If your company owns or manages blockchain assets, you must be acutely aware that (since its inception in 2009) the blockchain space has been plagued with many losses of highly valuable assets to hackers, accidents, rogue employees or, even worse, kidnappers and sudden death.
Time has shown that efficiently securing blockchain assets can be challenging even for large companies with plenty of resources.
At Knabu, we strive to help our customers and community mitigate the many risks associated with the self-custody of blockchain assets. So we put together a multifaceted strategy based on people & processes, technology, and 3rd party services. In this first of a five part series, we will begin with the foundation of building resilience for any company: reducing single points of failure.
People & Processes
Typical segregation of duties and basic internal controls are essential and should be implemented as early as possible in the life of a company.
Securing blockchain assets begins with mapping out which, when and how key people in your company should interact with your assets.
REDUCE SINGLE POINTS OF FAILURE - PT I
The tragic story of Canadian Bitcoin exchange QuadrigaCX illustrates just how vulnerable businesses can become when they rely too much on a single individual. As the founder and CEO of QuadrigaCX, Gerald Cotten was the sole director of the company. He was also the only person in charge of managing the majority of the company’s blockchain assets including those entrusted by its users. Upon Cotten’s sudden and unexpected death, in December 2018, the Canadian exchange abruptly lost access to most of its assets and the users of QuadrigaCX lost about $190 million.
The company made two catastrophic mistakes:
QuadrigaCX late CEO Gerald Cotten - Photo: Stephen Hui
The first lesson is a simple yet essential one: no growing business wishing to build resilience in its foundation should ever rely on a single individual to manage most of its assets.
IDENTIFY TWO OR THREE, AT THE VERY LEAST, KEY MANAGEMENT INDIVIDUALS WHO WILL SHARE THE RESPONSIBILITY OF CO- MANAGING YOUR COMPANY’S ASSETS.
REDUCE SINGLE POINTS OF FAILURE - PT II
According to a 2019 report by Ernst & Young, QuadrigaCX’s appointed auditor, there appears to have been no segregation of assets between the company’s funds and user funds. Funds received from and held by the company on behalf of its users appear to have been used by Quadriga for a number of purposes other than to fund user withdrawals.
It should be quite obvious why any company managing assets on behalf of its customers should never commingle funds. Moreover, any responsible blockchain company should split its own assets amongst several wallets.
How many wallets?
This depends on the needs and circumstances of your business. At first, consider splitting your company’s assets in two separate wallets, at the very least. One to finance daily operations and the other to secure the majority of your assets.
Note that your setup will most likely evolve with the size and needs of your business, so you should regularly review it and be flexible to adding more wallets to further segregate your assets when need be.
James Howells, who accidentally lost 7,500 bitcoin one day in mid-2013 when his wife accidentally threw away the only hard drive holding a copy of his one and only wallet - Photo: The Independent
MAKE USE OF MORE THAN ONE WALLET. DECIDE HOW MANY YOUR BUSINESS SHOULD USE AND WHO AMONGST YOUR KEYS PERSONNEL WILL BE CO-MANAGING THEM.
To be continued...
Next week, we will be discussing two strategies to better mitigate risks of digital theft.
Can't wait for next week? Subscribe to our newsletter and we'll send you our FREE GUIDE: 10 TIPS TO BETTER SECURE BLOCKCHAIN ASSETS
We just sent you an email. Please click the link in the email to confirm your subscription!