Financial Execs Say Security a Top Cryptocurrency BarrierSurvey: Cybersecurity, Regulatory Concerns May Slow Digital Asset Adoption
Although a majority of financial services executives predict that cryptocurrency will replace or rival fiat currency within the next five to 10 years, they say cybersecurity, regulatory and privacy issues are among the biggest obstacles to its adoption, according to a survey by Deloitte.
The professional services company's "2021 Global Blockchain Survey" of 1,280 executives worldwide found that 81% believe blockchain - the general ledger that supports cryptocurrency - is "broadly scalable" and already mainstream.
Asked to identify the leading barriers to digital asset acceptance, 71% of respondents cited cybersecurity; 63% said regulatory issues and 59% pointed to privacy concerns.
Some 68% of respondents indicated that data security and privacy remains the regulatory area in "greatest need of change."
Cryptocurrency security issues have grabbed headlines in the past two weeks.
Japan-based cryptocurrency exchange Liquid suffered a cyberattack that led to the loss of $97 million. And decentralized finance platform Poly Network, a protocol of Chinese blockchain project Neo, had $612 million siphoned from is channel, although it was incrementally returned - including the final $141 million earlier this week (see: Poly Network Hacker Reportedly Returns Most of Stolen Funds).
Karl Steinkamp, the director of payment card industry offerings for the security firm Coalfire, says these breaches "speak to the broader narrative that innovation companies need to continue to build more security by default into their products" or risk going out of business. He calls for regulation of exchanges and third parties operating in cryptocurrency environments.
"In the U.S., it remains unclear as to whether regulators will continue a piecemeal guidance effort [around cryptocurrency], or whether the Securities and Exchange Commission, banking regulators and the Commodity Futures Trading Commission will join forces and coordinate, or whether Congress will act to establish an end-to-end framework," the Deloitte survey report notes.
"In the near term, we expect U.S. regulators to issue additional guidance focused on concerns, such as cybersecurity, anti-money laundering, securities registration, antifraud, tax, and transaction reporting risks that are associated with cryptocurrencies," the report adds.
A bill introduced in the Senate earlier this month, the Sanction and Stop Ransomware Act, calls for developing regulatory actions around cryptocurrency - including suspicious transaction monitoring and adhering to know-your-customer standards (see: Countering Cyberthreats: 2 Legislative Proposals Introduced).
Meanwhile, the $1 trillion U.S. infrastructure bill - due for a vote in the House by late September - would impose expanded tax obligations on crypto operators.
'Opportunities for Real Change'
Security teams must keep pace with blockchain's evolution, the Deloitte report suggests. "There is shared optimism about future revenue opportunities from blockchain, digital assets and cryptocurrency solutions," the report states. "Opportunities for real change in several areas of the fundamental building blocks of the global financial markets exist for those players that can navigate the current regulatory dynamics and uncertainty."
The report adds that "even the most dedicated believers in digital assets have legitimate security concerns." Security experts have pointed to the need to implement strong authorization controls, effective threat detection and blockchain analytics capabilities, as well as to create and adopt peer-reviewed industry standards.
Cybersecurity risks remain at the core of DeFi, or "decentralized finance," an umbrella term for a variety of financial applications in cryptocurrency or blockchain geared toward disrupting financial intermediaries. Indeed, DeFi does not rely on central intermediaries such as banks, brokerages or exchanges to deliver financial services, including lending, borrowing and trading. Instead, DeFi applications rely on smart contracts, especially Ethereum, on blockchains.
Between January and July, cryptocurrency thefts, hacks and fraud across the broader digital asset market totaled $681 million, according to recent research from blockchain analytics firm Ciphertrace. DeFi-related hacks totaled $361 million, the research shows.
DeFi projects involve participant-based blockchain transactions mediated by a "DeFi protocol," many of which use open-source software. A lack of security controls remains a concern, although DeFi investment has grown exponentially since 2020, according to tracker DeFi Pulse.
Some DeFi projects get hacked because of "developer incompetence, which causes coding mistakes that hackers can abuse," says "William S.," a security researcher for the virtual private network firm Atlas VPN, in a blog post.
Many DeFi crimes can either be traced to "outside agents" hacking the protocol or a "rug pull" conducted by insiders, he says.
And a lack of regulation in the crypto industry - including mandated robust security and regulatory controls - "allows cybercriminals to thrive either by hacking less secured DeFi projects or by carrying out [insider-based] rug-pull scams," the Atlas VPN researcher says. "For DeFi to become more legitimate, it is essential to establish [both] security and business regulations."