This blog post is aimed at lawyers who are working on files that have to do with holding cryptocurrency, either as part of a buinsess service, secure storage, or allegations of misappropriation. This issue includes technical security, processes, and business models - all of which affect what sorts of risks might materialize and how they're addressed upfront.
The Temptation
Cryptocurrency is valuable in the same way as gold is, and it has the same attraction to thieves. But unlike gold, anyone in the world who can gain digital access to it can transefer it, which creates new security problems that gold doesn't face.
The Security Paradigm Of Cryptocurrency
The private/public key pairs that underlie all cryptocurrencies are fundamentally secure. They cannot be broken by any known technology or computer. But the keys themselves can be lost or stolen just like a bank vault key. Just like modern bank thefts, the vast majority of stolen funds are not stolen by breaking into the vault with giant drills but by exploiting weaknesses in how people store their keys, where they store their keys, the people who hold the keys, or other types of human weakness. In some cases, there can also be failures in how computer code that interacts with keys is used. So the tricky thing about cryptocurrency security is that although the underlying systems have perfect security, the way that they're used creates many opportunities for loss.
The Solutions
There are many technical solutions to how to safely store cryptocurrency. For major businesses, they'll likely be using a qualified custodian
to store cryptocurrency, or perhaps a dedicated trust company. Examples of these types of solutions include Coinbase Custody in the US and Tetra Trust in Canada. But these are business-level solutions, not technical solutions.
At the technical level, the challenge is to make sure that access is confined to the people and systems that need it. Cryptocurrency held for safekeeping is relatively easy to deal with but this becomes more complicated when some access is needed for day-to-day business, which may require the use of several wallets
with varying degrees of security. Years ago, it was common for even large cryptocurrency dealers to store all their crypto in one place but in 2023 this is such a bad practice that it may even be prohibited by applicable rules. For example, Canada's restricted dealer
regime requires that a large majority of a company's cryptocurrency be secured in a more safe place than the amounts used for day-to-day business. This works because most companies don't need access to all of their cryptocurrency all at once. Don't put all your eggs in one basket.
Storing Keys Securely
There are many ways of storing cryptocurrency keys, such as dedicated computer chips called Hardware Security Modules, splitting keys into multiple subkeys that are issued to different people, or even splitting the key into pieces for secure recovery later (e.g. Shamir's Secret Sharing). The most common is probably using multiple subkeys for access, because this method is relatively easy to do and corresponds to traditional processes of having multiple people sign
for something in an organization before it is done. This is typically done by requiring the key approval to be M of N keys. But be careful, because bad implementations of this idea have in the past been insecure and led to millions in losses. Using a security idea is not the same thing as achieving the theoretical results of a security idea because of bad choices about how it's done. The devil is in the details.
Losing Keys
Imagine a giant bank vault that's perfectly secure. This sounds like a great way to store the bank's money until one day the bank loses the only set of keys and then they can't open their own bank vault. Cryptocurrency keys are like this, except they really are secure because they're mathematically secure and no amount of drilling or blasting with explosives will open this kind of vault. Many people have lost money by losing their keys, which is the downside of such a secure system. There's no forgot password feature for cryptocurrency. The password
is the key. There's no company or organization to appeal to if you lose your keys (or is there? see this interesting case in the UK courts for one attempt to do exactly this).
Losing Access Through Bankruptcy
When a third party provider is used, a person may not have the risk of losing their keys but they might lose access to their cryptocurrency through bankruptcy. All businesses have counterparty risky. Even the very largest companies can swiftly go out of business. For example, Silicon Valley Bank went from over $200 billion in assets to sudden closure in a matter of days earlier this year in the United States. Regulatory schemes can ensure that customers can access to their assets, but maybe not immediately. And most kinds of businesses do not have the same sort of regulatory protection as banks have, so anyone with cryptocurrency stored with a third party should pay close attention to where it is and what laws govern.
Thinking about bankruptcy risk means thinking about the laws that concern storage of money and property with keywords like bailment, trust, bankruptcy remote, banking and trust companies, and fiduciaries. Agency may also be a relevant concept. The actual laws that apply depend on the terms of the deal, the country, and the type of service for safe storage that's being used. In some cases the law on these subjects may be unclear.
