Crypto Security: Simplifying complexities for an Individual

| November 17, 2023

Share this article

Crypto Security

With the growing adoption of cryptocurrency, it is becoming more and more evident that crypto is here to stay, and everyone needs a part of it. However, there lies a vulnerability to unpredictable threats beyond passive incomes, high returns, and diversified portfolios. This is why a part of your future will also depend on the security measures you take today.

Why do you need crypto security?

Given that everyone wants to feel secure, especially when it comes to their hard-earned money. The answer to the above question may seem to be very obvious: you need it because you do. But the extent of security here can only be realized after you see what happens if you are not secure.

Past midnight of January 17th this year, risk monitoring systems of the well-known exchange platform “crypto.com” detected unauthorized activity. And in no time, assets worth $34 million were stolen. Another very similar incident happened on March 22nd this year; the Lazarus group siphoned around $625 million from Ronin Bridge.

Lately, various platforms, including Multichain, Qubit, Fei Protocol, etc., have been low-hanging fruit for malicious groups/individuals. Besides, just in seven months of 2022, cyberattacks have resulted in the theft of cryptocurrencies worth $1.9 billion.

So, if you do not rush for security now, when will you? Anyways, you do not need to run anywhere else; just continue reading this blog.

It is usually advised to evaluate the danger before taking any action. In this light, let’s answer the next question.

How do you lose your funds?

Typically, your funds are in three places, and you need to be aware of the potential disruptions in each of these places:

Firstly, when your funds are at a Centralized Exchange or Custodian

Crypto exchanges can turn out to be a very convenient place to keep one’s crypto holdings, particularly for inexperienced crypto investors. Although, if an exchange is severely hampered by an unforeseen event, your prospects of getting your money back can be minimal to none. Such incidents include-

  • Hacks: The recent hacks on AscendEX, Fei Protocol, Cashio, etc. indicate not much has changed since one of the first major hacks, which occurred in 2011 on Mt.Cox. You will be surprised to know that the majority of breaches are the result of poor management and a lack of exchange security. These reasons are like getting pickpocketed at a subway.
  • Business Losses/Bankruptcy: In the event of bankruptcy, you will probably be at the exchange’s mercy while it settles its fees. In case you think Bankruptcy is not quite often, Voyager Digital, a Canadian cryptocurrency broker and lender, was recently compelled to file for Chapter 11 bankruptcy. Similarly, a few days later, a lending platform Celsius, also began Chapter 11 bankruptcy proceedings.
  • Software Malfunction: Exchanges invest millions of dollars in the infrastructure to prevent any glitches, but investors still encounter problems due to outages. For instance, In October 2021, a large-scale order was performed incorrectly without a buyer on the other side of the deal. It happened due to a software error with one of the institutional traders registered on Binance. This led to a decrease in Bitcoin pricing at Binance for US customers to $8,000.
  • Government freezing the funds: While the government and cryptocurrency exchanges assess how compliances have changed the crypto ecosystem, regulations and policies are constantly evolving. This has led to several incidents where exchanges like Wazirx and CoinDCX had to freeze their funds.
  • The sudden demise of your loved one without any nominee/beneficiary: Cryptocurrencies are decentralized, which means they aren’t issued by a central bank or government. So unless you have the credentials to unlock your deceased loved one’s account, it is almost impossible for anyone to assist you in inheriting their funds. If you believe it does not matter for small holdings, research the estimated price of a 1/10th Bitcoin 30 years from now.

Secondly, when your funds are in the DeFi ecosystem

With new decentralized and non-custodial financial services being offered frequently, the DeFi industry is a hotspot of innovation. If you consider Web3 as the future of the Internet, then indeed, DeFi is its new financial ecosystem. Nevertheless, every DeFi investment entails a number of risks like

  • Hacks: A database of cyber-attacks shows that until now, frauds, hacks, and exploits have cost the DeFi protocols a total of $4.75 billion. Out of which, only $1 billion was repaid. The biggest of such attacks were on platforms like Poly Network, Wormhole, etc. The core reasons behind such hacks are mostly three Developer Incompetence, Coding Mistakes, and Misuse of Third Party Protocols.
  • Rug Pull: It occurs when developers create a token linked to a valued cryptocurrency like ETH, list the token on decentralized exchanges (DEXs), and then withdraw all the funds once the investor buys in. A rug pull token could go from 0 to 100X in just a few hours. This tactic aims to increase FOMO, which encourages more people to buy tokens. The polygon-based yield aggregator Blur Finance is a recent example of rug pull. It allegedly vanished with crypto coins worth $600,000 from its Polygon and BNB Chain contracts.
  • Smart Contract Vulnerability: DeFi is a cutting-edge financial instrument since it is programmable and compostable. However, if a contract is launched with bugs and gaps in the code, the entire ecosystem is exposed, which could result in a substantial monetary loss. Although some prominent incidents, like Ethereum getting affected, have led to the regular occurrence of audits and peer reviews. There is still no assurance that there won’t be any further problems with the smart contract codes.
  • You die, and no one knows how to access funds: Cryptocurrency owners frequently overlook inheritance planning, which can have major effects like losing all assets or being permanently inaccessible.

