Compliance in the Wild West of Crypto Security

Kerwyn Velasco
May 23, 2024
January 5, 2023
anecdotes explains crypto security challenges and how to enhance your Compliance
Table of Contents

2022 was a challenging year for the crypto market. Aside from the industry’s already-known and accepted volatility and unpredictability, Sam Bankman-Fried added a new level of uncertainty this year with the FTX scandal, thanks to fraud, mismanagement, and lack of oversight. But that’s not all. In 2022, significant security breaches rocked the lucrative crypto industry and highlighted its vulnerability. In this article, explore crypto security issues and measures you can take to boost your organization’s cryptocurrency security.

anecdotes explores crypto security

Crypto Security Issues

Some of the challenges in 2022 facing crypto security:

Attacks on Blockchain Bridges: 

Due to a lack of stable infrastructure to support proper blockchain crypto security verification when transferring assets from one independent exchange to another, these bridges are vulnerable to hackers. In October 2022, the Binance (BNB) blockchain was breached, with hackers making off with more than $100 million worth of tokens from the world’s largest cryptocurrency exchange.

Stolen Password Credentials: 

Digital wallets are only as safe as their passwords protecting them. In August 2022, Slope, an SOL wallet provider, experienced a server breach where a bug in the code allowed for passwords to be stored on a server, resulting in hackers gaining access to the passwords of more than 9,000 wallets and stealing more than $4 million in crypto. 

Supply Chain Attacks: 

The crypto industry relies on trusted partners and vendors in their day-to-day operations.  With so many entities involved in a company’s supply chain, hackers have learned to go after the chain’s weakest link to gain access to their targeted network. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains.

Exchange Hacks: 

In December 2021, the AscendEX cryptocurrency exchange experienced a hot wallet breach of more than $77 million, of which $60 million was made up of Ethereum tokens. Starting in February 2022, the hackers began moving the crypto to the decentralized exchange Uniswap in an effort to legitimize the currency, as Uniswap doesn’t have a know-your-customer (KYC) mechanism. KYC is a multi-step identification process designed to prevent fraudulent account creation and money laundering. In the same month, cryptocurrency exchange BitMart was hacked, with the cryptocurrency security breach resulting in $196 million in losses. The FTC investigation into the BitMart breach is underway. 

Where Are the Auditors?

Following the FTX fraud and the host of security challenges, many crypto exchanges and smart contract creators seek to reassure customers of their solvency and ability to cover customer withdrawals. However, engaging a reputable accounting firm has become harder than ever for the crypto industry. In December 2022, accounting firm Mazars Group suspended its work with crypto clients “due to concerns regarding the way these reports are understood by the public.” Similarly, accounting firm Armanino announced that it is ending its crypto audit practice altogether. It seems the immense risk crypto laws pose to the auditing firms themselves is not worth the easily-won lucrative client contracts.


Regulatory Crypto Security Plans in the Works

While crypto falls under the Anti-Money Laundering Act of 2020, which subjects digital currencies to reporting requirements, Congress has largely designated the task of addressing issues created by digital assets to regulatory agencies. For example, the Financial Industry Regulatory Authority (FINRA), a self-regulatory organization that regulates member brokerage firms and exchange markets, has announced that it will begin conducting a targeted examination of broker-dealer practices related to communications about crypto products and services. In addition, global and national financial regulators are putting more pressure on the crypto industry to implement KYC measures to limit anonymous crypto transactions.

The government has begun stepping up as well. Currently, in the US, cryptocurrency laws and regulations vary state-by-state, but countries are starting to tighten these regulations. For example, in December 2020, FINCEN proposed new crypto regulations that impose data collection requirements on cryptocurrency exchanges and wallets, including the submission of suspicious activity reports (SAR) for transactions over $10,000 and the requirement for wallet owners to identify themselves when sending more than $3,000 in a single transaction. In addition, the Biden Administration’s Working Group on Financial Markets released a series of recommendations for new crypto security laws. 

What can Organizations do to Boost Crypto Security?

Securing an organization is top of mind for any company, but for organizations operating in the crypto industry, the following crypto security tips are the keys to the kingdom:

  • Meet regulatory standards. The Cryptocurrency Security Standard (CCSS) is a first-of-its-kind certification established in 2014 to provide a security standard for crypto wallets and custody. In December 2022, the digital asset platform Fireblocks became the first company to receive Level 3 CCSS certification for key generation, hardware use, policy and flow engine processes, and cybersecurity controls. According to Deloitte, startups in the crypto space often don’t follow security best practices, and every system that was subject to crypto cyber security breaches in the past didn’t pass Level One of the CCSS standard.
  • Engage with reputable accounting firms.  Having a trusted accounting firm behind the business is critical – to ensure that all transactions are above board and to earn your customers’ respect and trust. Make sure you engage with a firm that is firmly rooted in the crypto market. For example, Ernst & Young (EY), the first firm to accept Bitcoin for its consulting services in 2017, has invested in developing applications and services to facilitate the use of blockchain technology in its business. KPMG has launched new blockchain-based services with its partner Microsoft, Deloitte created the first blockchain lab in 2016, and PWC launched its own digital asset services in 2016 using blockchain technology. 
  • Determine the responsibility chain. In light of the FTX scandal and the notable absence of clear security policies for the crypto industry, it must be clear to all who is responsible for upholding the rules and regulations and ensuring the business is in full Compliance with the law. If the practices are not upheld, who will be left holding the bag? The accounting firm? The CEO? The CISO? Individual control owners? These questions are essential for any startup to answer, but they are especially critical in the wild west of crypto Compliance.

Crypto Security Next Steps

In 2022, the cryptocurrency market navigated a tumultuous period marked by the FTX scandal, unveiling the industry’s susceptibility to fraud and mismanagement. However, the challenges extended beyond isolated incidents, revealing vulnerabilities within the crypto security framework. Attacks on blockchain bridges, stolen password details, supply chain breaches and exchange hacks underscored the urgent need for enhanced crypto security measures.

In response, the crypto industry must take strategic steps to improve its security. Adhering to regulatory cryptocurrency security standards like the CCSS is paramount. Following crypto security best practices such as engaging reputable accounting firms helps to establish transparency and trust. Organizations must also define clear lines of responsibility to ensure cryptocurrency Compliance. For more guidance on how to foster a more secure cryptocurrency market, reach out to anecdotes, pioneers in the Compliance world. If you’re not convinced how the anecdotes Compliance OS can help your Compliance leaders bolster their crypto security standards, download our data sheet  to learn how we can empower your GRC teams today.

Kerwyn Velasco
Security and Compliance Nerd with 10 years GRC experience wearing all kinds of hats. He currently does marketing at anecdotes.
Link 1
Link 1
Link 1