North Korean Hackers Target Crypto ETF Custodians – FBI
The FBI cautions that North Korean hackers are targeting crypto ETF custodians, which they consider to have weak security systems to prevent hacks.
Cryptocurrency exchange-traded funds (ETFs) custodians are now the target of notorious North Korean hacking entities and scammers, according to the US Federal Bureau of Investigation (FBI). The law enforcement agency noted that the security of crypto ETF custody platforms’ is at risk despite their robust security and billions of dollars in inflows from investors.
Rising Threats of North Korean Hackers
The FBI also remarked that Hacker groups from North Korea, such as the infamous Lazarus Group, are becoming a major threat to the cryptocurrency market. This group has been connected to multiple hacks of major exchanges and blockchain protocols.
Concerns about them possibly focusing on ETFs and taking advantage of the underlying digital assets have grown recently. Spot crypto ETFs require fund managers to maintain custody of the actual digital assets, in contrast to traditional stock market ETFs, where prices are replicated through reliable tracking systems.
Due to the large amounts of money in these funds, hackers may find them appealing targets. Should they succeed in getting past security measures, they may cause these managers to lose significant sums of investor money.
As of July 2024, Farside Investors data showed that the total assets under management (AUM) in spot Bitcoin (BTC) ETFs exceeded $15 billion.
Potential Costs of a Crypto ETF Hack
Should a hacking attempt be successful, the results will be disastrous as the market might undergo a catastrophic collapse. The chief security officer and co-founder of Casa, a cryptocurrency self-custody wallet provider, Jameson Lopp, added that if a hacked ETF is not stopped quickly, its value could drop to zero.
He further said that the sale of stolen coins would start a larger market sell-off and send investors into a state of general panic. Lopp also said that when investors realize the extent of the loss, even ETFs that were not directly impacted by the hack would experience massive liquidations.
If such an incident should happen, the market would struggle to win back investor confidence.
Security Strategies: How Effective Are They?
Meanwhile, industry-leading custodians such as Coinbase—the principal custodian for cryptocurrency-backed exchange-traded funds in the United States—have put strong security measures in place to protect digital assets. The motto of Coinbase’s strategy, “get hacked, but don’t get rekt,” is an acknowledgement that hacks will inevitably occur.
Luke Youngblood, co-founder of the decentralized finance platform Moonwell, claimed that the exchange has several security measures in place that would require an intruder to get past before doing serious harm. A further degree of risk exists with the centralization of crypto custody services.
However, these measures might provide some comfort. Timechain Index data indicates that as of early September 2024, Coinbase held about 808,619 BTC on behalf of different ETFs.
Hence, there are concerns regarding the systemic risks of having this concentration of assets under one custodian. Steven Walbroehl, co-founder and chief technology officer of cybersecurity firm Halbron, cautioned that the industry currently relies on the assumption that these custodians have put in place sufficient security protocols.
He, however, explained that there is no way to confirm the efficacy of these measures in the absence of clear regulatory guidelines.
Absence of Insurance and Regulatory Gaps
The absence of comprehensive insurance coverage is one of the most glaring flaws in the crypto ETF market. Although certain custodians, such as Coinbase, offer insurance policies, they frequently only cover a small portion of the total assets under management.
For instance, Coinbase has $269 billion in digital assets but offers a $32 million insurance policy. This indicates that in the case of a major breach, only 0.12% of the assets would be covered.
An attorney for digital media, Andrew Rossow, noted that a custodian’s insurance policy might not always cover the back custody of an ETF. Rather, the policy is shared by all clients of the custodian; thus, a significant loss might exceed the amount of coverage available.
Limitations of Insurance for a Crypto ETF
Crypto ETFs are recognized as authorized financial instruments. Therefore, they’re covered by Securities Investor Protection Corporation (SIPC) insurance. However, this insurance only covers the ETF shares and excludes any underlying assets, like Bitcoin or Ether.
Walbroehl underlined that it is challenging to determine whether current security measures are adequate due to the lack of comprehensive security protocols. Hence, the industry is forced to rely on custodians to safeguard digital assets valued at billions of dollars.