Category: bitcoin security

Capital Markets Veteran Gavin Smith Calls for Better Security Standards for Bitcoin Traders

gs-blockchain-money

“Blockchain fintech companies can not only provide better security for bitcoin traders we can also solve the problems that plague conventional capital market companies.”

November 15, 2016    London

This is the opinion voiced at the Blockchain Money Conference in London last week. Speaking to an audience of investors, entrepreneurs, and experts including Jon Matonis, Michael Parsons and Roger Ver, First Global Credit’s CEO Smith proposed that companies needed to take a more pragmatic view of risk. During his talk he highlighted specific areas of risk that were being overlooked by bitcoin companies.

“In the conventional capital markets we have many metrics used to measure risk. They are not great; they are not foolproof, but they are a decent framework that [start to] measure where the risk comes from. In the cryptocurrency world, we don’t yet have that.” — Smith asserted.

His statement came in response to ongoing security threats that challenge bitcoin  exchanges. There is not a single year that has gone without reports of online bitcoin wallets being hacked. Many speculators turn to bitcoin trading in hopes of making easy profits from its trademark price volatility. Exchanges such as BitFinex further attract traders by offering leveraged trading based on loans being made by bitcoin holders who are not skilled traders but still want to make a return on their crypto-assets.

Are these practices — and whatever returns they promise — worth the risk if the exchange cannot provide investors with insurance during a security breach? Even the most respected Bitcoin exchanges are not able to protect their customers from hacks that have led to over $80 million worth of losses in last two years.

“BitFinex was one of the largest and most respected Bitcoin exchanges and they still got hacked,” Smith stated. “It clearly illustrates how vulnerable our funds are in absence of adequate risk management protocols.”

 Minimising Risks

Exemplifying his own company that allows bitcoins to be used as collateral margin to trade against fiat currencies, world-wide stock markets, precious metals and ETFs, Smith described what his company does to effectively reduce risk especially counterparty risk.

“First we actively grade bitcoin exchanges based on a weighted set of criteria including whether the exchange is domiciled in a respected jurisdiction, the transparency of their management structure and finally the longevity of the exchange. Once we have identified acceptable counterparties we spread assets across multiple exchanges. We need to be in a situation where we keep operating and continue to provide our customers with service even if one of our counterparties fail. So we don’t risk more than 15% of reserves on any one bitcoin exchange.”

“We further control risk by minimising the time that we have funds out of our control. We do this by continuously moving funds out of exchanges when not actively being used to trade.”

Exchanges are Centralising Bitcoin

“One of the benefits of bitcoin is that it should cut away middlemen from financial settlements, but bitcoin exchanges have failed to follow the vision themselves by acting like centralised authorities.” Smith highlighted these points and didn’t shy away from identifying that his own company was subject to the same issues. He then pointed to current and upcoming developments that are steps in the right direction of combating counterparty risk.

“I believe the real challenge over the next 2 years – for companies who operate in the cryptocurrency capital markets – is to move beyond this model of us holding client funds and being ourselves, a point of risk for the customer assets.”

“We’ve already seen some attempts to deal with this problem, but thus far these have failed because they do not cover the security of funds over the full trade lifecycle. They protect funds when they are initially placed on the exchange, but as soon as funds are committed to an active trade they are subject to the same risks as they are on a conventional bitcoin exchange because they are pooled with other trades. So while protecting inactive funds provides a partial solution, this benefit is counteracted as soon as you open a position and start trading. This is not a particularly useful innovation for funds lodged with First Global because we are actively moving dormant money out of the control of the exchange anyway. So a solution that only protects funds when there is no active trade does not really add value.”

“The second area is using smart contracts to replicate trading. Again, this is a move in the right direction but the problem with the practical use of smart contracts at the moment is lack of liquidity. There is a real challenge of creating a solution that provides good liquidity and real security through the full lifecycle of a trade including point of settlement. To my mind that is where the real benefit and the future lies; If we can create a solution that achieves this we have not only provided value in the cryptocurrency capital markets, we’ve created something that actually leapfrogs existing mainstream capital market risk.”

“All counterparty risk management strategies in existing capital markets are based on allowing banks to transact business securely. Allow bank A to trade with bank B in a way that keeps them from having counterparty risk. Nobody considers the last step in the cycle, the piece that covers the transfer of funds to the end customer. That customer is still expected to assume all the counterparty risk of working with a bank or broker or other institution. If we can create an environment that allows customer A to trade with customer B without any added counterparty risk from working with an institution in the middle, that’s where I think the public blockchain can add real value to the whole finance industry and our market will pull ahead of conventional markets in what we can offer our customers. So in the next two years not only will counterparty risk become actively managed in the cryptocurrency space, I can imagine ways blockchain tech can be adapted for mainstream markets counterparty risk management as well.”

