• United States




The wild west of cryptocurrency security – and what the future holds

Feb 23, 20184 mins
Data and Information SecurityFinancial Services IndustryTechnology Industry

Time will tell how virtual currency security issues ultimately get resolved, but as we wait, keep changing those passwords and please, try not to throw away your key.

financial gears / euros / dollars / pounds / yen
Credit: Thinkstock

There’s no question that virtual currencies are destined to become mainstream, given the market’s already astounding exponential growth; in 2017 alone, the value of cryptocurrencies increased more than 2,700 percent.

And while mass adoption of virtual currencies may be in part driven by perceived security benefits, the truth is that virtual currencies aren’t immune to the risks faced by other digital assets. This recently came to light with the $530 million theft from one of Japan’s leading cryptocurrency trading platforms. This incident, along with a slew of other scams, schemes and hacks, underscores why creating more secure virtual assets is crucial to legitimizing these currencies and preserving future innovation.

While cryptocurrency is designed to be more secure than its traditional paper or metal counterpart, the fact that it lives in a virtual world leaves it susceptible to hacks and phishing scams, just like any other digital asset. This vulnerability is why experts advise against storing virtual currency assets (i.e., “coins”) in apps or on network-connected computers. Think of cryptocurrency ownership similarly to bearer bonds. Whoever holds the physical assets, whether it be a bond or private crypto key, owns the asset.

Because cryptocurrencies are decentralized, the onus is entirely on investors to protect themselves and their private encryption key, which is the only way to access funds. They must be hypervigilant about implementing security measures used for other precious data, such as regularly switching up passwords and using multi-factor authentication for email to protect cryptocurrency wallets – the software that stores keys and enables users to send and receive digital currency and monitor their balance.

For optimal security, investors need to not only take cybersecurity measures, but physical security measures, too. Securing cryptocurrency is somehow both incredibly complicated and surprisingly simple – like the HBO show Westworld, where everything feels new and exciting and oddly familiar all at the same time. As we all know, traditional money is stored in bank accounts with a paper trail, and there’s insurance and the FDIC to protect individual accounts. But, there are no protection processes in place for cryptocurrency investors, so the irony of these highly complex currencies is that the safest place to store the key – which is quite literally the key to all of an investor’s currency – is somewhere physical, like a bank lockbox. So at the end of the day, cryptocurrency has a lot in common with something as old school as the gold coin, which requires the physical protection of a piece of hardware.

However, physical protection doesn’t come without its own set of risks. There’s an infamous story of an early Bitcoin investor in Wales who accidentally threw out his hard drive, which contained his private Bitcoin keys, in 2013 when his assets were worth about $4 million. Taking into account the current value of Bitcoin, this investor’s money, which now sits somewhere in a dump in Wales, is worth $108 million. And while this person is likely tired of being the original “what not to do,” it’s nonetheless a good lesson for anyone investing, or looking to invest, to understand the importance of the digital and physical protections that go into protecting virtual currency.

The silver lining is that while cryptocurrency can be hacked with similar tactics as other virtual assets, it’s highly unlikely thieves can ever cash in their loot. Blockchain ledgers are public and require layers upon layers of approvals and verifications to truly unlock the information, so while the money may be gone, it’s only sitting in someone else’s hands, not their pocket.

Cryptocurrency is in many ways still uncharted territory. And with the rate at which virtual currency is growing – and with boutique currencies popping up (some of which, including last year’s nearly $4 million in ICOs, turn out to be little more than a classic Ponzi scheme) – there are still more questions than answers at this point.

As currencies grow and become even more complex, regulators will need to step in. In the U.S., the SEC is already trying to navigate this new frontier.

In the meantime, there is a lot of funding going toward a combination of blockchain, security and cryptocurrency, and smaller startups will crop up at an impressive rate to throw their hat into the ring to try and solve the issues. Time will tell how virtual currency security issues ultimately get resolved, but as we wait, keep changing those passwords and please, try not to throw away your key.


Greg Arnette is the director of data protection platform strategy at Barracuda, a Thomas Bravo company. Previously, Greg was the founder and CTO of Sonian, a cloud archiving company which was acquired by Barracuda in November 2017.

Greg has been a messaging, collaboration, Internet, and networking expert for more than 20 years, and has consulted leading corporations on the management and administration of email systems. Greg has created messaging products and services for over 15 years, starting with AlertWare which was acquired by Netpro, and more recently IntelliReach, which was acquired by Infocrossing in May 2006. Greg has designed leading messaging system solutions for all communication platforms.

Greg is a graduate of the University of Massachusetts, Amherst.

The opinions expressed in this blog are those of Greg Arnette and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.