Bridging The Gap Between Bitcoin Companies And Legacy Institutions

In 2014, the Securities and Exchange Commission (SEC) was focused on cyber security, “law enforcement and financial regulators have stated publicly that cyber-attacks are becoming both more frequent and more sophisticated. Indeed, according to one survey, U.S. companies experienced a 42% increase between 2011 and 2012 in the number of successful cyber-attacks they experienced per week,” stated SEC Commissioner Luis A. Aguilar.

At the same time the Bank of England announced a collaboration with CREST, a not-for-profit organisation representing the technical information security industry. The aim was to develop a new framework in order to set the benchmark for UK financial services. The new framework encompassed sharing detailed threat intelligence, and performing cyber security tests. “Although existing penetration testing services in the financial services sector have provided a good level of assurance against traditional attacks, they do not address more sophisticated cyber attacks on critical assets,” said Ian Glover, President of CREST.

“Tests have been designed to replicate the behaviours of serious threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to important financial institutions.”
— – Ian Glover, President of CREST

The SEC followed up earlier this year, with a Cybersecurity Guidance which addresses cybersecurity at brokerages and advisory firms. “Through our engagement with other government agencies as well as with the industry and educating the investing public, we can all work together to reduce the risk of cyber attacks,” stated the SEC Chair, Mary Jo White.

“Cybersecurity threats know no boundaries. That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC.”
— – Mary Jo White, SEC Chair

Cyber security threats are not restricted to traditional financial institutions. In May this year,  leading bitcoin exchange, Bitfinex, suffered a hot wallet hack. “Although we keep over 99.5% of users’ BTC deposits in secure multisig wallets, the small remaining amount in coins in our hot wallet are theoretically vulnerable to attack,” stated BitFinex in a post following the loss.

While the SEC and Bank of England operate in distinctly different sectors, regulation in the US and banking in the UK, the centralized control of funds presents similar risks in many industries.

Bitcoin, as a predominantly unregulated industry, has had to evolve at a much faster pace than legacy systems. The fungibility of the digital currency presents risk in terms of possible theft, but also the risk of users quickly and efficiently abandoning services that utilize poor security measures.

Shortly after the BitFinex hack a partnership was announced with BitGo, a secure multi-sig wallet used by many major Bitcoin companies. “The era of commingling customer Bitcoin and all of the associated security exposures is over,” said Zane Tackett, Director of Community and Product Development at Bitfinex. “The trading community has long sought individually verifiable accounts without sacrificing security or performance.”

Coinfloor recently extended its services, launching the world’s first broker based bitcoin marketplace. Their market provides UK retail investors and consumers the opportunity to buy bitcoins and gain exposure to digital currency innovation, joining the legacy financial system with the new digital currency era.

Bridging the gap between legacy systems and 21st century disruptive systems is no easy task. The company is now subject to regulatory oversight, Know Your Customer and Anti Money Laundering requirements, as well as the technological hurdles of satisfying the increasingly security aware digital currency user.

“We require all of our customers to go through an application and verification process to become a Coinfloor client before they are formally engaged with Coinfloor. Other safeguards including ongoing monitoring and flagging of suspicious activities are also put in place in order to protect Coinfloor and our clients.”
— – Coinfloor

As a centralised service, Coinfloor is attempting to store a 100 percent of its users digital assets in cold storage, although the company claims that the integrity of the bitcoins they hold are never compromised by any single person, server or vault location.

Their vaults are located underground and are described as maintaining security standards akin to the Bank of England. Coinfloor also appears to be mirroring the Bank of England’s collaboration with CREST, regularly performing external penetration tests to prevent bad actors gaining access to client information and funds.

In a recent announcement, Coinfloor CEO, Mark Lamb, explained the company’s new direction, "Just as the NYSE was committed to a decentralised network of brokers backed by a centralised exchange, Coinfloor is the first institution in the Bitcoin industry to mirror this proven model.”

It appears the company may have advanced beyond the New York Stock Exchange (NYSE) in some areas. The NYSE suffered a major to its reputation last Wednesday, when a “glitch” halted trading for the better part of 4 hours. Thomas Farley, President of the NYSE Group, explained that the outage was due to a technical configuration problem which has now been fixed. An investigation is now underway by the SEC, to fully comprehend what exactly caused the outage.

"We are in contact with NYSE and are closely monitoring the situation and trading in NYSE-listed stocks. While NYSE is working to resolve the situation, NYSE and NYSE MKT stocks continue to trade normally through other trading venues."
— – Mary Jo White, SEC Chair

On the evening prior to the event Anonymous, the decentralised international network of activists and hacktivists stated on their twitter account,“Wonder if tomorrow is going to be bad for Wall Street…. we can only hope.” Speculation in mainstream media as to whether Anonymous contributed to the outage, or if it was merely coincidence, has since ensued.

The NYSE continues to reassure the public that the problem was not related to a security breach, “The issue we are experiencing is an internal technical issue and is not the result of a cyber breach.” said NYSE in a twitter announcement.

In order to maintain integrity, security is of the utmost importance. Irrespective of whether a company is Bitcoin or Fiat based. Financial institutions and Bitcoin companies may not have seen eye-to-eye in the past, however it appears that they are fighting the same battles.