Lastly, when your funds are with you-

In the world of cryptocurrencies, the saying “Not your keys, not your coins” is popular because it’s true. But keeping your keys comes with a lot of responsibilities, and if you don’t follow them, you could lose your money in a number of ways, including-

  • Insecure Wallet Practices: Immutability is one of the most revolutionary features of blockchain technology, but it also implies that mistakes cannot be corrected. Hence, every big or small practice matters. Like, connecting your wallet to a DApp that you do not trust or not double checking before transactions can make you lose your money.
  • Inappropriate Setup: Setting up non-custodial wallets can be complicated and overwhelming. Besides, you are entirely responsible for keeping track of your private keys and upholding security precautions to keep your funds safe. There are no exceptions; if you forget/lose your private keys/seed phrase, which is common, you won’t be able to access your cryptocurrency.
  • You die, and no one knows how to access funds: Having a will can assist in informing your family of the cryptos you hold, but it won’t assist them in gaining access to it without the private key and recovery phrase. Due to this, your funds will never be transferred to your family members if you have not chosen to use crypto inheritance services.

What does crypto security mean, and how it protects you against such losses?

Crypto Security encompasses majorly of two fundamentals “Reduce Attack Surface and Improve Defence.” These two fundamentals are like wearing a helmet/seatbelt and following the traffic rules while you are driving. However, you need to remember that security is not a one-stop destination; instead, it’s a journey. The more you travel with your seatbelts/helmets abiding by the rules, the more secure you will be.

Your security starts with you-

You are the first line of defense for your security. So start by taking simple and crucial steps like never logging in through your email, using Password Manager, enabling Two Factor Authentication, and maintaining separate browsers for personal, professional, and crypto trading usage.

Do you know that phishing causes more financial losses than hacking does? It is, therefore, essential to do extensive research and verify before trusting. Always keep in mind that “If it’s too good to be true, it is not true.”

Furthermore, keep a hardware wallet or a separate offline wallet like Trezor or Leger. They offer additional security and protection from outside threats as they are only linked to the internet when in use. You can hold multiple cryptocurrencies in such devices, and they can never be compromised with computer viruses.

Once you are done with these setups, ensure backup and recovery actions are planned. It’s like making sure your harnesses are put on correctly you go bungee jumping. Additionally, with an inheritance plan, you can live peacefully, knowing that your loved ones will be safe and content.

Let’s move on to the final segment of this blog now.

How to secure your assets when they are at Centralized Exchange or Custodian?

When your coins are at a Centralized Exchange or a custodian, start with basics like:

  • Enable two-factor authentication: It is a method of authenticating yourself to a device or service that requires two different factors. This makes sure that you have the most robust protection against account abuse and crypto theft.
  • Whitelist the addresses: Withdrawal address whitelisting is a security feature most crypto exchanges offer to safeguard your crypto assets. It generally means that a crypto wallet address must be approved in advance. This feature safeguards you against unwanted cryptocurrency transfers made by mistake and account compromise.
  • Setup a nominee: You either put it off or don’t believe it’s necessary enough to fill out the extra two pieces of needed information. However, by submitting a nomination, you can safeguard the interests of your loved ones, who will stand to gain from your investments in the event of your demise.
  • Asset Allocation: It is always advised never to put all your investment eggs in one basket as it reduces the overall volatility. You can diversify by market capitalizations, regions, and multiple cryptocurrencies of different applications. It will distribute your assets in accordance with your objectives, level of risk tolerance, and investment horizon in order to balance your risk and reward.
  • Portfolio Outside Exchange: Similar to a stock market for stocks, the majority of today’s cryptocurrency buying and selling occurs through an exchange. Even though it is convenient, you should also look to diversify your investment outside the exchange. For instance, you can opt DeFi ecosystem to stake, loan, or deposit in a pool. It will not only bring more security but will also generate passive income.

Even though Crypto Security still needs to advance with standards and strong systems.

Every little step you take counts. Remember, hackers are waiting for you to make foolish mistakes. And understanding the concept of securely trading cryptocurrency will stop you from making that mistake. Keep yourself updated and discover new potential by exploring the world of crypto security.

