Today’s digital transformation lets us turn any car into a taxicab and any house into a hotel. Likewise, it creates boundless opportunities for agile companies and startups alike to build new offerings for customers and improve operating efficiencies. But what are the risks when traditional money transforms into digital cryptocurrencies?
Individuals and businesses are using cryptocurrencies like Bitcoin—with a current market capitalization of over $2.37T—and hundreds of other digital currencies for money transfers, payment systems, raising capital to support business growth, and as hybrid securities for investing. As each of us is likely to be affected either directly or indirectly by cryptocurrencies, now is a good time to understand them and their cyber security risks.
As cryptocurrencies grow in usage and in number, they have also reshaped trends in cybercrime. To understand the risks, it helps to understand how each element that makes up a cryptocurrency can be a potential target for cybercrimes.
Is Malware in the Money?
A cryptocurrency is built on a digital ledger called a blockchain that contains public addresses. Each public address stores users’ balances of cryptocurrency units, for example 2.0003 BTC (Bitcoins). You can think of a public address as a transparent safe that lets everyone see how much money it contains, but not who owns or interacts with the money. To move money out of a safe, you need the safe’s private key. When you “own some bitcoin,” you actually own a private key to a public address that contains a record of your balance of bitcoins. Making a transaction means changing the cryptocurrency balances of those involved in the transaction and recording all changes in the blockchain ledger.
You call a cryptocurrency unit the name its issuer gives it such as a bitcoin issued by Bitcoin. More generally we refer to a cryptocurrency unit as a token or an altcoin (alternative to bitcoin). Tokens can either be intrinsic or asset based. Intrinsic tokens contain their own value like dollars or euros. In contrast, asset-based tokens have a claim on an asset such as a business. Security Tokens are asset based tokens which provide many of the same benefits and regulatory safeguards as traditional securities such as stocks and bonds.2 In addition, some issuers like Bitcoin simply provide tokens, while other issuers such as Ethereum provide tokens and “smart contracts” that are executable applications optimized to run on a distributed peer-to-peer blockchain computer network.
As tokens are virtual numbers entered in a blockchain and are not entities independent of a blockchain, users don’t send tokens to other users’ wallets. Tokens are not in a form that can be compromised to infect their owners’ computing devices. Blockchain technology that underlies cryptocurrencies is a different story however.