When dealing with businesses, the risk of bankruptcy may actually eclipse any other type of risk, and should be at the top of the list of concerns.
Lawyers who draft contracts around safe storage of cryptocurrency should carefully consider the nature of the deal that they're drafting up. Is the customer in the same position as any other supplier in the event of bankruptcy? In other words, is it ok if the person is in the same position as someone who held Target gift cards after they went bankrupt in Canada (or any other retailer)? This may be straightforwardly prohibited by applicable law in some countries, but for some businesses this might be a choice that can be made. Might it give a competitive edge to more safely store cryptocurrency?
Insurance
Large holders of cryptocurrency may be able to obtain insurance for the storage of cryptocurrency. These policies are complicated to obtain and not available for smaller businesses. There are a limited number of providers who work in this market and they are very aware of the risk. In some cases, insurance might be a regulatory requirement. In other cases, insurance is a good idea but the cost may be prohibitive. If the cost is prohibitive that's a good reason to carefully consider the risk level and look at whether alternative methods of storage are possible.
Procedural Security
Policies and procedures are necessary when dealing with large amounts of cryptocurrency. And they should be reevaluated depending on risk levels. What might be a reasonable process for safeguarding $1000 of bitcoin won't be the same for $1,000,000 of bitcoin or $1 billion. Procedures will likely also be different if the nature of the assets being stored changes because blockchain-based assets aren't all the same in terms of safe storage. This may sound like an obvious point but the value at stake in a securred system can quickly change so procedures should be upgradeable if possible.
Blockchain-Based, Non-Native Assets
Just because something is on a blockchain
doesn't mean it's valuable. Someone can upload an image of a cat onto Ethereum and try to market it for $5000 but if no one buys it they may very well have a loss on their hands and a worthless asset. The cat picture doesn't have inherent value because it's on a blockchain. This is different than the ether on the Ethereum blockchain (the native unit) because it does have value. But people can write arbitrary other bits of information or even computer programs. Computer programs running on Ethereum can be used to create new digital assets called tokens, and these tokens can be transferred between Ethereum addresses, but all of this is an abstraction layer that is above the level of the ether that is at the base of the system. Token security is a different issue than ether security. Tokens can be stolen without misplacing any keys if the computer program that brings the tokens into existence has a flaw or is hacked.
The digital assets on Ethereum can have no value (like a worthless cat picture), a static value (like a USD stablecoin, such as USDC, that is worth $1 USD), or an enormous value (like wrapped Bitcoin running on Ethereum as WBTC tokens). In most cases, the security of these second or third-order digital assets will be the same as the security of the Ethereum addresses that they're linked to but there's no complexity and additional risks. Understand the type of asset as part of assessing security and storage concerns.
There's No Pause Button
Since Ethereum and Bitcoin aren't networks run by a specific company, like say, Mastercard, there's no ability to stop or pause a transaction that might be problematic. Most of the time: there's no pause button. But some of the time, there actually is! Blockchain tokens may be managed through smart contracts that have a pause or revocation feature. A smart contract may have a kill switch.
Some digital assets may be stored on layer 2
systems that do have the ability to pause transactions, but relying on these companies/organizations/networks to pause their entire system in the event of a theft or mistake is not a wise idea. Don't assume that a feature that exists will actually be one that can be used. Usually these features are intended to deal with system-wide failures, not specific transactions.
Confirmation-Based Attacks
There's a special class of threat that affects transactions that were executed recently on-chain. These attacks rely on the probabilistic nature of recently appended blocks. The details of how these attacks work are complicated but the basic idea isn't. A recently confirmed transaction on a blockchain is susceptible to this attack and so special care needs to be paid to how recently executed transactions are treated. Most companies require a certain waiting period before considering a transaction final. This type of attack is a little bit like a very technical version of the classic scam that targets lawyers where a scammer sends a cheque then asks the lawyer to wire them money. The wire succeeds but the cheque fails because it's fake, and the lawyer is on the hook for the wire. It's always important to know how secure recent transactions are, and to know who the transactions are being conducted with.
