Hero's Image

Hackers’ arrests highlight the importance of crypto asset custody

Monthly Letters

Dear Investor,

 

As the world watches a war and humanitarian disaster unfold in Europe, we are hopeful for a quick resolution. There has been significant speculation about the role of crypto in this conflict, and this will no doubt continue. It will take time for the ultimate impact of this crisis to be known. However, we strongly believe that crypto remains a global force for good, especially in times of intense geopolitical stress.

 

Early in February, the US government charged a New York couple with “conspiracy to launder cryptocurrency” stolen from Bitfinex in 2016. The sensational story generated much media attention, but for us it served as a reminder: the importance of safekeeping crypto assets. In this month’s letter, we share our views on best practices for crypto custodians.  

 

We also wanted to share that on February 17, Hashdex launched the world’s first DeFi ETF. The ETF launched on Brazil’s B3 exchange and attracted 2,200 investors on its first day. We are thrilled to provide investors a vehicle to gain exposure to this exciting space.

 

As always, please reach out with any questions or feedback. 

 

-Your Partners at Hashdex



Market Review

 

After three straight months of losses, the Nasdaq Crypto Index (NCI) generated positive returns in February[1]. Crypto assets and traditional risk assets had been weighed down by the prospect of interest rate hikes since November, but sentiment shifted somewhat at the end of January as uncertainty loomed over the timing of rate increases. 

 

On February 9, the NCI reached 2,760 points, the highest price in the month. In the days that followed, crypto markets fluctuated as geopolitical concerns took center stage as Russian troops moved across the Ukrainian border. 

 

The crypto markets dropped mid-month, with eight consecutive days of decline leading up to Russia’s invasion of Ukraine. Crypto assets began a rally in the wake of the February 24th invasion, as speculation grew about the use of crypto in Russia and Ukraine. Many of crypto’s unique attributes—including being borderless and decentralized—were highlighted during this period, which likely impacted prices as well.

 

The NCI closed the month up 6.2%. Bitcoin Cash (BCH) was the best performing asset, rising more than 15%. The worst performers were Chainlink (-14.0%) and Uniswap (-13.1%). 




LINK

UNI

BCH

ETH

FIL

XLM

BTC

LTC

-14.0%

-13.1%

15.4%

4.8%

-0.5%

-3.5%

7.4%

-0.5%

 

Top Stories

 

US recovers nearly 120,000 stolen bitcoins

 

The US Department of Justice (DOJ) published a release on February 8th divulging a landmark seizure of over US$3.6 billion in bitcoin, originally stolen during the 2016 hack of Bitfinex[2]. Ilya Lichtenstein and Heather Morgan were arrested and charged for an alleged conspiracy to launder the proceeds of 119,754 bitcoins—worth roughly US$4.5 billion on the day the release was published—taken from the exchange.

  

US Treasury letter signals miners will be exempted from further IRS reporting rules

 

The US Treasury Department sent a letter to the US Senate that suggests crypto miners and stakers will not be forced to provide information on their client’s transactions to the Internal Revenue Service[3]. The letter alleviates concerns surrounding the impact  of a provision found in the new infrastructure law signed by President Biden in November. 

 

El Salvador reveals issue date for bitcoin bond

 

Alejandro Zelaya, El Salvador’s finance minister, revealed that the country plans to issue the world’s first “bitcoin bond” between March 15th and March 20th and the bond will have a 6.5% coupon[4]. President Nayib Bukele had announced in November 2021 that the tokenized financial instrument will be developed by Blockstream to finance the construction of “Bitcoin City” on the Gulf of Fonseca. El Salvador made headlines last year by becoming the first country to legalize bitcoin as legal tender[5].

 

“Today’s arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals.” – US Deputy Attorney General Lisa O. Monaco, announcing charges against Ilya Lichtenstein and Heather Morgan on February 8, 2022[6].

 

February’s theme: The evolution of crypto custody

The arrests related to the 2016 Bitfinex hack not only reminded us of the importance of safekeeping crypto assets, but also how far crypto custody has evolved in recent years. And as more investors gain exposure to this dynamic asset class, security is going to become even more important. We are proud to work with several best-in-class custodians and want to help investors understand the importance of crypto-specific security measures. 

 

Crypto assets present unique custody challenges. The most consequential is how to secure private keys, the alphanumeric identifiers that provide proof of ownership. Because the key holder owns the crypto asset, protecting private keys is the ultimate goal of crypto security. There are three approaches to crypto custody:

 

  1. Self-custody can be as simple as using an external hardware device or writing a private key code onto a piece of paper. Those who self-custody are responsible for key security in the same way they are responsible for cash in their pocket. Self-custody carries significant risks. Because blockchain transactions cannot be altered, there are no chargebacks with crypto. 