Advertisements

I know my customers and my customers know me…

Common sense kicks in following the Bitfinex hack

By Marcie Terman, Communications Director, First Global Credit and XBT Corp Geneva

Those of us involved in the cryptocurrency space right now are all certified early adopters and we wear that badge with great pride. We are individualists, a bit edgy and a bit libertarian.  Because of this, companies like First Global Credit that take a hard line on the Know Your Customer rules withstand a lot of criticism. Cryptocurrency aficionados do not like the fact that we are legally compelled by international convention to understand who we do business with. But I will tell you from a life-long responsible relationship with my money (crypto or otherwise), it makes sense knowing who is on the other side of monetary transactions.

That is why when First Global Credit was founded in 2014 we published the identity of everyone on our management team. It seemed only fair if we demanded transparency from our customers that we in turn would be equally transparent with them. It would seem that in the aftermath of the Bitfinex hack the sentiment of the rest of the bitcoin market are suddenly in step with our own as the numbers of customers signing up and immediately KYC’ing their live trading accounts on our bitcoin backed, stock, futures and FX trading platform have increased four times the usual level over the past 7 days.

At a cursory inspection it may seem eminently fair that Bitfinex’s founders have taken the view to spread losses over their entire pool of customers. But if you think about this critically, it wasn’t the customer’s fault that permitted an automated, unchecked process at BitGo to release funds to points unknown. And given that the identity of Bitfinex’s management is not generally known, it makes it much easier for the culpable to hide until the heat dies down. Perhaps giving the go ahead on ill-conceived policies like this would have been deliberated on with greater care if the decision makers knew they would be identified as responsible?

My thinking is that these issues with Bitfinex have raised the question of what kind of accountability you can expect from vendors that use their customers’ penchant for anonymity as a cloak that they themselves can hide behind? (Doubly bizarre since Bitfinex follows the KYC conventions for their customers to reveal their identities.) This kind of thinking is logically followed by the realization that platforms offering anonymity or exchanges that automate withdrawals (a thing you NEVER see in conventional online brokerages) are perhaps not the most trustworthy place to store capital. With anonymity not only is it very easy for a financial service business, its website and its founders to disappear if things suddenly go wrong, it also makes it much harder to make a bid to reclaim capital yourself after a hack if you have no way of proving that it was your money stolen in the first place!

We cryptocurrency advocates consider the sanctity of personal information inviolable but the standard for company founders is and should be different. If you choose to do business with companies that hide the identities of their founders creating an opportunity to avoid responsibility, you, yourself are equally as culpable. I believe strongly, as many in crypto do in the principle of personal responsibility which is why I know that people who do not stand behind what they are selling are looking to avoid the consequences of poor decisions.

Having recognised that anonymity is not desirable in a business where client assets are involved I would suggest substituting the goal of anonymity with the selection of business partners that show a high regard for the personal privacy of clients as we do at First Global Credit. Choose business partners domiciled in jurisdictions that share your values. Make sure that the jurisdiction follows rule of law and the concept of search and seizure as it existed before the panics of the last decade. A blanket request for all customer data is simply not acceptable. If a government feels that there is criminal activity associated with an account, the proper course of action is to obtain a warrant through an objective legal system only after due process has been exercised.

Customers have a responsibility as well where the security of their assets are involved. Do not complain if your financial service company uses manual processes for withdrawal.  Consider multiple layers of validation for transactions over a certain level simply a cost of doing business that is there to protect you as well as your service partner. Restrict your financial dealings to companies that you have vetted to make sure that they have a serious approach to not only maintaining security but validating processes regularly to make sure your service partner stays as far ahead of thieves as humanly possible. But at the core of all these measures lies transparency which should do much to facilitate trust between customer and service provider.

Those of us involved in the world altering cryptocurrency markets are absolutely ahead of the curve. We are doing exciting things, making the fiscal world more equitable, creating opportunities that will remove money from the hands of bankers and put it back in the hands of people who worked for the assets in the first place. Bringing opportunity to populations that have been abused by their governments for far too long. That’s pretty exciting stuff! But these paradigm changes do not mean that the sensible precautions that are part of the conventional financial markets should be ignored.