News Updates January 02, 2023

1. Bitcoin Core developer hack highlights self-custody risks: Community responds

A Twitter user pointed out that if a top Bitcoin developer can’t keep his wallet secure, then mass adoption is a pipe dream.

With one of Bitcoin's original core developers claiming that his balance got drained by a hacker, the crypto community is at a loss at how “normal people” can succeed at securing their own Bitcoin 

BTC $16,708

In a recent thread, Luke Dashjr claimed that some alleged attackers had somehow accessed his PGP (Pretty Good Privacy) key, which is from an encryption program that creates cryptographic authentication.

Members of the crypto community voiced their concerns about how a Bitcoin core developer who is known for being security conscious could be compromised. Some believe that this makes it difficult for normal people to adopt or secure their Bitcoin.

In a post, a Twitter user was shocked by the news, believing that not many would be able to help the developer and that “there's little hope for most.” They tweeted:

@LukeDashjr@BitcoinHackers.org on Mastodon. Jan 1, 2023

@LukeDashjr

PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin

Jason Hughes

"You've definitely been one of the most security conscious folks I've known in this space, so this is a little shocking.

2. Bill on Digital Ruble Submitted to Russian Parliament.

A draft law devoted to the digital ruble has been filed with the State Duma, the lower house of Russian parliament. The legislation introduces rules determining how the new form of national fiat will be issued and amends a series of legal acts to facilitate its implementation.

Bank of Russia to Be the Sole Operator of the Digital Ruble Platform

A group of Russian lawmakers, led by the Chairman of the Financial Market Committee Anatoly Aksakov, have submitted draft legislation on the digital ruble, the central bank digital currency (CBDC) minted by Russia’s monetary authority. The document suggests legislative changes meant to create the conditions for its introduction.

According to the explanatory notes to the bill, quoted by the crypto page of the Russian business news portal RBC, its main purpose is to develop the necessary payment infrastructure for the digital ruble. This, the sponsors believe, would provide Russian citizens, businesses, and the state with access to fast, convenient, and low-cost money transfers.

The proposal aims to amend several existing laws such as the law on “On the National Payment System” to which the members of Duma want to add definitions pertaining to the CBDC. The new provisions assign to the Bank of Russia the role of sole operator of the CBDC platform. They also establish the procedures for opening wallets for the digital ruble and accessing its platform.

An amendment to the law “On Currency Regulation and Currency Control” secures the status of the digital ruble as a currency of the Russian Federation and defines CBDCs issued by the central banks of other nations as foreign currencies.

Changes to the Federal Law “On Personal Data” allow Russia’s central bank to process personal information without obtaining consent and without the need to notify in advance the Russian authority responsible for protecting the rights of subjects of personal data.

The Central Bank of Russia presented the concept for its digital currency in October 2020 and finalized its prototype platform in December 2021. The pilot phase was initiated in January of this year. In May, the monetary authority said it plans to start tests with real transactions and customers in April 2023.

In June, amid mounting Western sanctions imposed over Moscow’s military invasion of Ukraine, the regulator said it’s accelerating the schedule for the project, aiming for full launch in 2024. Over a dozen Russian banks and other financial institutions are currently participating in the trials.

3. How crypto custodians can help centralized exchanges win back public trust

In the post-FTX world, crypto exchanges must offer stronger protection for investors’ assets, writes Colin Brooks, chairman of the advisory board of Hex Trust.

“Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here. From compromised systems integrity … to the concentration of control in the hands of a very small group of inexperienced, unsophisticated and potentially compromised individuals, the situation is unprecedented.”

These comments from John Ray III, the new CEO of FTX, are becoming watchwords for the turbulence that has engulfed the virtual asset industry. They should serve as a warning to all investors that, however successful and respectable an organization might appear, you cannot be too careful when it comes to safeguarding your and your clients’ assets.  

The dust has not begun to settle on the failure of FTX and its knock-on effects; it will likely be several months before all the facts come to light. What is absolutely clear, however, is that basic principles and controls were simply non-existent, enabling client assets to be used to support the operations of the exchange itself. This goes against the basic principle of asset segregation, whereby assets belonging to the client of a company are held separately and securely, away from the assets of the company itself, in this case, FTX.  

What makes this more disturbing for crypto investors is that FTX was not a one-off case — there have been too many similar instances in recent months where those basic principles of client asset segregation have been overridden, client assets commingled with the assets of exchanges, used as collateral or to finance funding shortages and then ultimately lost with little or no recourse for the impacted clients. Although such practices are highly questionable and hugely damaging, they aren’t necessarily actually illegal in the relatively unregulated crypto world. 

The custodian acts solely as an agent for client assets, never as a principal. Client assets do not form part of a custodian’s own balance sheet. 

A professional custodian provides infrastructure to ensure the safety of client assets, which includes: 

Fully regulated and audited environment 

Full segregation of client assets from its own 

Secure technology using the latest standards against unauthorized access 

Bank-grade controls (no single person can move assets)

Independent internal governance and checks and balances 

Regular reconciliation of client positions 

Internal and external management of risk and security — continuous review and improvement 

Regardless of whether it relates to TradFi or virtual assets, best practice is for assets to be held by an entity that does not itself indulge in risk-creating activities. This ensures that not only are clients’ assets segregated and therefore safe, but it also makes them bankruptcy remote, i.e. minimizing the likelihood of any prolonged lock-up of assets caused by, for example, the bankruptcy of the custodian.  

Regulatory jurisdictions are increasingly embracing custodians as part of their licensing regime, seeing them as a core link in the virtual asset investment chain. This is further boosting their role and some in the industry are even talking about making use of custodians mandatory for holding client assets. 

For more frequent traders, moving assets between wallets is not necessarily practical and other models might therefore be used. Some options being used or considered to increase asset security include: 

Escrow account model into which assets from both sides of a trade are transferred, effectively creating a single clearing counterparty between the two sides of a transaction. 

Application programming interface connectivity between exchanges and custodians that enables a custody client to make a selected part of their wallet available to an exchange for trading purposes, with the ability to return assets outside the reach of the exchange once a trade has settled. This enables clients to deal with multiple exchanges from a single wallet. 

Cross-chain services involving wrapping/unwrapping of specific products or positions where the principal assets are held in custody and a synthetic representation of the asset is traded, with settlement of the actual asset occurring on a net basis periodically during the day. 

The virtual asset industry faces many challenges right now, but it should be able to emerge from the turmoil leaner and fitter while offering strong levels of asset protection for investors who, quite rightly, are now highly wary of entrusting their assets to parties with conflicting interests. As clients of exchanges increasingly demand safeguards for their assets, custodians and exchanges will need to collaborate to develop new models that provide a balance between the security of assets and simplicity of operations. Re-establishing trust and dependability is critical to the future of the industry, and custodians should play a core role in this process.