Blog
Grip on your EVE SOT
Over the past decades, banks significantly increased their efforts to implement adequate frameworks for managing interest rate risk in the banking book (IRRBB). These efforts typically focus
Find out moreIn recent years, blockchain technology has emerged as a game-changer in several financial areas, including treasury, risk and finance.
As a decentralized distributed ledger technology, blockchain can add value as a platform that integrates a corporate’s operational processes with its treasury processes. This could drive treasury efficiencies and reduce cycle times. Also, compared to centralized systems, blockchain provides benefits of enhanced security. However, these benefits also have a downside. Recent reports of large-scale hacks and frauds involving hundreds of millions of dollars have shed light on the potential security risks associated with blockchain.
One of the most prevalent security risks are phishing attacks on crypto wallets. A crypto wallet is a software that securely stores and manages crypto assets, enabling users to send and receive digital assets. These attacks trick users into providing their private keys, a password to access the crypto funds, which can then be used to steal their crypto assets.
It’s worth noting that most successful phishing attacks are the result of incorrect user behavior, such as clicking on malicious links and providing login credentials. While this is a widespread IT security risk and not specifically related to the security of the blockchain technology itself, it remains a critical risk worthy of attention.
Options to protect against phishing are using a two-factor authentication system, having good security awareness trainings for users and/or using the security services of a reputable custodian.
Smart contracts are self-executing contracts with the terms of the agreement written directly into code and are run on a blockchain network such as Ethereum, Solana or Avalanche among others. They offer a high level of transparency and security, but they are also vulnerable to hacking and exploitation if not written correctly. A well-publicized example of this was the hack of a Compound smart contract, a blockchain protocol on the Ethereum network that enables algometric money markets, where a vulnerability in the code allowed the hacker to steal a large amount of Compound tokens.1
To prevent such incidents, it’s crucial to have independent security audits performed on all smart contracts and to follow best practices for smart contract development. Another line of defense is to opt for insurance with a specialized blockchain insurance company which can provide coverage against losses caused by platform failures, smart contract exploits or other risks.
Bridge hacks
Approximately 50% of exploits in value terms in decentralized finance occur on bridges.2 Bridges are connecting mechanisms that allow different blockchain networks to communicate with each other and are gaining popularity for their ability to facilitate seamless asset transfers and integrate the features provided by the different blockchains.
Two main types of bridges exists:
Due to the large amounts of funds locked in these bridges it made them attractive targets for hackers. Therefore it is advisable to conduct thorough research when selecting a bridge to work with and to regularly monitor the security measures in place.
A Ponzi scheme is a type of crypto fraud that promises high returns with little to no risk. In this type of fraud, early investors are paid returns from the investments of later investors, creating the illusion of a profitable investment opportunity. Eventually, the scheme collapses when there are not enough new investors to pay the returns promised to earlier ones. Famous examples are Bitconnect and Plus tokens which caused multibillion losses and over two millions investors impacted.3 Another prevalent form of fraud in the blockchain industry is the misappropriation of customer funds by insiders or company leadership, as evidenced by the ongoing FTX case4, involving 8 billion dollars, where fraud allegations have been raised.
To avoid falling victim to Ponzi schemes or fraud, companies and retail investors dealing in cryptocurrency must perform due diligence before investing in any opportunity. This includes verifying the authenticity of the investment opportunity and the individuals behind it. Companies should also avoid investments that promise guaranteed high returns with little to no risk, as these are often warning signs.
Despite these challenges, blockchain technology as a whole is relatively secure. The decentralized nature of blockchain networks makes it more difficult for malicious actors to manipulate or attack the system, as there is no central point of control that can be targeted. Additionally, cryptographic techniques such as hashing, digital signatures, and consensus algorithms help to ensure the integrity and security of the data stored on the blockchain. The robustness of this technology is evident from the fact that popular and established networks such as Bitcoin and Ethereum have not faced any successful exploits or attacks over the years . However, there have been instances of successful hacks and attacks on less popular blockchain networks.