 

  1. Partial custody refers to third-party software wallets or exchanges that manage private keys. These services are typically called hot storage, meaning they are connected to the internet. To prevent unauthorized transactions, hot wallets often provide two-factor authentication or “multi-sig” protections that require more than one person sign off on transactions. Wallets provide varying levels of security, so it’s important to understand the steps a provider takes to protect assets. 

 

  1. Full service third-party custody solutions provide the highest degree of security and customization. This approach includes the utilization of cold storage, which involves offline devices separated by “air gaps” that prevent network or software-enabled connectivity.

 

The primary tradeoff when selecting a custody approach is accessibility vs. security. Some investors want to trade daily while others are long-term focused. Because exchanges need to provide their customers with real-time access to their assets, they mostly rely on hot wallets to maintain customer funds. While major blockchains like Bitcoin and Ethereum have never been hacked, when these assets are held in partial custody on an exchange they become vulnerable to theft. So while exchanges and software wallets may provide convenient access, they are much more likely to be the target of hackers. Cold storage services make it difficult to regularly trade but are much less exposed to network vulnerabilities. For some, the risks of self or partial custody might be manageable. But for institutions and other long-term investors the only option is a full service third-party custodian. 

 

It’s important to remember that institutional-grade custody is not simply the offline storage of private keys. Rather, it’s a combination of organizational governance with multiple levels of physical and technical security measures. We believe the following five operational practices should be standard for any institutional custodian:

 

  1. Strict governance protocols: A custodian’s governance model should clearly define employee roles in the fund movement process. It should identify the primary tools and technologies used for transaction verifications (e.g., multi-sig, sharding).  

  2. Dispersed personnel permissions: The human role in key security is as important as physical security measures. Ultimately, a crypto custodian’s job is to protect private keys from being lost or stolen. Having several employees involved in each transaction step prevents one person from taking control of a customer’s funds.  

  3. Robust physical security: Private keys must be kept isolated in offline hardware devices. Hardware security modules (HSMs) are computers that use cryptography to encrypt private keys. The physical security of HSMs is critical, and access should be highly restricted. Custodians should only use facilities that can support biometrics and other advanced forms of security.

  4. Transparency: Many institutions need to regularly view their crypto holdings for auditing and regulatory reasons. Institutional custodians can use segregated addresses which allow account balances to be completely visible and auditable to the customer. This is particularly important as crypto asset reporting and compliance requirements will continue to evolve.     

  5. Explicit business continuity plans: Custody providers should have geographically dispersed backup sites and redundancy plans in place to guard against natural disasters or other catastrophic events disrupting operations. Backup sites should be regularly tested to ensure that outages or hardware destruction do not put private key security at risk. Custodians should also be able to explain the threshold at which these redundancy systems would fail.

 

We consider these practices a baseline for crypto asset custody. While we are not a custodian, Hashdex meets these five operational standards and we expect the same level of physical and technical security from our key partners. For the crypto ecosystem to properly develop, individuals and institutions need assurance that their investments are secure. This is why safekeeping our investors' assets remains our top priority. 

 

Looking ahead 

We continue to believe the adoption of crypto assets as long-term investments will make financial markets more accessible and equitable. This can only be achieved if investors feel confident their assets are safe. The industry’s progress to provide custody and security solutions has been impressive, but an industry as fast moving and dynamic as crypto requires constant innovation.   

While price volatility will continue to remain a fixture of these markets, we believe 2022 will be another pivotal year for the crypto ecosystem. As this space evolves, we are continuing to focus on guaranteeing that our customers have access to the highest quality services available, giving them the confidence to safely participate in this exciting market.    

 

As always, we welcome your thoughts and feedback. 

[1] Nasdaq Crypto Index data, as of 3/1/22.

[2] United States, Congress, Office of Public Affairs, and Deputy Attorney General Lisa O Monaco. Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrency, Office of Public Affairs, 2022.

[3] Versprille, Allyson. “Treasury Signals Crypto Miners Won’t Face IRS Reporting Rules.” Bloomberg News, 11 Feb. 2022, https://www.bloomberg.com/news/articles/2022-02-11/treasury-signals-crypto-miners-won-t-face-irs-reporting-rules.

[4] Majcher, Kristin. “El Salvador Plans to Issue First Bitcoin Bond next Month.” The Block, 9 Feb. 2022, https://www.theblockcrypto.com/post/133720/el-salvador-plans-to-issue-first-bitcoin-bond-next-month.

[5] Lopez, Oscar, and Ephrat Livni. “In Global First, El Salvador Adopts Bitcoin as Currency.” The New York Times, The New York Times, 7 Sept. 2021, https://www.nytimes.com/2021/09/07/world/americas/el-salvador-bitcoin.html.

[6] United States, Congress, Office of Public Affairs, and Deputy Attorney General Lisa O Monaco. Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrency, Office of Public Affairs, 2022.