Learn more about Liminal here.

Become #LiminalSecure today, and do not forget to follow our blog and social media channels to keep yourself updated.

More on Crypto

As we continue constructing a fully regulated digital asset custody platform, ensuring secure storage for both crypto and fiat assets remains a critical priority. 

To facilitate the last checkpoint of enabling institutions to convert their digital asset treasury into fiat currency, we’re expanding beyond pure wallet infrastructure and integrating seamless fiat off-ramp capabilities for our partners.

We’re thrilled to announce our partnership with Encryptus, licensed and compliant off-ramp solutions tailored for institutional clients. This collaboration elevates Liminal’s service offerings by empowering our partners to convert their digital asset treasuries into fiat currencies efficiently.

Integrating A Seamless Off-Ramp Solution

The digital asset ecosystem historically faced friction points when transitioning between fiat and cryptocurrencies. Off-ramp solutions address this pain point by enabling efficient and streamlined conversion between asset classes, minimising value loss and simplifying compliance processes.

Here’s how off-ramp changes the game:

  • Reduced Friction: Frictionless conversion minimises delays and operational complexities associated with traditional fiat-crypto exchange methods.
  • Enhanced Efficiency: Streamlined workflows expedite asset conversion, increasing speed and cost-effectiveness for institutional and individual users.
  • Optimised Value Preservation: Advanced off-ramp solutions prioritise minimising price slippage and value loss during conversion, protecting user portfolios.
  • Simplified Compliance: Integrated compliance features navigate regulatory complexities, ensuring adherence to relevant financial regulations.

With our partnership with Encryptus, we have embedded their institutional-grade APIs, connecting their off-ramp solution within Liminal’s wallet and custody platform. 

This integration simplifies our clients’ liquidation requirements while keeping their assets secure and more:

  • Effortless Digital Asset to Fiat Conversion: Our partners will be able to access treasury management and facilitate business payments in 54 countries and individual payments in an extensive network of 80+ countries.
  • Streamlined Compliance and Regulation: Our partners will be able to leverage Encryptus’s rigorous licensing and compliance framework, ensuring adherence to stringent financial regulations.
  • Enhanced Platform Value: We will be able to expand the functionality of the Liminal custody solution, attracting institutional users seeking comprehensive digital asset management capabilities.

Moving Towards A Robust Off-Ramp Partnership With Encryptus

The partnership between Liminal and Encryptus earmarks a significant step forward in secure digital asset custody, representing a shared commitment to pushing compliant practices while supplying institutions with easy access to convert their digital assets to fiat. 

For Encryptus, the opportunity to integrate with Liminal’s established platform presents a chance to reach a wider audience and scale their innovative off-ramp solutions to new heights. By streamlining fiat conversion within Liminal’s secure custody infrastructure, Encryptus gains access to a trusted network of institutional users seeking seamless and compliant treasury management.

For Liminal, this collaboration reinforces our dedication to partnering with companies that demonstrably prioritise clear governance and robust policy frameworks. By aligning with Encryptus’s stringent compliance standards, we reaffirm our commitment to building a secure and sustainable future for digital assets, where trust and regulatory certainty go hand-in-hand.

January 22, 2024

Hello world, it’s that time of the month when we share the biggest security breaches in the world of Web3 through our Security and Regulatory Newsletter. 

Liminal believes in optimizing security and custody practices globally across the Web3 industry. Through our Newsletter, we highlight security, regulations, and compliance incidents that have happened in the past month and how one can follow better Security practices to safeguard their digital assets. 

We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.

Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.

Web3 Security Compromises in January

Abracadabra exploited for almost $6.5 million, Magic Internet Money stablecoin depegs

The Magic Internet Money ($MIM) stablecoin has lost its dollar peg again, dipping all the way below $0.77 in a flash crash before returning to around $0.95.

The depeg appears to be related to an exploit of the Abracadabra lending protocol, which allows people to borrow $MIM. An attacker exploited an apparent flaw in the platform’s smart contracts to drain around $6.5 million.

Goledo Finance hacked for $1.7 million

Goledo Finance, an Aave-based lending protocol, was exploited through a flash loan attack. The attacker stole assets estimated by CertiK to be around $1.7 million.

Goledo Finance contacted the attacker to offer a 10% “bounty” for the return of the remaining assets. In a message on January 29, the attacker wrote: “I hacked Goledo and want to negotiate.”

