74
When more and more people begin to hold large amounts of virtual assets and expect their appreciation to bring in more wealth, ensuring the security of their virtual assets becomes a top priority. The security of virtual assets depends not only on the way their private keys are kept but also on network security.
Loss of assets due to loss of private keys
Although encryption technology has enriched the way people keep virtual assets on their own instead of using intermediaries to manage or store their assets, it does not mean that everyone can keep their virtual assets safe because self-custody is far more complicated and riskier than one might think.
Self-custody refers to the act of manually keeping the private keys or mnemonic phrases by the account holder him/herself. Often, users store their handwritten private keys or mnemonic phrases on paper or in a computer file for their convenience. However, both increase the vulnerability against theft or cyber-attacks. In some cases, users might be able to memorize the private key or mnemonic phrases by heart. Nonetheless, a slight mix-up in the order or even loss of the private key or mnemonic phrase could result in assets being unable to be retrieved.
According to Chainalysis, a blockchain data platform, nearly 4 million Bitcoins are currently frozen, which is worth more than USD 200 billion. The core reason for the freeze is that most of the private keys were lost, causing these Bitcoins unrecoverable and no longer in circulation.
Frequent cyber security threats
In order to avoid remembering such private keys and mnemonic phrases, most users choose not to withdraw their virtual assets to their personal wallets after trading on centralized exchanges but leave them directly on the exchanges instead. It is noteworthy that major exchanges are the main targets of hacker attacks.
Due to the vulnerability in exchanges’ networks and inadequate security monitoring, serious hacks occur almost every few months, and each time tens of millions or even hundreds of millions of US dollars were involved.
- In 2014, USD 450 million worth of virtual assets were stolen from MT.Gox exchange.
- In 2018, USD 534 million worth of virtual assets were stolen from Coincheck exchange.
- In 2018, BitGrail exchange was hacked and lost USD 170 million.
- In 2020, KUCOIN exchange was hacked by suspected North Korean hackers and over USD 285 million were stolen.
- In 2021, Bitmart was hacked and nearly USD 200 million were lost.
Unfortunately, since most exchange platforms are not regulated, there is no guarantee that customers could be compensated for their losses. (Source: BBC News?Yahoo News)
Professional custodial service providers
More virtual assets investors, especially high net worth individuals as well as institutional investors, are now choosing to have their assets safe kept by professional virtual asset custodial providers. By leveraging their expertise and advantages in security technology, they can obtain vault-level security protection. We will take Huobi Trust as an example to analyze how professional custodians in the industry protect the assets of their clients in terms of private key custody and network security.
Combination of hot and cold wallets and multi-signature
Huobi Trust adopts a combination of hot and cold wallets and multi-signature for private key management.
As a hardware device that is isolated from the Internet, cold wallets correspond to a unique account that is only used for storing transaction signatures and cannot complete transaction functions independently. Hot wallets are used for transactions and broadcasting transaction records, as well as monitoring account information. Encrypted communication is used between hot and cold wallets to complete the addition and update of currencies, as well as the withdrawal and deposit of assets.
By multi-signature mechanism, transactions require signatures from multiple accounts to be executed which then mitigates the risk of transferring and holding assets in a single position, and at the same time improves the security and recognition of each transaction. In addition, Huobi Trust’s cold wallet has the characteristics of co-linkage. Even if a cold wallet is damaged, it will be automatically transferred to another device to avoid unretrievable assets due to a damaged cold wallet.
Rigorous and complete security testing
Huobi Trust’s security team regularly conducts vulnerability testing by simulating techniques of real hackers to evaluate in-depth the possible impacts and responses of such vulnerability and continuously upgrades the security protection of the system. Through rigorous testing, Huobi Trust can promptly identify the security risks in the current system and evaluate the effectiveness of the defense mechanism.
For customers, the choice of the appropriate virtual asset custody method depends on the size of the asset holdings and the level of demand for technical support and risk management processes. However, from the perspectives of security and professionalism, professional virtual asset custodians no doubt can offer clients a more secure virtual asset custody experience.
