Cybersecurity

Yan Huard

Yan Huard is chief of information security at Croesus, a Montreal-based information technology (IT) firm that offers sophisticated wealth-management solutions to financial services institutions across North America.

As advisors are being asked about bitcoin increasingly, caution needs to be the watchword

By Yan Huard |

Who could have ever imagined, even a few years ago, that money would become virtual? Not so long ago, we could have thought that credit cards represented the end of currency evolution, but that was before the emergence of bitcoin.

For those who haven't been paying attention, bitcoin is a digital currency that's managed through a decentralized platform using a distributed ledger system called the blockchain. The ledger is maintained by independent "miners," who get compensated in bitcoins, for each "block" of transactions they compile in the blockchain.

Despite bitcoin's recent surge in popularity, its origin remains a mystery. Satoshi Nakamoto, a pseudonym for its creator (or group of creators), founded the crypto-currency in 2007. The first bitcoin transaction was concluded between Nakamoto and Hal Finney, a developer and activist, in mid-January 2009. By September of that same year, more than 15.8 million bitcoins had been issued.

The blockchain itself is remarkably secure in many respects because anyone can consult it openly — although accountholders' individual identities remain secret. Financial players have quickly realized the potential benefits of this technology in the clearing of payments, and much of the financial services sector is currently forming alliances to imitate the capability.

Clients are increasingly asking their financial advisors about bitcoin and interest in the crypto-currency is still strong despite continued bad press. Recently, one bitcoin was issued at a market value of US$700 range, which is up by almost 225% from US$300 12 months earlier. The currency's market capitalization hit the US$11-billion range at the end of October.

Let's face it, advisors have little or no incentive to discuss bitcoin with their clients. The federal government's "know-your-client, anti-money laundering" philosophy makes it almost impossible to take a currency seriously that, to this day, remains shrouded in secrecy. Furthermore, advisors have few incentives to encourage clients to distribute their assets among several custodians.

Although I'm not an advisor, I'm also constantly being asked about bitcoin, particularly from a security standpoint. So, it makes sense to address some of the key issues advisors face from a cybersecurity perspective, as investors might be tempted to spend their investment budget on this asset instead of in traditional investment products, such as mutual funds.

Although bitcoin is built around the three pillars of information security — confidentiality, integrity and availability, also referred to as the CIA triad — the crypto-currency faces various risks related indirectly to its architecture, including:

1. Anonymity
Bitcoin's intrinsic anonymity makes it an ideal tool for criminals. This has tarnished the crypto-currency's reputation along with that of its users. Furthermore, that anonymity has in many ways been exaggerated because confidentiality is sacrificed when users cash out of the virtual world at bitcoin exchanges where governments require identification to prevent money laundering.

2. Information technology infrastructure dependence
Although bitcoin's core methodologies are hardened against distributed denial-of-service (DDoS) attacks, many of the websites and services that deal in bitcoin aren't. This makes them subject to theft. At the endpoints, bitcoin is stored in digital wallets that can also be targeted by malware. Furthermore, once a bitcoin transaction is approved, it's permanent. Transactions cannot be reversed, even in the case of theft.

3. Compensation vulnerabilities
When a bitcoin transaction occurs, it's subject to delays similar to what takes place when you use a credit card to make a payment. As transactions are usually done online, attackers could conceivably double the "spend" by sending two conflicting transactions into the network. If the merchant doesn't wait for a confirmation for the first transaction, the second will go through.

There are ways to alleviate some bitcoin-related risks. These include making sure that bitcoin wallets are encrypted and safe, and not storing large amounts in the cloud. However, the ultimate for security purposes would require some government regulation. This is out of the question for now.

4. Counterparty risk
There are risks associated with bitcoin exchanges, which are the counterparties in converting the currency to and from cash. Dangers came to light in 2013 when the world's largest bitcoin exchange, Mt. Gox, filed for bankruptcy. Such risks continue to persist, and can be readily seen in the fact major bitcoin exchanges don't answer the phone; reveal ownership information; or speak to the media. Put simply: it's difficult to trust the person you're doing business with, if you don't know who that person is.

Overall, bitcoin shows considerable promise, but we're not there yet. For now, tell clients interested in getting in the bitcoin game to remember the old adage — buyer beware.
 

Related Content