It’s no secret that the cryptocurrency industry has a checkered history with unbelievably audacious heists. And now, Shuttle Holdings and IBM have announced the launch of a new HSM-based security solution to mitigate this problem.
The system, which has been extolled as a paradigm-shifting innovation, will launch towards the end of March and targets the crypto custodial industry. Starting in beta mode, only a few select companies will have initial access.
The technology has been designed to provide a lockbox environment for private keys while allowing clients to have easier access to their cold wallets.
The report lists cryptocurrency custodians, banks, brokers, exchanges, and high net worth crypto investors as potential clients. IBM’s chief technology officer (CTO), Nataraj Nagaratnam, and Shuttle Holdings Chief Investment Officer Brad Chun had previously introduced the concept during the recent Think 2019 conference which was held in San Francisco.
A hardware security module (HSM) is a secure, tamper-resistant digital key storage device that relies on modules to prevent intrusions. The modules are encoded with layers of encryption and have sophisticated physical deterrence mechanisms.
HSMs are made up of microprocessor chips that effectively detect both network and physical tampering and automatically erase sensitive data once it discovers an anomaly.
Microprocessor meshing technology is used to make the packaging responsive to tampering. This prevents side channel and bus probing attacks.
The concept has been around for years, but the technology was mostly confined to major payment networks, governments, and banking institutions.
Over $1.5 billion in crypto assets have been stolen from exchanges in the past year. And according to numerous investigative reports, two groups were responsible for the theft of digital assets worth $1 billion. The fact that the overall cryptocurrency sector has a market cap of just over $140 billion accentuates the seriousness of the scourge, hence the search for innovative security solutions that are more secure than ad hoc simplistic systems.
The regulatory vacuum that continues to permeate certain sectors of the market has also left most platforms to their own devices. Many network attacks have been found to be instigated by groups located in regions with nebulous crypto legislations such as countries in Eastern Europe and politically fraught North Korea. This makes prosecution difficult.
As such, the scale of crypto thefts has continued to rise. Last year’s Coincheck heist, for example, led to a loss of $530 million worth of cryptocurrencies. Many exchanges and custodial service agencies are looking to avoid this nightmarish scenario as much as possible.
Crypto trading and custodial service platforms are embracing HSM systems because of their superior security features. Another benefit, though, is their outstanding efficiency when it comes to transferring assets from cold storage. They eliminate the need for human intervention to validate transactions.
Accessing crypto funds in cold storage is usually a time-consuming process that can take up to 48 hours. This is because a human has to be physically present to authenticate transfers. Cold storage wallets are kept offline to prevent online hacking attacks, but the main tradeoff is efficiency.
While hot wallets offer fast execution, they work through a network connection and confirm transactions using API authentication processes. However, the keys have to go live for a transaction to be successful, making them susceptible to interception.
Most cold storage strategies usually rely on air-gapping to minimize the risk of hacking attacks. Chun expressed ambivalence about the notion, describing it as a borderline travesty that gives a false sense of security.
The technology utilized by Shuttle Holdings allows for network connectivity. Multiple layers of encryption and a backup system ensure that the risk of data loss and hacking is substantially minimized.
Chun explains further, “We keep keys at rest encrypted in multiple layers as data blobs so that an organization can store these backups using their pre-existing disaster recovery and backup processes and media.”
According to IBM, client data is protected “at rest, in transit and in use.”
Speaking to Coindesk, Chun highlighted that although the Shuttle Holding solution is currently integrated with IBM’s Cloud Hyper Protect Services, the system can be connected to other networks depending on client needs.
The Swissquote banking group is among the more notable companies to recently integrate HSM technology into its crypto custodial service offering. According to the company’s recently released disclosure, customers will be able to make crypto deposits and withdrawals to Swissquote wallets starting on March 21.
The service will run on Crypto Storage AG’s proprietary infrastructure. Crypto Storage AG is a fintech company that specializes in the management of cryptocurrency assets and private keys.
The partnership will enable Swissquote to offer both custodial and trading services. Crypto Storage AG’s HSM system will be an integral part of the overall system.
As the battle to lure in institutional investors rages on, the security solutions industry is continuously developing tools that cater to this highly prized market segment.
Some of the major tech companies that currently provide HSM security products include Thales e-Security, Gemalto NV, International Business Machines Corporation, Utimaco GmbH, FutureX, SWIFT, Atos SE, Hewlett Packard Enterprise, Yubico, and Ultra-Electronics.
According to a new research report compiled by TMR Research, the United States, European Union, and China are the leading HSM consumption markets at 32, 24 and 14.5 percent respectively. The global market size is expected to grow from approximately a billion dollars in 2019 to over $2 billion in 2024, demonstrating the need for these types of services.
(Featured Image Credit: WSJ)