Much of the current discussion around blockchain is geared towards security and integrity – if you believe the hype, there is no more secure environment for financial data than within a distributed ledger environment built on a blockchain infrastructure.
While the blockchain presents an incredible opportunity for financial institutions, one can’t overstate the fact that there are still security concerns that must be observed. Given the degree to which blockchain relies on the use of private keys, the authorization tools used to validate title to cryptocurrency and tokens, users must take measure to protect those keys, usually using multi-signature protocols and/or cold wallets. However, those tools are sometimes insufficient.
Multi-signature protections are considered high level security, as they require multiple private keys to validate transactions. However, the storage of that number of keys offer a key vulnerability. No matter the number of keys to assure multi-factor authentication, if all the keys are stored on a single server, and that server is compromised, all the keys can be stolen. This invalidates the step of having multiple keys in the first place.
Cold wallets get their name from the fact that they are disconnected from the internet, on physical pieces of paper, as opposed to ‘hot wallets’ that are stored online. While obviously impervious to external hacking, these pose internal threats, not to mention the simple threat of losing the key or exposure to the elements.
While the clear solution would seem to be to use both, not all blockchain environments are Multi-signature friendly, including environments built on Ethereum, which uses Smart Contracts that have experienced bugs that have led to digital theft in the past.
It’s vital for anyone investing and using blockchain to invest in key management practices, but that alone isn’t enough. Take the time to examine system architecture and operations of various blockchain environments used by different crypto providers. Risk analysis and security precautions are still key – blockchain is an excellent environment for financial transactions, but are not an excuse to forego due diligence.
To learn more, check out NRI’s recent whitepaper, On the front lines of blockchain security.