Market Situation
The year 2022 will go down in history as a time of chaos for everyone. The economic downturn and the collapse of digital asset giants have dealt a blow to the industry, customers, practitioners, and the world. The Terra and FTX incidents caused people to lose their entire retirement savings and made it difficult to withdraw their funds when the lenders went bankrupt. As a result, the public is questioning the trust and transparency of digital asset service providers. Self-custodial wallets are being proposed to retail and institutional investors to safeguard their funds. In this blog, we will explore the risks and opportunities associated with adopting different self-custodial wallets, as well as suggest alternative strategies to tackle these risks.
Conventional Three Options
There are three common options for you to host your wallet infrastructure by yourself: Hot, Cold and Warm. We are going to discuss the nature, pros, and cons of each option.
Hot Wallets
Hot wallets have been the preferred option for setting up a wallet due to their long history. Since the start of the Bitcoin revolution, setting up a hot wallet has been the easiest way: create a pair of signing keys, install a Bitcoin daemon, sign the first transaction, and broadcast it to the Bitcoin network. The key is always in the daemon, making it easy to sign a transaction. Hot wallets highlight the characteristics of Blockchain technology: fast, cryptographically safe, and immutable. They are suitable for major Centralized Exchanges (CEXs) to accept clients' deposits since they are easy to prepare and maintain. However, it is concerning that the private key, used for signing, is exposed to the internet, making it a valuable target for cyberattacks.
Cold Wallets
To fill the gap left by hot wallets, the first hardware-based cold wallet was released in 2014. A hardware security module (HSM) is embedded in the hardware wallet. Signing only appears when the cold wallet is connected to the system and the private key does not leave the HSM. It improves the security of the wallet infrastructure, but the drawback is obvious. Every transaction requires human interaction, which means it is not suitable for frequent trading. Instead, it is for keeping long-term funds safe.
Warm Wallets
A warm wallet combines the features of a hot wallet and a cold wallet. It connects to the internet to sign transactions but requires human interaction for approval, providing the benefits of both types of wallets: immediate transaction processing and additional security measures. However, this approach also has some limitations. The need for human approval can slow down frequent transactions, and there is a higher risk of human error with every transaction that requires manual confirmation.
Detailed explanations on the above three wallets can be found in the Fireblocks Academy.
A Risk Review
Technology Risk
Digital asset wallets are inherently vulnerable to technology risks, as they rely on technology infrastructure. Hot wallet vulnerabilities have resulted in numerous security incidents in recent years, and once a key is stolen, the fund is gone. Common threats in the digital asset industry include improper access control, inefficient vulnerability management, insecure Application Program Interfaces (APIs), and exposed encryption keys. The following risk scenarios are particularly noteworthy:
- Poor API security can lead to account abuse and takeover by hackers.
- Improper access control for internal employees and external contractors can lead to encryption key compromise.
- Hackers may attempt phishing attacks on self-custodial cold wallet holders to sign and transfer NFTs.
- Unpatched security vulnerabilities in software wallets can lead to compromise.
Security controls like proper key management, strict access control measures, and regular security audits are necessary.
Operational Risk
Operational risks are often overlooked in the fintech industry, where technology risks and financial risks tend to receive more attention. Human operations can increase the risk of insider fraud, improper physical protection of private keys, business continuity issues, and human error. For instance,
- In some cases, the wallet key is solely managed by the CEO, which can create accessibility issues if the CEO passes away.
- Exit scams can occur when insiders steal customer funds from wallets.
- Customers may be unable to access their funds due to liquidation when a CEX collapses, and digital asset lenders exit.
- Legacy succession planning is becoming an increasing concern.
To mitigate these risks, it is important for companies to have robust security policies and procedures in place, as well as contingency plans for various scenarios.
Compliance Risk
Regulatory scrutiny in this industry is increasing, following recent hacks and collapses. Companies that provide digital asset solutions must comply with various regulations, including anti-money laundering, counter-terrorist financing, and tax reporting. Financial regulators are now enforcing compliance more strictly and imposing significant penalties and fines. This has raised concerns about risk in the digital asset industry. Here are some examples of risk scenarios to consider:
- Digital asset wallets are used by drug traffickers and cybercriminals for money laundering
- Lack of sufficient internal controls makes it difficult to obtain insurance policies
- Tracing illicit funds is becoming more challenging with the emergence of new Decentralized Finance (DeFi) protocols, such as cross-chain bridges
- Failure to comply with tax reporting requirements can result in substantial fines
Emerging Alternatives
As the risks increase and the market faces inevitable downturns, digital asset holders are becoming more cautious about risk management. Although better risk management and controls are necessary, they come with increased costs, making it harder for executives to invest further in self-custodial wallets. As a result, alternative solutions provided by qualified custodians are now becoming popular. We categorize these emerging solutions into two categories: managed hot/warm wallets and managed cold vaults.
Managed Hot/Warm Wallet
Qualified custodians operate managed hot/warm wallet solutions, licensed by financial regulators. These solutions come with additional controls to safeguard private keys and can approve high-frequency, low-risk transactions with predefined patterns while maintaining air-gapped human controls over infrequent, risky transactions. This hybrid approach provides greater velocity than a self-custodial warm wallet while maintaining transaction security and integrity.
Qualified custodians have dedicated teams that provide customer support and advisory services while keeping up with pre-agreed service level agreements (SLAs). These solutions comply with regional and local regulations, with all transactions screened to avoid money laundering and terrorist financing. Qualified custodians offer several add-on services such as auto-rebalancing clients’ funds, off-exchange settlement services, and tax reporting.
Managed Cold Vault
Safeguarding the signing device is the biggest challenge for a cold wallet, so qualified custodians are equipped with dedicated teams to approve transactions in an isolated, secure location with advanced physical controls. Cold wallet operations are monitored 24x7 by security teams and staffed with professionals around the world to ensure business continuity in case of equipment issues or geopolitical unrest. Qualified custodians with multiple teams worldwide can operate in different time zones and commit to attractive service level agreements.
Conclusion
While self-custodial wallets provide more control for companies to manage their funds, alternative solutions such as managed hot/warm wallets and cold vaults, provided by qualified custodians, offer additional benefits. As the popular proverb in "Don Quixote" reads, "Do not put all your eggs in one basket." Risk diversification is key.
Our general recommendations for wallet management are as follows:
- Work with qualified custodians to design the best architecture for your wallets.
- Put your operational funds into a managed wallet or vault.
- Secure your customer funds in third-party wallets for better transparency.
- Maintain your emergency funds in a self-custodial wallet.
Written by: Thomas Kung