Potential threat from Bitcoin ETFs

DYZR...HHLr

15 Feb 2024

The majority of Bitcoin ETFs have chosen Coinbase as their custodian, creating the potential for risk concentration. Therefore, new cybersecurity standards are needed to ensure the safe custody of cryptocurrencies.
One day after the Bitcoin (BTC) ETF was approved, the largest cryptocurrency by market capitalization fell below $42,000/BTC, down nearly 10% due to a massive sell-off. As of the evening of January 13, BTC was only trading around 42,000 USD and pushed the whole market into the red.

BTC rose to a two-year high of $49,000/BTC on January 11, shortly after Bitcoin ETFs began trading in the US. The start of trading for these funds marks an important milestone for the industry. Bitcoin ETFs are traditional financial vehicles that can help retail and institutional investors gain easier access to Bitcoin prices. However, the above "dizzying" prices did not last long.
Information from Coindesk said that, at the same time, shares of one of the world's largest cryptocurrency exchanges Coinbase (COIN), which provides important custody services for most ETF issuers lost 7.4%. Bitcoin mining companies such as Marathon Digital (MARA), Hut 8 (HUT) and Riot Platforms (RIOT) all dropped at least 10%, with Marathon falling the most at 15%.

Experts admit that such a price reduction is not surprising. Cryptocurrency research company CryptoQuant has predicted that Bitcoin may drop to as low as $32,000 after the ETF is approved, which is just an immediate event that causes fever in the market.

Notably, landmark events in the past such as the listing on the stock market of Coinbase in April 2021, or the Bitcoin ETF (BITO) based on ProShares' futures contract launched in October/ 2021 also pushed BTC prices significantly close to their peak but then quickly cooled down.

David Schwed, CEO of blockchain cybersecurity company Halborn, expressed: “As I and the whole world wait for the first Bitcoin ETF to be approved, there is one thing that concerns me: With some foreign Charters like Fidelity or VanEck, nearly every institution that has registered a spot Bitcoin ETF, intend to use Coinbase as a custodian.

It is reported that of the 11 approved Bitcoin ETFs, 8 have appointed Coinbase as their custodian, which has the potential to concentrate risk and cause concern. According to Mr. David Schwed, what is worrying here is not Coinbase - a company that is quite safe from attacks. This explains why so many organizations trust the work of this platform. However, no target is unattackable, anything and anyone can be compromised given enough time and resources.“That's a lesson I've learned throughout my career in cybersecurity and asset management. What worries me is the excessive concentration of assets in a single custodian. And given the cash-like nature of crypto assets, that makes the situation worrying. Perhaps it is time to rethink the appointment of a “qualified supervisor”. Ideally, digital asset custodians should be subject to more oversight by regulators, to more stringent standards, than they are currently,” he said.

Most qualified custodians today, the analyst added, secure stocks, bonds or fiat balances tracked on electronic platforms, all of which are agreements. Basic legal agreement, not easily "stolen". But Bitcoin, like cash and gold, is known as an invaluable tool. A successful cryptocurrency hack is like a bank robbery and as soon as it falls into the hands of the thief, the money is gone. So, for a cryptocurrency custodian, all it takes is one mistake and the asset is completely gone.

In fact, the power of global cryptocurrency crime is very formidable. For example, the hacker group Lazarus Group is said to have stolen $3 billion worth of cryptocurrency in the past 6 years and it shows no signs of stopping. Inflows into Bitcoin ETFs have been predicted to be above $6 billion in the first week of trading, making these funds a likely prime target.

If Coinbase has tens of billions of dollars in Bitcoin in its digital vault, hacker groups may be willing to organize an operation to steal those funds, even if it takes a long time. This is a level of threat that major banks are prepared for, with a common risk management model using three layers of supervision. First, the business management layer designs and implements security measures; Second, is the risk layer that monitors and evaluates those activities; Third, is the audit layer that ensures that risk mitigation measures are truly effective.

On top of that, a financial institution will have independent auditors and IT monitors. Many eyes will look at every aspect of risk and security, but at the same time require the same number of employees. “During my time as global head of digital assets technology at BNY Mellon, the investment bank had approximately 50,000 employees, with 1,000 in security roles. While at Coinbase, even after the recent expansion, there are still fewer than 5,000 employees. Or take BitGo - a qualified custodian certified by New York state and other jurisdictions with only a few hundred employees.

This is not intended to underestimate the skills of any of these organizations or their employees. But real oversight requires vast resources, which these new organizations may struggle with. As assets grow more and more attractive to bad actors, it is time to refine cybersecurity standards to appoint qualified custodians. The problem exposes not only investors but also the entire nascent sector to unknown risks, with potentially catastrophic consequences," the cybersecurity expert suggested.