store their crypto at home.
Tomer Warschauer Nuni is the CMO of Kryptomon, a serial entrepreneur and investor focused on the innovative blockchain gaming industry.
This article was published through Cointelegraph Innovation Circle, a vetted organization of senior executives and experts in the blockchain technology industry who are building the future through the power of connections, collaboration and thought leadership. Opinions expressed do not necessarily reflect those of Cointelegraph.
Learn more about Cointelegraph Innovation Circle and see if you qualify to join