Blockchain technology has been described by one major auditor as “secure, transparent, highly resistant to outages, auditable, and efficient”. However, in the space of a week Bithumb and Coinrail, two South Korean cryptocurrency exchanges, both of which rely on blockchain technology, have been hacked.
This is Bithumb’s second hack in the space of 12 months and collectively, across South Korea’s cryptocurrency market, losses are estimated to be in the region of at least 75bn won ($68m) and this number will likely increase as further details emerge.
In light of these hacks and a number of other recent attacks globally it is worth stopping to consider the state of the emerging cryptocurrency industry and blockchain technology.
Much of the hype around blockchain technology centres on the apparent security benefits on offer. Information recorded on a blockchain is organised in a chain of digital ‘blocks’ that are secured through the process of cryptography — ie: the records are given an encrypted value only accessible to those with the right ‘key’. In addition, blockchains function as de-centralised databases, meaning that they cannot be changed (or hacked) from one single computer. Unauthorised modification of a blockchain ledger would require the simultaneous and coordinated control of more than half the access points in a single instance, and a great deal of computing power.
Despite the inbuilt protections of a blockchain database, high-profile and damaging attacks continue to occur, resulting in losses of hundreds of millions of pounds across affected users. Threats to date have targeted the bitcoin validation process, exploited the way smart contracts can be used in Ethereum and, as suspected in the case of Bithumb and Coinrail, infiltrated online wallets with inadequate security. Guarding against these types of cyber attacks can be a costly and time-intensive exercise, with security protocols needing to be continually updated to keep up with new and evolving potential methods of attack.
One simple technique investors can adopt to mitigate their exposure to attack is to store any large sums of cryptocurrency in offline (or cold) wallets instead of those linked to a particular exchange. However, arguably, this is not the most convenient way to manage one’s cryptocurrency wallet and so the debate has started as to how cryptocurrency markets should deal with potential security breaches ahead of time.
One solution lies in effective, applicable regulation. At the beginning of the year, Gibraltar introduced the Financial Services (Distributed Ledger Technology Providers) Regulations. In brief, the regulations require DLT providers to adhere to a strict code of ethics and security measures. To date, there have been no reported attacks against those DLT providers operating under Gibraltar’s jurisdiction.
A hack of Coincheck, a Japanese cryptocurrency exchange, earlier this year demonstrates that regulators must remain vigilant. In the case of Coincheck, it has been revealed that at the time of the attack the company had been given permission to operate by the Japanese Financial Services Agency despite not yet having obtained an official operating licence. The result is that a class action has been brought in Japan against Coincheck with participants seeking a refund of investments plus interest valued at 228m yen (£1.5m).
As it stands, England and Wales are yet to address blockchain technology under specific legislation. However, comments by Sir Geoffrey Vos, chancellor of the High Court, highlight the English court’s desire to be at the forefront of resolving disputes arising out of blockchain technologies. Therefore, commentators anticipate the English courts, with the agility of the common law system behind them, will deal with disputes swiftly as and when they arise.
Whilst risk is an inherent part of any venture, for personal investors and businesses alike, there does not appear to be sufficient safety within the complex algorithms of the blockchain technology for it to be said that the technology and the industries that rely on it are “secure” and “transparent”.
Until such time, we will likely continue to see regulation hotspots, like Gibraltar, push the legislative framework whilst courts across the globe grapple with the complex nature of any dispute.
Elliott Phillips is a partner, Johnny Shearman a professional support lawyer, and Melenik Forde a paralegal at law firm Signature Litigation