A young and evolving sector, the lack of actuarial data supporting the cryptocurrency market makes it difficult to accurately predict the risks it carries. This is especially true of the ever-changing cyber risk within the crypto field, which poses a real threat to those investing and operating in crypto markets. With a growing appetite for crypto assets, demand for adequate protection for this investment has soared. And yet the need for crypto insurance coverage far outweighs capacity in the market.
You can find a complete glossary of all cryptocurrency terms discussed at the bottom of this article.
What Is Cryptocurrency?
Cryptocurrency is any form of currency that only exists in digital form, and that uses a decentralized system to record transactions and manage the issuance of new units. It relies on cryptography to prevent counterfeiting and fraudulent transactions.
Cryptocurrencies are issued upon distributed ledger technology called a blockchain. In simple terms, a blockchain can be described as a shared database that tracks, records, and stores data about assets. The blockchain system underlying Bitcoin, for example, records and stores transactions involving Bitcoin, and thus provides an overview of the transactions that occurred on its system. The shared database is visible to anyone and cannot be audited by a single party. When new transactions on the blockchain system are executed, they are added to the “chain” in what is known as “blocks”, hence the origin of the technology’s name.
Unlike fiat money (currency issued by a government or central authority such as the Bank of England), like the Dollar, Euro and Sterling, cryptocurrencies are typically created on decentralized networks. This means that their value is not backed by the creditworthiness of the central banks, which are able to simply print more following exchange rates or government demands; cryptocurrencies are created in accordance with a pre-defined protocol.
The Cyber Risk in Cryptocurrency
The lack of monitoring of cryptocurrencies makes this financial market a safe haven for cybercriminals who want cash to reach their accounts quickly and from all parts of the world. Since opening digital wallets (in which cryptocurrency is stored) does not require formal identification documentation, malicious actors can hide behind pseudonyms and remain harder to trace. Due to its growing value, cryptocurrency itself is a very appealing target for cybercriminals. Let’s uncover some of the key cyber threats that cyber insurance specialists are aiming to tackle right now:
1. Smart Contract Hacks
The execution of transactions involving crypto-assets can be done using smart contracts. A smart contract is basically a code-based agreement that is self-executed once predetermined conditions are met.
Let’s say, for example, that the Cyber Insurance Academy decides to issue a new currency, the Academycoin, priced at one Bitcoin for two Academy Coins. A smart contract can be set up so that if someone transfers one Bitcoin to a specific address listed in the contract, computers will automatically verify the transaction and the payer will receive two Academycoins.
Hackers can exploit vulnerabilities in these contracts in order to override the instructions set in them and divert funds to their own digital wallets. Cyber attackers did exactly this in August 2021, stealing over $600 million in cryptocurrency from a company called Poly Network. Although the attacker eventually relented and returned all of the stolen currency, the event demonstrates the potential severity of such attacks. The higher the value of the smart contract, the higher the incentive for the system to be compromised.
2. Exchanges hacks
As with traditional currency, cryptocurrencies are bought and sold via digital platforms called crypto exchanges. Attackers are able to hack these platforms, enter digital wallets and siphon off funds into their own pockets. In late 2021, cyber attackers reportedly stole at least $150 million by getting hold of private credentials to wallets on a crypto exchange called Bitmart.
In these circumstances, wealthy exchanges that have suffered an attack can compensate victims via an emergency fund, however, even if they do have liquid capital, these pay-outs can cause exchanges to go out of business.
3. Oracle malfunctions
An oracle triggers a smart contract into action by sending external data to the blockchain on which the digital agreement has been mapped. Even if an oracle is trusted and cannot be compromised, it is still possible for the data on which it operates to be altered. Alternatively, even if the data on the oracle is trusted and verified, the oracle may fail to operate correctly on the smart contract either due to malfunction or deliberate tampering. This can spark the smart contract into action before the key terms of the agreement have been fulfilled.
4. Validators slashing
For some cryptocurrencies, a method called “Proof of Stake” (PoS) is used to validate entries into a blockchain and keep it secure. Verification involves solving complex mathematical problems, which require considerable computer processing power. Unlike with other methods, in PoS, blocks are verified using the machines of coin owners who offer their coins as collateral (“stake” a specific amount of coins) for the chance to become “validators”. Validators can earn rewards for correctly verifying transactions and adding them to the chain. Validators are expected to prohibit any bad actors from entering the chain by rejecting any invalid transactions.
