Building Trust in Cryptocurrency Exchanges
Blockchain, the technology that underpins crypto currencies and initial coin offerings, was designed to “create trust” through its inherent properties of immutability, consensus, non-repudiation and encryption. However, the general perception of blockchain and crypto assets may be less favourable due to recent “breach of trust” issues. Hacking events such as Mt. Gox, the Bitconnect Coin (BCC) scam and crypto related money laundering legal proceedings have adversely impacted investors’ trust in the crypto ecosystem. Financial institutions provide a degree of trust regarding safety of assets held but does a crypto exchange do the same? Let us find out.
Transaction Monitoring
An effective cybersecurity program is essential to prevent and detect external attacks from malicious hackers. A means by which discrepancies in cyber security can be detected is a technique known as “Transaction Monitoring” where the transactions recorded at crypto wallet collectibles are reconciled against the cryptocurrency exchange balances as well as the transactions recorded on the blockchain public ledger. In theory, the transactions recorded on the crypto exchange must equal the transactions recorded in related wallets as well as on the blockchain ledger. Discrepancies might indicate unauthorized access to the exchange’s wallet which may lead to potentially malicious transactions.
Key Management
It has been incorrectly stated that multiple incidents of stakeholders losing their crypto assets are related to deficiencies in blockchain technology. In reality, losses are more likely to have resulted from vulnerabilities within the software used to manage/store digital currencies (i.e., exchange soft wallets) or to fraud originating from unauthorized access to the private keys. As a result, a crypto exchange’s trust relies on proper private key management and procedures surrounding access management to ensure safe crypto storage. Crypto exchanges need to ensure the confidentiality, integrity and availability of the operational private keys. Suitable solutions need to be developed in this regard, e.g., secure key storage/escrow, fully managed services etc.
Due Diligence
Even though most crypto exchanges implement various degrees of KYC/AML procedures, it is perceived that greater due diligence can be performed around source of wealth/funds when conducting on-boarding procedures. In this regard, “Proof of Origin” procedures can be implemented where, for each provided wallet address, all crypto transactions are verified for consistency with evidence in the form of cash transfer/bank wire confirmation, account information, loan agreements or similar documents from banks, exchanges, brokers. Custodians etc. Since the impact of a crypto exchange being associated with money laundering may have far-reaching consequences, adequate due diligence is required to manage and mitigate reputation risk.
Regulatory Impacts
In recent times, government agencies are introducing new regulatory frameworks for use of distributed ledger technology/blockchain networks. The primary aim is to protect consumers by setting standards and rules to ensure that objectives of the underlying technologies are met. From a crypto exchange perspective, inadequate or lack of internal controls is usually a common factor behind compromised exchanges, crypto fraud and money laundering. Regulatory compliance in isolation is generally deemed insufficient and a robust corporate governance regime is fundamental in addressing the difficult and complex issues around investor protection and trust.
Conclusion
Since trust is the most valuable asset required to build investor confidence in crypto assets and exchanges, the controls and procedures described above look to develop that trust and build the reputation of the crypto ecosystem. Crypto exchanges need to develop the necessary capabilities to manage risk within a robust governance framework and while complying with regulatory requirements. This would take time to build and implement; however, it’s worth remembering that trust takes a long time to build but it takes a much shorter time to get destroyed! Hence, a long-term view with regard to crypto exchange trust is required.