Crypto Currency Security from the Frontlines Hedge Funds, Nation - - PowerPoint PPT Presentation

▶

Oct 15, 2023 170 likes •292 views

Crypto Currency Security from the Frontlines Hedge Funds, Nation State Threats & T echnical Security Approaches Adam Healy, CISO State of Crypto Asset Security 2016 Market Capitalization NASDAQ 1 ~$7.8 trillion London Stock Exchange 1

SLIDE 1

Crypto Currency Security from the Frontlines

Hedge Funds, Nation State Threats & T echnical Security Approaches Adam Healy, CISO

SLIDE 2

State of Crypto Asset Security

SLIDE 3

Who cares? It’s just crypto.

Sources: 1) caproasia.com 2) coinmarketcap.com

2016 Market Capitalization

NASDAQ1 ~$7.8 trillion London Stock Exchange1 ~$3.5 trillion Crypto2 ~$11.8 billion

SLIDE 4

Who cares? It’s just crypto. 2 Year Growth

19% 28% 1772%

Sources: 1) caproasia.com 2) coinmarketcap.com

2018 Market Capitalization

NASDAQ1 ~$10 trillion LSE1 ~$4.15 trillion Crypto2 ~$221 billion

SLIDE 5

Root Cause Estimate

Source: https://magoo.github.io/Blockchain-Graveyard/

SLIDE 6

Current Threats

Malware Social Engineering Spear Phishing Compromised Code Repos Physical Threats Insider Threat Covert Surveillance Radio Frequency Attacks Other Sophisticated Attacks

SLIDE 7

Common Storage Approaches

Self Custody

Geographically Distributed or Centralized
Cold or Hot

3rd Party Key Management

Multi-signature or Single
Coin Support (maybe)
Cold or Hot

3rd Party Custody

Trust
Coin Support (maybe)
Cold or Hot
Multi-signature or Single

SLIDE 8

Enterprise Best Practices

Air-gapped (“cold”) storage Insider threat controls Certified and whitelisted software No comingling of client assets All private key

perations conducted

in faraday enclosures Internal and 3rd party code review Redundant operations facilities with 24x7 security Internal, external & physical penetration tests Private keys never exposed Audited key generation process Audited backup and recovery process Emergency key rotation plan

1 2 3 4 5 6 7 8 9 10 11 12

SLIDE 9

Standards Alignment Industry-wide standardization remains immature. One of the most the commonly referenced standards, CCSS, was last updated in 2016 and is largely Bitcoin centric. ISO NIST SOC 2 ICD CCSS WebTrust

SLIDE 10

Emerging Trends Multi-party Computation Hardware Security Module Software Guard Extensions Secure Enclaves Regulatory Direction Managed Due Diligence & Vendor Management

SLIDE 11

Q&A

SLIDE 12

Crypto Currency Security from the Frontlines Hedge Funds, Nation - - PowerPoint PPT Presentation

Crypto Currency Security from the Frontlines

Hedge Funds, Nation State Threats & T echnical Security Approaches Adam Healy, CISO

State of Crypto Asset Security

Who cares? It’s just crypto.

2016 Market Capitalization

NASDAQ1 ~$7.8 trillion London Stock Exchange1 ~$3.5 trillion Crypto2 ~$11.8 billion

Who cares? It’s just crypto. 2 Year Growth

19% 28% 1772%

2018 Market Capitalization

NASDAQ1 ~$10 trillion LSE1 ~$4.15 trillion Crypto2 ~$221 billion

Root Cause Estimate

Current Threats

Malware Social Engineering Spear Phishing Compromised Code Repos Physical Threats Insider Threat Covert Surveillance Radio Frequency Attacks Other Sophisticated Attacks

Common Storage Approaches

Self Custody

3rd Party Key Management

3rd Party Custody

Enterprise Best Practices

Air-gapped (“cold”) storage Insider threat controls Certified and whitelisted software No comingling of client assets All private key

in faraday enclosures Internal and 3rd party code review Redundant operations facilities with 24x7 security Internal, external & physical penetration tests Private keys never exposed Audited key generation process Audited backup and recovery process Emergency key rotation plan

Standards Alignment Industry-wide standardization remains immature. One of the most the commonly referenced standards, CCSS, was last updated in 2016 and is largely Bitcoin centric. ISO NIST SOC 2 ICD CCSS WebTrust

Emerging Trends Multi-party Computation Hardware Security Module Software Guard Extensions Secure Enclaves Regulatory Direction Managed Due Diligence & Vendor Management

Q&A

Thank You

For more information contact us at: info@digitalassetcustody.com