By Ruben Merre. Ruben is the CEO of NGRAVE, a technology firm dedicated to helping users safeguard their cryptocurrency from theft. The company raised over 15 times its goal on IndieGogo in a 2020 crowdfunder for its flagship product, the ZERO wallet, dubbed “the coldest wallet.” NGRAVE has gone on to attract further investment from Cypherpunk Holdings and has onboarded renowned cryptography professor Jean-Jacques Quisquater as an advisor to the company.

Over the last couple of years, cryptocurrency has shown several signs that the days of the “financial Wild West” are in the past. The markets have expanded into newer instruments, including futures and options, with total open interest across both now topping $17 billion. The bad old days of token sale exit scams seem to be well and truly behind us. And at the end of last year, Coinbase announced that it is becoming the first company in the cryptocurrency space to undergo an IPO - undoubtedly the first of many, given the rate of unicorns entering the space.

However, perhaps the biggest indicator of maturity is the influx of institutional investment. Over recent months, fueled by investment from firms such as MicroStrategy and Grayscale, Bitcoin reached new record highs, with the total cryptocurrency market cap surpassing $1 trillion in early January.

Growth First, Security Second

Even despite all this meteoric growth, there is one issue that persists. The growth mindset of the cryptocurrency industry is pervasive, with most firms aggressively pursuing expansion at the expense of all else. Unfortunately, the area that suffers most in this strategy is security. Those holding cryptocurrency can never be 100% sure that their funds are safe.

While a growth mindset is healthy and necessary for any startup, the crypto industry has more at stake than the average tech firm. The lack of focus on security means that exchanges continue to engage in practices that put funds at risk. Even those prudent users who keep funds on hardware wallets end up discovering that they’re still a target for hackers.

In 2020 alone, the cryptocurrency industry was rocked by yet more security breaches. At the end of September, hackers targeted KuCoin – one of the world’s biggest exchanges. We still know very little about what happened, as the company has remained tight-lipped about the incident. However, we know that around $275 million was stolen, making it the third-biggest exchange hack of all time after Mt.Gox and Coincheck in 2018.

In December, EXMO, a UK-based exchange, was also hit for around $10 million. In both cases, it’s reported that hackers managed to gain access to hot wallets, typically used by exchanges to store operational funds needed to fulfill withdrawal requests quickly upon demand from users.

Hackers Are Using Ever More Sophisticated Techniques

Although we don’t know much about what happened in those two cases, a few recent instances have revealed the extent to which hackers will go to gain access to wallets. In December, it emerged that French hardware wallet provider Ledger had been subject to a data breach when hackers dumped their customer database on a website. Although this doesn’t constitute theft of funds, reports stated that users had been targeted in phishing attacks based on the leaked details.

In an example of an even more sophisticated attack, researchers recently revealed that they’d been involved in a year-long investigation into a piece of malware called ElectroRAT. The malware is a variant known as a Remote Access Tool, and it was spread through three scam applications, two fake crypto trading platforms called Jamm and eTrade/Kintum, and a phony crypto poker app called DaoPoker.

The fraudsters had developed versions of the malware for Windows, Mac, and Linux and had duped users across the globe into downloading their applications. Once installed on a victim’s machine, it would use techniques including keylogging and taking screenshots to steal private keys.

These incidents are having a detrimental effect on users perceptions of cryptocurrency security as a whole. For instance, according to a recent survey, around three times as many users reported feeling unsatisfied with the current state of cryptocurrency security after the Ledger incident compared to before it happened.

Retail Investors Face A Centralization Problem

For institutions and exchanges, there really is no excuse for these kinds of hacks. There’s a burgeoning market in institutional-grade hardware security modules that secure cryptocurrencies and can handle activities such as key management on behalf of companies. Advances in technology such as multi-party computation can split private keys across multiple servers and clouds, making them virtually unhackable.

However, for the retail market, the problem is one of centralization. It’s almost perverse in an industry that holds decentralization as one of its most cherished principles. But the market for hardware wallets is dominated by only two companies - Ledger and Trezor. Both have suffered security issues in the past, but users have had no alternative options so far.

So, users are left with two choices. The first is to find a reputable custodian for their funds – one that uses the kind of cutting-edge security hardware needed to keep hackers at bay. However, although some firms are more reputable than others, all crypto custodians tend to be cagey about how they secure their funds, for obvious reasons.

The other option is to take their chances with a wallet. However, hot wallets are notorious targets for hackers, and cold wallets remain vulnerable due to their dependence on internet connectivity, which creates an attack vector.

New Year, New Growth, New Security

In 2021, a new hardware wallet provider will launch, offering cold storage without connecting to the internet. The NGRAVE ZERO wallet will introduce a new player onto a centralized market and hopefully raise the stakes for established participants.

In light of the fact that cryptocurrency security is evidently lagging compared to the pace that the markets are maturing, an improvement is sorely needed. With a new year ahead and analysts predicting further epic growth, let’s hope that 2021 sees further advances in security that will help to restore trust in exchanges and wallets.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.