Is our data safe?
An exploration of data leaks, cryptocurrency security and the future of the data economy
Mon Sep 09 2019
Data, Data Everywhere
In recent years, supermassive data leaks seem to have become increasingly trendy, with many firms in the financial sector jumping on the bandwagon. The most surprising aspect of these data breaches is that the cause of the leak is usually similar to a leak that happened recently. Companies aren't proactive enough in addressing their security vulnerabilities, which ultimately leads to their users’ data being exposed. Subsequently, their users are susceptible to financial fraud and identity theft.
This graphic from information is beautiful displays some of the largest data breaches in recent years and their severity, ranging from personal details such as names, addresses and passwords, to credit card details and government ID numbers.
Due to the frequency and incredible size of these data leaks, we seem to have become numb to their importance and the impact they can have on those who are affected. One of the industries which is frequently targeted by hackers is the cryptocurrency industry. It is rare for 6 months to pass in the cryptocurrency space without news of a cryptocurrency exchange hack. Here are some recent examples of data breaches in the financial industry as a whole:
- YouHodler’s database hack in July 2019 – This led to 86 million lines records being exposed because the company “forgot to protect its server with a password”
- Binance’s KYC data leak in August 2019 – Over 10,000 photos of Binance users and their KYC (Know Your Customer) identifications were leaked by a hacker who tried to extort Binance for over $3m
- First American Financial’s data leak in May 2019 – Over 800 million sensitive documents were exposed online, including bank statements, tax documents and Social Security numbers
- [Equifax’s](Equifax’s 2017 data leak) 2017 data leak – 143 million consumers were affected, credit card information, Social Security numbers and other personal details were leaked
As a consumer, it is understandable if you are reluctant to ever give up your private financial information again after reading the above. However, it would be almost impossible to go about your daily life in the current financial system with this mindset (Bring on DeFi!).
The graphic above also brings into question the recent comments by the UK home secretary surrounding encryption. Priti Patel recently stated that tech firms are “empowering criminals” by using end-to-end encryption within their products (such as WhatsApp and Telegram).
Statistics from Breach Level Index (below) show that only 4% of data breaches are “secure breaches”, where encryption was used and the stolen data was rendered useless (oh, and that over 6 million data records are lost or stolen everyday).
One could argue that by not using encryption, companies are "empowering criminals" and that there is a much smaller incentive for criminals to attempt to steal data if they know it is encrypted (perhaps this is a reason why only 4% of data breaches were of encrypted data).
Additionally, a government backdoor (as suggested by the Conservative Home Secretary) to Whatsapp and other applications using end-to-end encryption will inevitably be exploited by hackers at some point, meaning the end-to-end encryption offered by these platforms would be pointless.
The Switch Up - How Web 3.0 can help
One of the main themes driving the Web 3.0 movement is decentralisation and user sovereignty of data. As the incredibly smart people over at Outlier Ventures put it, they are trying to build a “new open data economy based on the sovereignty of the user”.
Trying to move away from the monopoly that Silicon Valley tech companies have on the data industry is one approach, but the Convergence Alliance founded by Outlier Ventures and their partners also aims to give Web 3.0 users control over how their own data is handled, distributed and even monetised!
This will be achieved through companies such as Sovrin, who are creating self-sovereign digital identities, allowing users to utilise Zero-Knowledge encryption to “prove” information without revealing any more data than is completely necessary.
If you would like to learn more about the Convergence Ecosystem that has been designed by Outlier Ventures and their technology stack, I would recommend reading their report here.
Expensive hardware wallets and inexpensive wrenches
Security is of paramount importance for cryptocurrency users. Due to the immutability of blockchain technology, cryptocurrency users are prime targets for criminals. Once criminals have moved the funds out of the victim’s wallet, it is extremely unlikely that the victim will ever retrieve their cryptocurrency. The existence of privacy focused cryptocurrencies such as Monero and ZCash also make it easier for criminals to cover the tracks of the stolen funds.
Therefore, security is taken very seriously by most cryptocurrency users. Some of the precautions taken by cryptocurrency users to protect their tokens include:
- Using different emails and passwords for each exchange account
- Only leaving funds on exchanges when absolutely necessary (see numerous exchange hacks/exit scams, including Cryptopia, QuadrigaCX, Mt. Gox and Cryptsy here)) – “Not your keys, not your crypto”
- Using cold wallets (e.g. pen and paper), hardware wallets (e.g. Trezor, Ledger) and multi-sig wallets (e.g. Gnosis)
- Using encrypted password managers to store log in details
- Using most of these security measures will improve the safety of your cryptocurrency holdings if implemented correctly. However, there is one kind of attack which is very hard to defend against.
The infamous “$5 wrench attack” is a common story within cryptocurrency circles. The point of the story is that no matter how strong your technical security is, your physical security can almost always be broken (someone can break into your house and threaten to harm you with their $5 wrench if you don’t send them all of your cryptocurrency holdings).
Cryptocurrency tax tools and complacent security measures
The data provided to web-based cryptocurrency tax tools is astounding. Transaction history, current cryptocurrency balances and much more is handed over to these platforms as they are usually the only way in which users can get an accurate figure for their taxable gains/losses due to the complexities surrounding cryptocurrency taxation.
These web-based crypto tax tools are a honeypot for any malicious hackers, employees and third-party service providers.
Recap’s approach to security and privacy
Recap’s founders have both been involved in the cryptocurrency industry since 2013. They have seen first-hand the importance of security when it comes to storing cryptocurrencies, and are also advocates of giving users as much privacy as possible. They don’t see the need to put Recap at risk by holding our users' financial data in an unencrypted form at any point in time.
Therefore, they have created an extremely secure product which allows users to download the Recap desktop application, sync with exchange accounts and produce a tax report in minutes, without ever requiring users to give up control of their private financial information. The user has their own personal encryption key, and the data is encrypted using AES-128-GCM encryption.
Recap offers the same service as the current solutions on the market for calculating cryptocurrency related tax positions, but without requiring users to make themselves vulnerable by giving their private financial information to a third party. There are people’s financial livelihoods and retirement funds at stake in these scenarios. Complacency on security should not be accepted.
General awareness around security and privacy seems to be improving these days which is fantastic news for society. Data is extremely valuable, and you shouldn’t allow yourself to be exploited by not realising this and not taking action to prevent it.
If you are a cryptocurrency user or investor and would like to calculate your taxable gain or loss on your transactions, give Recap a try today - and be safe in the knowledge that your financial data will remain yours.