What Cryptocurrencies Can Learn from Banks About Security


By Benoit Grangé, Chief Technology Evangelist at OneSpan

Cryptocurrencies are growing in popularity and moving into the mainstream. So far this year, we’ve seen Bitcoin and Ethereum reach all-time highs and Coinbase became the first major cryptocurrency company to go public. Yet despite this excitement, cryptocurrencies continue to be plagued by regular reports of cyberattacks on crypto exchanges and custodians. In 2020 alone, hackers stole $1.9 billion worth of cryptocurrency. Just last month, hackers drained multiple Coinbase wallets after gaining access to them by exploiting vulnerabilities in the company’s two-factor authentication process.

It’s no secret that the crypto industry’s greatest challenge is the lack of regulations. When using banks and traditional financial institutions, consumers benefit from protections against fraud and regulatory requirements for stringent cybersecurity and identity verification standards. The lack of regulations in the crypto industry means consumers have no such protections. As we saw in the Coinbase example, when money is fraudulently transferred off the exchange, there is often no way for consumers to recover the lost funds.

Without proper cybersecurity and fraud prevention standards, crypto exchanges will continue to be susceptible to attacks. But it doesn’t have to be this way. Cryptocurrencies can follow the example of traditional banks and adopt many of the same, strong cybersecurity technologies to better protect both their users and their own reputations.

For example, the recent Coinbase hack was able to take place because the company still used SMS-based two-factor authentication (2FA.) It has been known for years that this type of 2FA is susceptible to man-in-the-middle and SIM-swapping attacks, where hackers are able to intercept the one-time passcode sent to the user’s mobile phone and use it to take over the account. Most banks switched long ago to more secure approaches, such as using PUSH notifications with secure mobile apps that use ID verification technologies such as biometrics, liveness detection and artificial intelligence (AI) to ensure that only the genuine account owner has access.

Cryptocurrencies may aim to disrupt the financial services sector, but there is at least one area where they should be following the example of their more traditional counterparts and that is in security. By overhauling their approach to cybersecurity and adopting stronger user authentication standards, they can stop the spate of authentication-based hacks and protect their users from fraud.