This type of security is a matter of probability, which sounds incompatible with the strong promises of security of cryptocurrency, but it's actually an important part of how the high degree of security is achieved for older transactions. The main thing to know about this is that after a short period of time (minutes or maybe hours, depending on the blockchain network), the transactions will be impossible to reverse, but during the period around when they were conducted it's possible that a security issue could exist. Most of the time, this isn't an important source of risk. It's usually most relevant to cryptocurrency dealers/exchanges that may be targetted by complex attacks that involve deposits and withdrawals.
Assessing Thefts
At the level of a blockchain network like Bitcoin or Ethereum there's no difference between a theft and a legitimate transfer. They are both authorized transfers. It is up to people in the human world outside of the digital system to assess whether that transaction was right or wrong. There are many legal doctrines that might apply to this in order to know whether something is the sort of transfer that makes someone else accountable for it. For investigators, the nature of the transaction may be revealed by timing, amounts, destinations, extrinsic evidence, or more subtle patterns.
The above points apply to any business considering their own internal security because insiders can make their own pilfering appear to be the work of outside thieves. Proper procedures and supervision can minimize the risks from insiders.
Forged Transactions
An on-chain bitcoin transaction is essentially impossible to forge, but it's not hard to deceive someone into thinking that they have received bitcoin. For example, a fraudster might create a fake website that purports to show someone's balance of bitcoin as part of a scam that tricks them into thinking they bought bitcoin when really they were robbed. This is a common type of online scam, perpetrated by organized crime groups abroad. They may use fake trading apps or other means to deceive people into thinking that they still have their value, but in reality they were robbed the minute they sent the cryptocurrency/money abroad. Most people don't see this coming because they've heard that cryptocurrency is very secure. And it is, but the vast majority of people don't have the ability to assess this type of security or how they might be deceived.
Cryptographic security is great, it's important, and amazing, but since people are often unable to evaluate it, they rely on humans and this creates opportunities for loss. Always be wary of account statements vs. on-chain amounts.
In some cases, an account statement is all someone will have because they've used a third-party service like a cryptocurrency dealer. Watch out for fake dealers pretending to be real ones. Watch out for unscrupulous foreign-domiciled businesses that don't follow domestic rules around cryptocurrency dealing. Always look at the reputation, history, and regulation of a company before keeping large amounts of money or cryptocurrency with them. Provincial securities regulators publish lists of restricted dealers authorized to do business in their province. These aren't guarantees of security, but they're helpful for regular people because there's been many hoops jumped through by the dealers. Part of the logic of these regulatory systems is that the dealers are maintaining their own ledgers of who owns what within their internal systems and storing the cryptocurrency in a single place. Regulations help ensure that these internal ledgers align with what each person owns.
Sophisticated Thefts
The state of the art for thieves is to use Tor to hide their location on the Internet and use pool-based services to launder thefts by obscuring the trail. With professional thieves, recovery can be nearly impossible. This means it's extra important to guard against losses upfront, rather than expecting them to be recovered after the fact.
What To Do In Case Of Theft
The most frequent calls I get are from people who've been scammed by overseas criminals. They were tricked into sending cryptocurrency abroad to persons unknown. These cases don't get investigated by the police let alone result in prosecutions, and in almost every case the answer is that it won't be recovered.
In more interesting theft cases, there may be an insider who did it or a thief who can be identified. Often this is because they slipped up somewhere because although the perfect crime is possible, it's common that crooks make mistakes. These mistakes may result in them being identified. In some cases, the civil justice system may have remedies that can result in recovery, or attempted recovery from alleged (or proven!) thieves, such as in a case I worked on a couple years ago: https://www.canadianlawyermag.com/practice-areas/litigation/code-is-law-defence-to-be-tested-in-case-of-allegedly-stolen-crypto/365022. That case was lead by Ben Bathgate at McMillan, if you'd like to see the profile of the sort of litigator who pursues a case like this: https://ca.linkedin.com/in/benjamin-bathgate-19863a54. For important thefts, the civil litigation bar has answers (some of the time) but ideally, secure systems will be used and this won't ever be a question on your mind.
Conclusion
Security and safeguarding are complicated topics. They're a mix of law, technical security, process/procedure, and business model. Companies in this space should give careful thought to whether they'll be able to safeguard their own assets (or that of their customers) and if not, who/what they will use for storage.