Socket service and its Bungee bridge suffer $3.3 million theft

The Socket cross-chain infrastructure protocol was hacked for around $3.3 million in an attack that exploited its Bungee bridge. The thieves were able to exploit a bug that allowed them to take assets from those who had approved a portion of the system called SocketGateway.

A little over 700 victims were affected, and the highest loss from a single wallet was around $657,000. 121 wallets lost assets priced at more than $10,000.

On January 23, the protocol announced they had recovered 1,032 ETH (~$2.23 million) of the stolen funds.

Web3 Regulatory Practices for January

The EU Imposes Stricter Due Diligence Rules for Crypto Firms

On Jan. 17, the European Council and the Parliament came to a provisional agreement on parts of the Anti-Money Laundering Regulation (AMLR) that now extends to the crypto sector.

Under the new rules, cryptocurrency firms will be required to run due diligence on their customers involving a transaction amounting to €1,000 ($1,090) or more. 

However, the agreement isn’t final yet as it has to be first officially adopted by the Council and Parliament before the rules can be applied.

So, after the EU passed its landmark MiCA regulation last year, which clarified rules about cryptocurrencies, regulators are now targeting the space with tighter controls. 

While these regulations bolster security and trust in the crypto market, potentially attracting more cautious investors and combating financial crimes, they also present challenges. 

The US State of Virginia Introduces Digital Assets Mining Rights

Recently, the Virginia State Senate introduced Bill No. 339, which outlines regulations for the transactions and mining of digital assets and their treatment under tax laws. 

The legislation exempts individuals and businesses engaged in crypto mining activities from obtaining money transmitter licenses. Additionally, it protects miners from any discrimination. 

Issuers and sellers of crypto are also exempted from securities registration requirements if certain conditions are met. Moreover, those offering mining or staking services are not to be classified as “financial investment” but must file a notice to qualify for the exemption.

The bill further incentivizes crypto’s use for everyday transactions by offering tax benefits. Under this, up to $200 per transaction can be excluded from an individual’s net capital gains or gains derived from using crypto to purchase goods or services, starting from Jan. 1, 2024.

Key Takeaways:

  • Hackers continue to exploit vulnerabilities in DeFi protocols and cross-chain bridges, highlighting the need for robust security measures.
  • Regulatory frameworks are evolving rapidly, with stricter AML rules and supportive legislation for emerging technologies like crypto mining.
  • Staying informed about these developments is crucial for navigating the digital assets market safely and responsibly.

Stay #LiminalSecure

These events highlight the constant evolution of Web3 security and regulation. You can confidently navigate this dynamic landscape by staying informed and prioritizing security best practices. 

At Liminal, we’re committed to empowering institutions to unlock the full potential of digital assets without compromising security or compliance norms with our robust custody and wallet infrastructure solutions. Join us on this journey towards a safer, more accessible future for digital assets.

January 15, 2024

Buckle up as we’re about to take a trip down memory lane. 

The year 2023 was a wild ride that showed signs of a plummeting market, groundbreaking innovation and regulatory hurdles. 

Contrastingly, in the same year, we saw no market-shattering crashes. Financial institutions extending an olive branch, key jurisdictions unlocking the doors to blockchain technology. 

Simultaneously, at Liminal, we experienced significant breakthroughs, re-engineering our positioning and becoming a pioneer in digital asset security with bank-grade custody. 

We took major strides this year, right from building comprehensive products to becoming a qualified custodian, from revamping our brand design to expanding our offices in newer locations, from partnering with hyper-local communities to onboarding a diverse set of clients,  we did it all. 

So, let us take you through everything we accomplished in 2023 and what the future holds.  

Liminal Became A Qualified Custodian

One of the prominent moves we made this year was to change our positioning as a regulated custodian from being a wallet infrastructure platform. 

We got two licenses in key jurisdictions to operate as a regulated custodian. 

The first one came from Hong Kong, where we acquired the TCSP license issued by the SFC, which oversees and regulates financial activities to ensure compliance with legal and regulatory obligations. 

Our next license came in the MENA region, where we got In-Principle Approval for the FSP license granted by the FSRA, a governing body in ADGM, to establish a progressive financial services environment. 

Both these licenses paved the way for Liminal to push its wallet infrastructure and offer bank-grade custody to institutions looking to operate in these particular regions. 

Liminal Introduced A Suite of Products & Features

Continuing our building spree, we launched new products and integrations to broaden the existing infrastructure and added more parameters of security, scalability and sustainability. 

Staking-as-a-Service

Liminal launched staking for institutions to eliminate the risks involved in running staking nodes and the vulnerabilities in hot wallet transfer. 

Hence, we introduced an industry-first mechanism of cold wallet staking to ease staking for institutions and secure assets explicitly.  

