With the rise of DeFi has come the rise of digital asset theft. To combat this, digital asset holders use a variety of security mechanisms that protect and secure their digital assets. Even so, in 2021 cybercriminals stole over $14 billion worth of digital assets.

As DeFi continues to grow and more traditional investors and institutions enter the space, the ability to deter and prevent digital asset theft will only grow in importance.

With that in mind, Index Coop has partnered with Qredo, a leading self-custody platform, to bring you this overview of the basics of digital asset security. In it we’ll cover:

• An introduction to digital asset security

• Private key risk

• Traditional ways of securing digital assets

• A new way of securing digital assets: Multi-party computation

Introduction to Digital Asset Security

At the core of digital asset custody are wallets, which are simply storage vessels for digital assets. Contained within wallets are two types of keys—private keys and public keys—that facilitate digital asset transactions. These keys are randomly generated strings of numbers and letters that allow a user to manage their assets. The private key acts like a password with its primary purpose to authenticate and encrypt transactions. The public key acts like a username with its primary purpose to identify the individuals taking part in the transaction.

In DeFi, it is the private keys a user holds that unlock access to the user's assets. This differs from traditional finance (TradFi), in which users must work with banks to access their assets. Because keys unlock the entirety of an institution’s digital asset portfolio, institutions may find it difficult to securely manage them without using a custody solution.

Private Key Risk

To steal digital assets, cybercriminals most commonly exploit a user’s private keys, which allows them to control all funds. From there, attackers can transfer these funds from the victim’s wallet anywhere, like their own wallet.

Since the advent of cryptocurrency, digital asset users have accidentally discarded, overwritten, or lost private keys in different ways. Equally, users have suffered huge losses through private key hacks by cybercriminals and malware.

Private keys are most commonly exploited in three ways:

• A cybercriminal infects a server with malware that steals a victim’s private key.

• A cybercriminal steals a hardware security module (HSM) authentication token and uses it to sign a withdrawal transaction of a victim’s account.

• An authorized internal employee of a private key storage solution, like a centralized exchange, steals a victim’s private key.

Private key loss is a constant feature of the digital asset ecosystem. Because of this, digital asset custody providers have expended much effort to ensure secure solutions.

Traditional Ways of Securing Digital Assets

To mitigate private key risk, individuals and institutions use digital asset custody services. These typically fall into one of the following categories: exchange wallets, custodians, or self-custody solutions. Each has advantages and disadvantages. Some may be more appealing to institutions versus individual investors.

Exchange wallets

Exchange wallets allow users to maintain access to their digital assets through an online wallet, but they hand over control and management of their public and private keys to the exchange. Because the exchange holds the private keys, the exchange also holds the digital assets contained within the wallets. Examples are Coinbase, Binance, Okex, and Huobi.

Exchange wallets are a go-to choice for novice digital asset users; they allow for ease of access and provide a customer support team to assist with security inquiries. Users of exchange wallets face counterparty risk, the possibility that the exchange may default on the contractual obligations, therefore failing to secure or maintain the assets deposited. For example, exchanges may be declared insolvent, meaning they have more liabilities than assets on their balance sheet. Since users of exchange wallets do not hold the private keys to their digital assets, they would be unable to withdraw their digital assets. This happened most recently to the centralized exchange Celcius. In July 2022, Celcius declared bankruptcy, owing users $1.2 billion.

Custodians

Custodians are one of the pillars of the TradFi system. In TradFi, custodians serve as vaults, safekeeping investors’ assets in both electronic and physical form in exchange for a fee. Custodians employ both buy-side and sell-side security mechanisms. These mechanisms facilitate timely transactions while minimizing the risk of fraud, theft, or loss of assets.

Digital asset custodians fulfill a similar role in protecting users’ assets. They update the methods of traditional custodians to meet the distinctive features of digital assets. Simply, they cryptographically secure assets through safe key management in exchange for a fee.

There are three significant ways digital custodians differ fromTradFi custodians:

• Once digital assets are deposited to an exchange, they are not legally the investor’s property.

• Very few jurisdictions around the world regulate digital asset exchanges, in contrast to the heavy regulation of traditional assets.

• Digital asset exchanges do not only provide custody for assets; they also act as brokers, serving as a central marketplace for trading.

Additionally, the security technology of TradFi cannot be replicated in DeFi. TradFi security measures often create transaction delays. Requiring 24-48 hours to complete a transaction in DeFi would create capital inefficiencies because evidence shows that transfer speeds and profits are highly connected in the digital asset market. This means that TradFi custodians must adjust their methods to account for the need for faster transaction speeds in DeFi.