There are several ways that hackers can take advantage of the Proof of Stake mechanism. For example, they can hack the computers that validate otherwise invalid transactions or launch coordinated attacks that slash a large portion of the stake simultaneously. The second of these attacks is particularly dangerous since cyber hackers can increase their share of PoS tokens and obtain increased ownership of the network over time. In the long term, this concentrated, centralized power could theoretically allow for manipulation of the blockchain on which cryptocurrency is mapped (although, practically speaking, it is highly unlikely that a single cyber attacker could amass over 51% of the stakes to pull this sort of attack off).
In this way, PoS, a mechanism designed to increase security for cryptocurrencies, becomes a double-edged sword: harsher penalties for bad validator behavior mean that hackers can more easily exploit zero-day vulnerabilities, whilst softer penalties risk enabling malicious actors to clog the blockchain with defective transactions.
A stablecoin is a type of cryptocurrency that has its value pegged to an external asset, such as dollars or gold, in order to prevent price fluctuations. However this increased reliability does not make stablecoins immune to cyberattacks – in June 2021, the value of one such stablecoin, SafeDollar, nosedived after a cyberattack took place. Although the price of the SafeDollar’s crypto-coins has recovered slightly, there is still a long journey ahead – with $0 worth of coins being bought and sold ever since.
6. Custody risks
Crypto custody solutions are storage and security systems that are designed to make sure that cryptocurrency remains with the person who bought it. There are several ways to store cryptocurrency – online, via third parties, and via hardware – but these can all be compromised, personal login credentials can be lost or stolen and funds can disappear, whether due to human error or due to malicious cyber attacks.
Cryptocurrency Cyber Insurance
Regulators are currently faced with striking the delicate balance between prudently monitoring cryptocurrencies and decentralized finance without stunting the innovative role that these may place in economic development. For example, increased dialogue between regulators and the crypto industry, greater attention given to understanding how different cryptocurrencies fit into existing legislative frameworks, and reviews of anti-money laundering and anti-terrorism laws all suggest that crypto is here to stay.
We touched on this topic in one of our recent webinars – click here for our recap.
Yet, whilst insurance has not yet become a staple in the crypto industry, the prevalence of cyber thefts and attacks in this space will undoubtedly contribute to the growth of crypto-insurance, as crypto investors will increasingly look to risk transfer mechanisms to protect their investments. The digital nature of crypto storage leaves digital assets exposed to attack and that is where these policies come in – they protect against the loss of digital assets to malicious, criminal cyber actors, who leverage the anonymity afforded to them on the blockchain to steal with little reprimand. In addition to the cyber coverage of these policies, crypto insurance typically covers losses due to product negligence, errors, and omissions on Crypto exchanges.
Top Cyber Insurance Companies for Cryptocurrency in 2022
2021 saw some interesting developments in this market. We have selected three key players set to disrupt the industry over the coming years.
This is the world’s leading insurance firm in the crypto space. It has also recently been recognized as Lloyd’s of London coverholder – added much-needed new capacity to an industry that is plagued with low liquidity stunting its growth.
This platform enables almost instant liquidity to insurance buyers and underwriters through special protocols. Their insurance liquidity covers exchange and smart contract hacks, validator slashing, stablecoin pegs, oracle failures, and other crypto-related risks. Unslashed innovation was recogniזed in April 2021 with $2 million funding.
This is the first regulated digital insurance platform for the crypto economy. Currently, Breach offers crypto-insurance that protects against exchange hacks and fraud.
- Bitcoin: one of the most well-known cryptocurrencies in the market.
- Blockchain: a shared database that stores information in blocks that are then linked together via cryptography, creating a chronological chain of data. It is commonly used as a ledger for transactions. The transactions on blockchains are permanently recorded and are viewable to anyone.
- Cryptocurrency: digital assets that are secured by a powerful encryption language, called cryptography. The encryption allows for secure online payments.
- Cryptocurrency exchange: digital marketplace or intermediary online platform where crypto coins can be bought and sold using other currencies (such as fiat currencies).
- Decentralized currency: also called peer-to-peer money, refers to bank-free methods of transferring assets. It is primarily used in the virtual markets.
- Digital wallet: software-based financial account where users can store money, track payments and transact with others (such as PayPal). The main interface for cryptocurrencies.
- Oracle: “messenger” between blockchain and the real world.
- Smart contracts: self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code.
- Stablecoin: cryptocurrencies that peg their value to an external reference such as gold.
Want the latest on cyber insurance news, hottest trends, important issues, tips, and much more, directly to your inbox twice a month? Signup for The CI Academy Plus Newsletter here.