Parity, one of the forerunners of smart contract coding suffered security breach this week. As confirmed by Etherscan.io 150,000 ethers, worth $30 million, have been stolen. On different media there was discussion going on about the targeted attack: Edgeless Casino, Swarm City, and æternity – three ICO projects built on Ethereum as suggested by Manual Araoz.
I am deeply concerned about this development. It is another (new) factor raising risk profile of investment in token-based startups. From investor perspective this is yet another reason to say “well, maybe no”. It is also clearly a blockchain specific risk carried only by ICO-financed start-ups which runs in a contrast to the situation of traditionally funded equity crowdfunding: no fiat money can be stolen from their bank account anymore.
This situation reminds me of what we lived through back in 2013-15 as a group of largest holder of Bitcoin were targeted individually and huge amount of Bitcoin was regularly stolen. Back then it got so bad, that those people were afraid even to talk about it fearing even bigger revenge hack might touch their non-crypto assets.
The major effort involved in creating the FORT KNOX of Bitcoin evolved from there. As a such, Silicon Valley based Xapo were among the first startups to focus solely on this goal: to make a super secure, impenetrable wallet. Back in 2014 it created an incredible security around deep-cold storage of keys and multisig procedure. The keys were stored on multiple hardened facilities spread around the world. One of such was placed in Switzerland, in the military security grade bunker. Being part of Xapo back then, I used to take bank representatives and fund managers there. It was part of their internal security audit, before they would decide to store Bitcoins with Xapo (about this Swiss military bunker you can read more in Digital Money in Gotthard Granitt).
Back then and until now I store all of my Bitcoin holdings with Xapo. It is because I know exactly in a pretty fair depth of technical detail, how secure is the storage process. I have seen it and touched it with my own hands. Yes, it has its disadvantages: it takes up to 48 hours to retrieve your Bitcoin from the vault into the hot wallet. But I personally better be patient and safe than fast and fearful.
The security breach of this week brings to the surface yet another question. The first chapter of crypto security was written about Bitcoin. Now we are approaching next mile. As crypto assets are growing as an investment class, the question arises who and how will take care of its security. In particular for companies like us, SMART VALOR, which is building a platform for tokenized alternative investments, the key challenge is: as we do not have a custodian bank, responsible for holding those assets, how do we make sure those tokenized assets are stored securely? Currently we started work on the concept of this super safe crypto-securities custody. As to the geographical focus, it will definitely be placed here in Switzerland and we started talks with different security providers. Swiss-safe will certainly hold its name here.