Cryptocurrency Gives a Whole New Meaning to Insider Threat


It’s no secret that the rapidly expanding market for tokenized assets has yielded a plethora of new security challenges for investors.

While innovative hardware and software solutions are emerging as a way to protect virtual assets, crypto investment funds also need to consider revamping operational security to limit exposure to theft and sabotage.

A few of the largest digital currency companies have been hacked, oftentimes facilitated by an insider to the company. In some cases, employees have been found mining cryptocurrencies using company resources for personal gain. Recently, Coinsecure, one of India’s largest crypto trading platforms, experienced a theft of about 438 Bitcoins worth $3 million. Coinsecure’s Chief Security Officer (CSO) claims that the tokens were lost in an attack while extracting the private keys. Since the CSO and the CEO are the only ones with access to the keys that unlock the company’s wallets, the CEO remains skeptical that this was not an insider attack. Latest reports indicate that Coinsecure may pay theft victims back in rupees, not Bitcoin.

Takeaways: It is essential that investment firms - particularly those holding tokenized assets - employ mitigation strategies to ensure asset security. Implementation and maintenance of protective technology throughout their entire infrastructure is critical but should be coupled with operational security methods such as:

  • Conduct pre-employment and ongoing background investigations as a best practice to uncover shifting behavioral patterns.

  • Provide security awareness training so all employees can learn how to recognize changes in personality traits or values indicative of an insider threat.

  • Ask Insite about our Digital Currency Security Program for a comprehensive solution.

Want to learn more about the insider threat?

Click here to request our white paper: "The Enemy from Within”

#digitalcurrencysecurity #tokenizedassets #cryptocurrencytheft #insiderthreat #ongoingbackgroundinvestigations #cryptoassetmanagers #cryptosecuritybestpractices

© 2020 Insite Risk Management