The utilization of blockchain technology in various industries has the potential to revolutionize the way we conduct transactions and manage data. However, it’s imperative to weigh the benefits against the potential security risks. From phishing attacks on wallets to Ponzi schemes and smart contract risks, organizations must take the necessary precautions to ensure their assets are protected including:
Zanders Blockchain Consulting Services
For Treasurers, the need for reliable and real-time data is great when working with multiple (external) stakeholders on a single process. Blockchain offers valuable support in this regard. It can also help with the creation of smart contracts or the use of crypto within the payment process. Since recently, Zanders offers blockchain consulting services to support corporates, financial institutions and public sector entities in reaping the benefits of blockchain and managing its additional security risks. By focusing on understanding the why of its application, and drafting a blueprint of the preferred solution, we can help define the business case for using blockchain. Subsequently, we can help selecting the best technology platform and third parties.
If you would like to discuss how blockchain, digital assets or Web3 can impact your business, please reach out to our experts, Ian Haegemans, Robert Richter or Justus Schleicher via +31 88 991 02 00.
Sources
(1) https://www.coindesk.com/business/2021/10/03/66m-in-tokens-added-to-recently-hacked-still-vulnerable-compound-contract
(2) Report: Half of all DeFi exploits are cross-bridge hacks (cointelegraph.com)
(3) https://blockchain.news/news/chinese-police-arrest-kingpins-plus-token-bitcoin-scam-worth-5-7-billion
(4) https://www.ft.com/content/6613eadb-eea0-42f8-8d92-fe46ad8fcf8c
Over the past decades, banks significantly increased their efforts to implement adequate frameworks for managing interest rate risk in the banking book (IRRBB). These efforts typically focus
Find out moreWhile SAC is a planning tool to be considered, it requires further exploration to evaluate its fit with business requirements and how it could unlock opportunities to potentially streamline
Find out moreAfter the collapse of Credit Suisse and the subsequent orchestrated take-over by UBS, there are widespread calls for increasing capital requirements for too-big-too-fail banks to prevent
Find out moreThis article provides a thorough comparison of the Survival Analysis and Migration Matrix approach for modeling losses under the internal ratings-based (IRB) approach and IFRS 9. The optimal
Find out moreThe Zanders purpose Our purpose is to deliver financial performance when it counts, to propel organizations, economies, and the world forward. Recently, we have embarked on a process
Find out moreThe start of the migration from the SWIFT FIN format to the new ISO 20022 XML format, which is a banking industry migration that must be completed by November 2025. Whilst at this stage
Find out moreIn today’s world, supply chain disruptions are consequences of operating in an integrated and highly specialized global economy. Along with affecting the credit risk of impacted
Find out moreLarge systemic financial institutions have to show that they are resolvable during times of great stress. In this article, we discuss a specific requirement for resolution planning: the
Find out moreA 19th century book on Indian proverbs1 contains a story about a man who went on a journey with his son: “He came to a stream. As he was uncertain of its depth, he proceeded to sound
Find out moreWith the potential of Blockchain technology to transform businesses, we aim to guide our clients through the complexities of this technology and help them leverage it to improve their
Find out moreLate last year, ChatGPT emerged online as the next phase in this fast-growing and exciting technological space. Many of us tried it out already, and I have yet to meet anyone who is not left
Find out moreThis article may help SAP system owners re-think or change their approach towards bespoke custom solutions in the system. Over the past 14 years, my colleagues and I
Find out moreThe Federal Council in Switzerland wants to make sure that the Swiss financial sector will play a leading role in sustainability. To help accomplish this, it published an action plan in
Find out moreAn increasing number of policy makers and regulators have embedded the recommendations in industry guidance and laws. In this article we summarize the TCFD recommendations, taking into account
Find out moreToday’s interest rates are positive, the yield curve relatively flat and, in some currencies, even (slightly) inverse. The rise in interest rates poses a significant challenge for banks.
Find out moreWith every improvement, fraudsters look for and find new opportunities to exploit. When the opportunity arises, some people see a big incentive or pressure to commit fraud, and most will be
Find out moreMore simply put, the EBA was asked to investigate whether the current prudential framework properly captures environmental and social risks. In response, the EBA published a Discussion Paper
Find out moreThese risks stem from the transition towards a low carbon economy and from the physical risks of damages due to extreme weather events. To address climate-related financial risks within the
Find out moreIn the below overview, we present an overview of the main ESG-related publications from the European Commission (EC), the European Central Bank (ECB), and the European Banking Authority (EBA).
Find out more