Currencies have evolved from salt and animal pelts to precious metals and paper. One constant exists as a currency holder, regardless of the token used; you need to protect yourselves from the inevitable thieves!
Cryptocurrencies and blockchain are built on the idea of nearly indescribable cybersecurity based on entirely new vocabulary words:
Immutable Distributed Ledgers
Blockchain Consensus Protocols
Cryptographic Hashing Algorithms
If cryptocurrency is completely different and thieves are ever present, what can we learn from previous ‘security teams’?
A historical “arms race”
The battle between currency security and those wishing to steal it has waged over every technological generation and will continue indefinitely. Let’s look at the recent past in order learn about the future.
Physical currencies, simply, required physical protections. 'Security teams' of the day carried weapons and attempted to protect both the physical store and transport of currency. Once consumers took possession, they were responsible for the physical protection. Criminals of the day, in turn, evaluated the entire chain of custody, looking for soft spots to exploit. Bank storage? Transport? Careless or gullible individuals? Yes, yes and yes!
Physical storage security evolved from rudimentary lockboxes to centralized banking vaults. Watch guards are now aided by cameras and bondesque heat and motion sensors.
Physical transport changed from armed stagecoaches to near impenetrable armored cars. Transported money sacks now contain marked holographic bills and dye packs to help thwart criminals.
Once a consumer possesses the physical money, they now become targets of thieves. Pickpockets, muggings and snake oil salesmen have hardly changed over the generations, but some defenses have improved for the consumer! Travel purses with integrated security, chains on wallets, education and communication about high risk areas all have improved over time.
Criminals over these generations continued to evaluate the ever changing chain of custody, looking for soft spots to exploit. Some attacked storage and transport while others went after individuals.
Jump ahead to the digital arena
In recent years currency became more virtual. Banks hold digital currency in its ledgers, backed by a percentage of physical cash. Consumers do the same. To keep these assets safe, security teams added firewalls, cryptography, and other digital measures to their holstered sidearms in protection of both storage and transport.
Criminals, again, evaluated the entire chain of custody, looking for spots to exploit.
Attack storage or transport of physical reserves? Attack transport or storage of electronic currencies? Attack currencies through the individual?
In addition to sophisticated bank robberies, new attacks such as credit card fraud and phishing campaigns became common and security teams responded. The escalations continued.
Present day cryptosecurity
Cryptocurrencies, in a sense, are changing storage and transport and hence the chain of custody as-well-as vulnerabilities. Thanks to blockchain, central banks are being replaced with secure distributed ledgers. Physical wallets and home safes are now replaced with crypto-wallets.
Crypto exchanges exist to facilitate the transfer (transport!) between currencies. New avenues for earning and spending cryptocurrency on everyday items are developing. These simple examples demonstrate various steps in this new chain of custody.
Security teams change and introduce the new vocabulary above. Computers are secured via both physical and network isolation. Credit cards now have chips and banks require two factor authentication.
Criminals, likewise, change out of necessity. They will evaluate this new chain of custody, looking for new soft spots to exploit, just as they have always done.
In another sense though, no, nothing has truly changed. This is simply the next evolution in a never ending escalation.
Then and now, security teams are only able to improve on areas they control. Within the context of a chain of custody, blockchain and distributed ledger only protect the history of transactions.
What, then, can we apply to cryptocurrency security from this historical arms race?
Reviewing the chain of custody of a cryptocurrency built on blockchain, we can look for soft spots that may be exploited, just as thieves do.
A coin ownership, as secured in a blockchain, is very well guarded without doubt. Blockchain technology inherently ensures that once a transaction has been verified, it is nearly impossible to falsify.
That is very strong storage indeed!
The transport of cryptocurrency can be evaluated as well. Transport, in this case, is access and exchange from one crypto wallet to another. Access to add transactions to the immutable distributed ledger that is blockchain. These transports are written by developers in applications that reside behind the same firewalls that exist with existing financial institutions and communicate across the same secure channels.
These, then, are only as secure as the application layer. This is no different than traditional banking software. Soft spots have been found at exchanges and the application layer will continue to be a target.
Consumer security has not, honestly, changed much compared to pre-cryptocurrency. Education is key, just as it has been previously:
Keep sensitive transactions off open networks
Secure computers from malicious software with antivirus, antimalware and regular updates
Learn to spot phishing schemes
Research the credibility of investment opportunities whether using Fiat or crypto
Cryptocurrency, does indeed, change the security game without a doubt! Security and the chain of custody has changed as has criminal exploitation methods. In the end, this is how it always has been.
To borrow an old proverb: "The more things change, the more they stay the same"
Cryptocurrency and blockchain developers, continue to harden the gates!
Application developers, whether at exchanges or end user applications, do not relax or lean on the security of blockchain. Be ever vigilant!
Consumers, continue to learn and protect yourself. Protect your wallet as if it is your bank account, continue the practices that we have learned regarding open networks and computer security.
The vast majority of our wealth has always been protected and we continue to hold the upper hand! Let’s stay diligent!