Custodians are important to institutions looking to secure digital assets for 4 reasons:

• They’re safer than exchanges. Exchanges are more susceptible to insolvency, regulatory crackdowns, and cybercriminal attacks.

• They provide a resource for investors. Most licensed custodians do not only serve as storage providers; they can provide or recommend risk assessment and insurance for institutions.

• They provide some degree of operational efficiency. Custodians can ease the often daunting nature of digital asset trading and management by providing simple technology and expertise.

• They reduce risk and improve security. They reduce risk and improve security. Custodians' resources provide institutions with safe, regulated storage for their digital assets.

Dedicated custodians can be crypto-native companies, like Coinbase Custody and BitGo, or forward-thinking TradFi firms that offer various levels of support for digital asset security, like Fidelity and BNY Mellon.

Self-custody solutions

Self-custody solutions include hardware (“cold”) and software (“hot”) wallets. They allow users to maintain full control over their private keys, and by extension, their digital assets. Examples of cold wallets include Ledger and Trezor. Examples of hot wallets are MetaMask, Coinbase Wallet, and Argent.

The major advantage of self-custody solutions is control. Since users own their private keys, their digital assets cannot be stolen or lost. Self-custody solutions maximize security by holding private keys offline, but they come with the tradeoff of an inconvenient user experience and with a burden of responsibility. Users must safeguard their private keys themselves. If users of self-custody solutions lose their private keys, they will be permanently unable to access their digital assets.

A new way of securing digital assets: Multi-party computation

MPC, or multi-party computation, is a novel cryptographic technique that allows multiple parties to make calculations using their combined data without revealing their individual input. This security mechanism addresses the risks faced by traditional digital asset custody solutions.

This tech was first invented in the 1980s and found its first major practical application in crypto. MPC replaces the private keys controlling digital assets with a distributed signing process.

Many custodians are now moving away from cold storage and hot wallet architecture towards infrastructure based on MPC. MPC enables flexible and sophisticated governance policies, and resolves the compromise between security and accessibility that is fundamental to hot and cold wallets. This technology even has the potential to completely decentralize private keys. But most MPC vendors haven't yet taken advantage.

Instead, most MPC custodians still operate in a centralized way that requires customer trust. They typically control sensitive key material used in the signing process and store customer ledgers in a trusted database.

This not only makes them a trusted third party that may be subject to regulation as a custodian, but it also negates the supposed decentralized security of MPC nodes. Any hacker or malicious insider aiming to attack such an MPC vendor could simply compromise the centralized database and rewrite the ledger, changing ownership policies and invoking transactions at will.

About Qredo

To offer truly decentralized custody, Qredo has built a blockchain-based implementation of MPC.

Shares of the private key are contained in the MPC nodes. Nodes are distributed across security-hardened Tier 4 data centers of global financial hubs.

And instead of being driven by a centralized database, the distributed MPC nodes are driven by a blockchain. This provides an immutable record to record asset ownership that cannot be tampered with. Each change to the custodial records, each ownership change, and each transaction must be confirmed by the blockchain validators. This creates an immutable record that is replicated by each node on the network and impossible to change without authorization.

Without the single vulnerability of private keys, there is no need for cumbersome hardware or manual operations. Assets can be made instantly accessible at the touch of a finger or transactions can be automated through API.

About Index Coop

Index Coop is a decentralized autonomous organization (DAO) that powers structured decentralized finance (DeFi) products and strategy tokens using smart contracts on the blockchain. We offer a suite of sector structured products, leverage and inverse products, and yield-generating products. We aim to create products that are simple to use, accessible to everyone and secure. Our products are built on Set Protocol, a twice-audited, self-custodial DeFi tool that allows for the creation and management of Ethereum-based (or ERC-20) tokens. Among users, partner protocols, and our composable products, Index Coop maintains one of the largest partnership networks in the DeFi ecosystem.

How to buy Index Coop products with fiat currencies:

• First, you’ll need to create an Ethereum wallet like Argent, Metamask, Gemini, or Rainbow.

• Next, you’ll set up your new wallet and connect your bank account.

• Once you’ve deposited fiat currency in your wallet you can exchange it for Index Coop products like

  DeFi Pulse Index

  (DPI) or the

  Metaverse Index

  .

You can also earn or buy DPI tokens directly via your favorite decentralized exchange.

‍