Cryptocurrencies are built on blockchain technology, which still promises much thanks to its ‘distributed ledger’ technology. Blockchain is a process to manage transactions that require security and authentication, such as contracts and other agreements, with less risk of data breaches.
A blockchain primer
Blockchains are ‘ledgers ‘ that record transactions digitally. The trick is that they are distributed: shared between multiple computers or ‘nodes’. Every node has a copy of the ledger file. These may be financial transactions, such as a payment or funds transfer, or other transactions, such as a signature or amendment to a contract.
Every ‘page’ in the digital ledger is a separate ‘block’. When a transaction is made, the nodes use an algorithm to verify the block’s history. If a majority of the nodes confirm that the history and signature are valid, it is added to the ‘chain’ of transactions, forming a ‘blockchain’.
Security is managed by the digital signatures or ‘keys’ attached to the block. These guarantee the identity of the parties to every transaction and are kept in a digital ‘wallet’.
Every wallet has two keys: one private, one public. Nodes use an algorithm to see if they match; if they do, the transaction can be authenticated.
If a user sends a message (for example, making a purchase or signing a contract) it will typically be encrypted with their wallet’s private key. This identifies the transmitter. Every node passes through the private key attached to the message against the public key attached to the wallet to see if they match. If they do, the transaction is authenticated.
Alternatively, a user might send a message encrypted with the recipient’s public key. Only the recipient has the private key, so only they can authenticate the message and view its contents.
On the face of it, this makes blockchain and cryptocurrencies highly secure. Security breaches can arise, however, when private keys are compromised or lost.
This was the case in Canada, where in 2018 the owner of a cryptocurrency exchange dies (though suspensions are rising about a criminal conspiracy). No one has been able to access the exchange’s private keys . It’s estimated that around C $ 250 million (roughly US $ 190 million) in Cryptocurrency is held in the exchange, with owners unable to access their funds.
In New Zealand, we have recently seen the exchange is closed down – except that in this case, the funds are transferred out. The most likely explanation is that criminals gained access to the servers holding the exchange’s private keys. They were then able to download the keys to their own machines and wipe the servers, leaving the exchange unable to access their wallets.
Change is coming
These problems – and others like them – will probably give rise to better regulation of exchanges. With the amount of cryptocurrency stolen in 2018, the industry is ready to improve its security.
Specifically, the Financial Action Task Force (FATF) , which is made up of 38 member nations, is taking action. New anti-money laundering and combating the financing of terrorism (AML / CFT) regulations will come into force in Q3 2019, requiring cryptocurrency exchanges and wallet providers to implement strict know-your-customer (KYC) checks. Countries that do not comply will risk being put on a blacklist.
This will make it harder for criminals to launder cryptocurrency, but of course no solution is foolproof. More broadly, with blockchain’s strengths and vulnerabilities, just as it has with credit cards, e-commerce and other new technologies.
Blockchain for business?
Some businesses have jumped early into blockchain, while others have been more circumspect. Certainly the legal profession, for example, because of great potential in using blockchain to manage all sorts of legal transactions involving contracts and exchange. Also, it promises much in terms of secure communications and information sharing.
Should your business be considering blockchain and, if so, how will it be managed and implemented?
As always, effective board governance is the key to success. It’s vital that all board members gain at least a layman’s understanding of the technology and its capabilities. We have seen that interest in cryptocurrencies is waning and, in time, they may not prove to blockchain’s ‘killer app’.
If your business deals with private or sensitive data, blockchain potentially has much to offer. It would not be possible to improve operations, profits or both by helping prevent breaches and regulatory compliance.
The future for blockchain is – most likely – bright, although there are definitely some challenges to overcome. We’ll keep you updated as it evolves and matures. Until then, we recommend your CIO keeps on the technology and updates the board when and as needed.
September 7, 2020
Avoiding Cyber Confusion in the Board Room
It is imperative that Directors understand the cyber risks facing their companies and organisations. The increasingly complex internal and external landscape presents unique challenges for Boards. Several key steps can however significantly increase the cyber resilience of any company or organisation, irrespective of size. The article outlines five key steps…
August 20, 2020
Minimising the Risk of Virtual Meetings: 5 Practices Boards Should Avoid
Months into the COVID-19 lockdown, remote workers—and board members—have become more accustomed to virtual meetings. They’ve found a quiet place in the house, mastered the mute and camera buttons, and fully styled their background bookcases and “Zoom couture.” Yet as virtual work becomes a way of life, not all adaptive…
February 20, 2020
Risk Oversight and the Board of Directors
Because of cyber risk’s high impact and unpredictability, board directors must have at least a passing familiarity with it and other emerging risks. It’s a challenge; technology is always changing, and even tech-savvy leaders can find it difficult to keep up with the latest developments. Modern board directors need information…