 


 

The information contained herein (“Information”) may not be reproduced or redistributed in whole or in part, in any format, without the express written approval of Hashdex Asset Management Ltd. (“Hashdex”) and its affiliates and subsidiaries (“Hashdex Group”). By accepting this document, you acknowledge and agree that all of the Information contained in this document is proprietary to Hashdex Group. While not explicitly referenced within this piece, Hashdex Group manages the Hashdex Nasdaq Crypto Index ETF, Hashdex Nasdaq Ethereum ETF, Hashdex Nasdaq Bitcoin ETF, Hashdex DeFi Index Fund, Hashdex Smart Contract Platforms Index ETF and other investment vehicles focused on digital assets (collectively the “Fund” and each a “Fund”) which invests in digital tokens. The Information is not an offer to buy or sell, nor is it a solicitation of an offer to buy or sell, interests in the Funds or any advisory services or any other security or to participate in any advisory services or trading strategy. If any offer and sale of securities is made, it will be pursuant to the confidential offering memorandum of the Fund (the Offering Memorandum). Any decision to make an investment in the Fund should be made after reviewing such Offering Memorandum, conducting such investigations as the investor deems necessary and consulting the investor’s own investment, legal, accounting and tax advisors in order to make an independent determination of the suitability and consequences of an investment.

 

Each Fund seeks to track a relevant index. The performance of each Fund will vary from the performance of the relevant index that it seeks to track. The Information is being provided to you solely for discussion purposes and may not be used or relied on for any purpose (including, without limitation, as legal, tax or investment advice) without the express written approval of Hashdex Group. Certain statements reflect Hashdex Group’s views, estimates, opinions or predictions (which may be based on proprietary models and assumptions, including, in particular, Hashdex Group’s views on the current and future market for digital assets), and there is no guarantee that these views, estimates, opinions or predictions are currently accurate or that they will be ultimately realized. To the extent these assumptions or models are not correct or circumstances change, the actual performance of Hashdex Group and the Funds may vary substantially from, and be less than, the estimated performance. None of Hashdex Group, the Funds nor any of their respective affiliates, shareholders, partners, members, directors, officers, management, employees or representatives makes any representation or warranty, express or implied, as to the accuracy or completeness of any of the Information or any other information (whether communicated in written or oral form) transmitted or made available to you. 

 

Each of the aforementioned parties expressly disclaims any and all liability relating to or resulting from the use of the Information or such other information. Except where otherwise indicated, the Information is based on matters as they exist as of the date of preparation and not as of any future date and will not be updated or otherwise revised to reflect information that subsequently becomes available, or circumstances existing or changes occurring after the date hereof. Investing in financial markets, the Funds and digital assets, including Bitcoin, DeFi tokens, and Ethereum, involves a substantial degree of risk. There can be no assurance that the investment objectives described herein will be achieved. Any investment in the Funds may result in a loss of the entire amount invested. Investment losses may occur, and investors could lose some or all of their investment. No guarantee or representation is made that Hashdex’s investment strategy, including, without limitation, its business and investment objectives, diversification strategies or risk monitoring goals, will be successful, and investment results may vary substantially over time. Nothing herein is intended to imply that the Hashdex Group’s investment methodology or that investing any of the protocols or tokens listed in the Information or the Funds may be considered “conservative,” “safe,” “risk free,” or “risk averse.” Neither historical returns nor economic, market or other performance is an indication of future results. Certain information contained herein (including financial information) has been obtained from published and non-published sources. Such information has not been independently verified by Hashdex Group, and Hashdex Group does not assume responsibility for the accuracy of such information. Hashdex Group does not provide tax, accounting or legal advice. Certain information contained herein constitutes forward-looking statements, which can be identified by the use of terms such as “may,” “will,” “should,” “expect,” “anticipate,” “project,” “estimate,” “intend,” “continue” or “believe” (or the negatives thereof) or other variations thereof. Due to various risks and uncertainties, including those discussed above, actual events or results, the ultimate business or activities of Hashdex Group or the Funds or the actual performance of Hashdex Group, the Funds, or digital tokens may differ materially from those reflected or contemplated in such forward-looking statements. As a result, investors should not rely on such forward- looking statements in making their investment decisions. None of the Information has been filed with the U.S. Securities and Exchange Commission, any securities administrator under any state securities laws or any other governmental or self-regulatory authority. No governmental authority has opined on the merits of the offering of any securities by the Funds or Hashdex, or the adequacy of the information contained herein. 

Logo Hashdex
The material contained on this website is for informational purposes only and Hashdex, and its affiliates, is not soliciting any action based upon such material. The material is not to be construed as investment advice nor is it to be construed as recommendation, offer or solicitation to buy or sell any financial instrument or product or to adopt any investment strategy. Further, the material contained on this website does not constitute a representation that the financial instruments described therein are suitable or appropriate for any person. Past performance is not an indication of any future performance. This website may contain advertising of financial products.