Whitelabel Solution

Accelerating the go-to-market time for organisations looking to build a secure and customisable application, Liminal launched its whitelabel solutions

Targeted to help organisations meet security standards, manage assets with maximum control, and add their custom branding to give it a personal touch. Our whitelabel solution is a first-in-class custodian-developed solution for institutional grade custody.

Smart Consolidation

We are building not just secure custody but also automation-based features to eliminate manual errors, increase the throughput of transactions and scale institutional wallets. 

Taking this ahead, we launched the Smart Consolidation feature to automatically calculate all the active addresses and consolidate them into a single address. With this level of automation, managing multiple addresses becomes uber easy for wallet teams. 

Travel Rule 

To limit the use of cryptocurrencies for activities like money laundering and terror financing by regulatory bodies, travel rule was mandated for institutions to follow. 

Continuing the latest compliance integration policy, Liminal partnered with Notabene to introduce Travel Rule, enabling institutions to manage counter-party risk and extend the process of due diligence right from the Vaults dashboard.   

Liminal Accured List Of Security Certifications

Following our ISO certification for data privacy and risk management, we added two new security certifications to fortify our systems and build trust for our clients. 

Liminal Achieves Crypto’s Highest Security Mark: CCSS Level-3 Certified

Cryptocurrency security lacked a gold standard, creating a vulnerable ecosystem. Enter the CryptoCurrency Security Standard (CCSS), setting the bar for auditing and certifying custodian infrastructure and establishing levels of trust and confidence for investors. 

Liminal became only the second wallet infra platform and the first regulated custodian to be accredited with Level-3 certification, deeming wallets, transfer environments, workflows and engines safe and secure. 

Liminal Reciueved SOC 2 Type II Certification

To tackle threats in institutional-grade security, organisations’ SOC has been identified as the primitive compliance standard for service organisations to handle customer data.

Liminal successfully attained SOC 2 Type II certification, validating its setup of security controls & compliance processes to be industry standard. 

Liminal Level Up

Liminal unveiled its most significant platform upgrade ever, revolutionising the future design standard of a qualified custodian. This level-up activity included revamping our website and product UI, giving a completely new look and feel to not “Liminal” but “Liminal Custody”. 

The Liminal level-up activity was a strategic step and the biggest one for us this year to create an intuitive, inviting and tailored experience for our clients. 

Liminal Reached New Borders

We spread out our operations this year, reaching new borders and onboarding a new wave of institutions across gaming, DeFi, HNI wealth, treasuries, and exchanges! From Indonesia and Africa to India, UAE, and Korea, we are setting up custody operations worldwide. 

This isn’t just a roster of clients; it’s a network ready to spark connections, collaborations, and shared success to further the definition of secure assets. 

Liminal Collaborated With Law Enforcement Agencies

The best and the proudest moment of Liminal for this year was when we collaborated with CBI & Himachal Prashesh police department to aid them in seizing digital assets. 

This partnership put us on the map, as we became the first point of contact for LEAs in India, and we standardised the process of secure seizure of digital assets. Leveraging our expertise, we enabled a safe space for officers to learn the basics of custody, contributing to a safer digital landscape.

Team Liminal Grew Bigger

Building such a massive infrastructure, prioritising security and compliance over everything else, we had to grow the team to build at pace and expand at an even higher level. Not only did we grow in team numbers, but we also elongated our footprint to new destinations. 

Team Liminal went from 32 to 70 with 5 new offices in Mumbai, Ahmedabad, Hong Kong, Singapore and ADGM, setting up our custody operations steadfastly. 

What’s To Look Out For In 2024

We are excited to announce that our commitment to integrating the most secure digital asset wallets with a cutting-edge custody platform is swiftly becoming a reality. 

The upcoming year, 2024, will serve as a testament to this transformative journey. Moving beyond self-custody, we are constructing a comprehensive infrastructure encompassing both custodial and non-custodial wallets. Exciting products are set to launch starting from the first week of January, some of which are: 

  • Official Custody Platform Launch
  • Liminal’s Off-Exchange Settlement Hub
  • Secure Custody of Real-World ‘Tokenised’ Asset

The Web3 space has evolved explicitly this year, pushing the narrative of secure digital asset custody and security, introducing new regulations and compliance standards, licensing VASP providers and standardising the use of custodians as a trusted third party. 

At Liminal, we took major strides this year, from building comprehensive products to becoming a regulated custodian, from revamping our brand design to building the full infrastructure of custodial and non-custodial wallets.

January 5, 2024

Find Out How You Can Benefit From A Fully Self-Custodial Wallet Architecture