Stepping Into the Void: Securing Your Cryptoassets
Jimmy Chin, one of the greatest high-altitude climbers of our generation, describes his risk calculus for taking the next step on the jagged edge of a mountain as “stepping into the void.” This measured risk acceptance—a necessary precondition to being a world-class climber—is one where life or death often hangs in the balance. And while investing in risk assets generally doesn’t involve life or death (one would hope), it will most certainly leave its participants richer or poorer. And it’s in that sense we believe the analogy holds: the crypto asset market is the financial equivalent to stepping into the void, with a multitude of investor blind spots and unchartered financial territories.
FIRST ASCENT
Enter the crypto arena. The market capitalization for cryptoassets has increased from $18 Billion at the end of 2016 to over $300 Billion as of late November 2017. Until recently, the capital inflows associated with this meteoric rise has been attributed almost entirely to individuals and non-institutional speculators/investors. The institutional investment community has largely remained sidelined due to all too frequent news concerning hacks, investor scams and other related horror stories of investors losing millions in the blink of an eye.
For many traditional asset managers, these binary security risks, coupled with entirely new mechanisms for storing and securing digital assets make investing in the crypto market analogous to stepping into the void. In reality, while there are some obvious risks associated with purchasing cryptocurrencies, there are actually a number of ways in which the storage and security of these assets is less risky than those of traditional asset classes such as debt and equity.
GONE WITH TRADITION
It follows that traditional funds (that invest in traditional assets) get to enjoy the comforts of traditional best practice. In other words, there are well-defined processes for funds that define asset custodial services, fund administration, and independent auditing standards. Traditional hedge funds also follow best practice with respect to data security and asset protection. Practitioners typically use enterprise and/or cloud services that follow established techniques for managing information security, such as ISO 17799 and ISO 27002. In the event of a security breach, there is typically a well-defined risk response plan as well as custodial protections for these assets. In the crypto arena, however, these best-practice pathways are still being forged. Unfortunately, most of these established processes for traditional assets do not translate well to managing and securing digital assets. To use the climbing analogy ad nauseum, this is tantamount to what climbers term first-ascent. In risk terms, the “crypto-sherpas” have to lay down the ropes.
The first departure from tradition is the fact that cryptocurrencies are stored in digital wallets. These wallets consist of public addresses that facilitate sending and receiving tokens, as well as private keys that are used to access tokens stored in that particular wallet. Digital wallets do not function like typical bank accounts, however. Bank accounts are symmetric: knowing the account number makes it very easy to send or receive money from that account. Cryptocurrency wallets are asymmetric, so knowing the public address allows others to send digital assets to your wallet, but does not make the wallet vulnerable to withdrawals. Sending money out of a wallet can only be done with access to the private key - a string of digits that unlocks a digital safe. This asymmetric structure can be considered more secure than with traditional funds. That said, the biggest risk in the storage of cryptoassets is the lack of effective recourse if the private key is compromised and security is breached. Once digital assets have been sent out of a wallet, there is no mechanism to recover them.
SECURITY IN A DIGITAL WORLD
The good news is, there are strategies for increasing protection of your private keys. For instance, diversifying across multiple wallet services reduces the fund’s exposure to potential software vulnerabilities for a particular wallet and further protects your fund’s cryptoasset investments. Additionally, there are different classifications of wallet types such as hot (online), multi-signature (multiple private keys) and cold (offline) storage that increase or decrease the level of wallet access depending on the user and need. These wallets are analogous to most cloud, enterprise or portable computer storage solutions, and can provide increased protection. It is important to note that most depend on software code that, if poorly written, are vulnerable to breaches similar to what happened in the Parity wallet hacks .
A second departure from traditional creature comforts, is that, unlike conventional securities, cryptocurrencies are still a highly evolving, highly unregulated asset. With little to no regulation comes a litany of potential concerns. Chief among them is how individual crypto tokens are distributed and what governing processes, if any, are followed by its founding members and core development team. Most ICOs retain a portion of their tokens out of circulation for the purpose of paying founders, offsetting development costs and building reserves under the guise of stabilizing anticipated volatility in their asset prices. This is another potential exposure for “hacks” or stolen cryptoassets such as the Tether incident earlier this month.
But perhaps the biggest barrier to institutional adoption of cryptocurrencies as a viable asset class is the lack of financial recourse for offsetting the risk of stolen, hacked or misreported funds. Institutional investors would like to move towards more traditional fund processes to better protect their assets from theft and misappropriation. This requires incorporating a custodial service for ensuring the protection and security of crypto asset value. New entrants to the crypto asset management space are attempting to provide these mechanisms. A recent example is Coinbase's new custodial service , who are experienced in exchanging and storing large amounts of cryptoassets.
At TruNorth, we continue to explore new ways of managing security risks specific to crypto markets. We’ve performed in-depth equivalency analysis between traditional and crypto investment processes which we use to inform our best practice protocols. TruNorth’s proprietary security process is aimed at providing institutional investors a measure of confidence as they enter a new financial paradigm.
TruNorth Crypto Asset Fund Advisors was formed in August 2017 to provide investors with diversified exposure to the emerging crypto asset class. Blockchain technology and the associated cryptographic token market is ushering in dramatic shifts in stakeholder value. The primary focus of TruNorth is to capitalize on these investment opportunities through composite positions in major cryptocurrencies as well as technical event-based plays in ICOs and smaller altcoins. The fund will be positioned to capitalize on the paradigm shift towards a global decentralized digital exchange network.
By: Shane Ouchi , Tim O’Connell
at TruNorth Crypto Asset Fund Advisors