18 Oct, 22

Crypto Security and Zerocap’s Institutional Frameworks

zerocap crypto security
Edward Goldman


Since Bitcoin’s last halving in 2020, the adoption of digital assets has grown significantly, with total transaction volumes increasing by more than 567%. Coinciding with this rise was the emergence of Decentralised Finance (DeFi), Non-Fungible Tokens (NFTs), and other Web3 projects. These Web3 facets fuel a virtual and expansive ecosystem of decentralised protocols and projects. Often these projects are built upon an underlying digital asset or token that is recorded on the blockchain and secured by a crypto wallet. 

Crypto wallets are responsible for holding the private keys proving ownership over the assets stored on the blockchain. In 2022 so far, over $1.7 billion in funds have been stolen directly from crypto wallets, the majority of which (97%) stolen from DeFi protocols. Wallets and the private keys contained within are constantly under attack by a new generation of cyber criminals pioneering smart contracts, on-chain, oracle exploits, web-wallet hacks and governance or phishing attacks. 

Moreover, Terra’s recent capitulation and resulting fallout highlighted a new issue facing large institutional and retail investors –  the counterparty risk associated with the rehypothecation of their funds by centralised exchanges and lending platforms. These platforms often pool together the assets clients deposit onto them. In turn, users unknowingly forgo direct ownership of these assets, not having control over their wallet private keys & in turn leaving them vulnerable to counterparty risks. The dynamic, evolving nature of these threats begs the question:

How can investors securely store cryptocurrencies? 

To answer this, we must first consider the foundation of asset storage:  the crypto wallet. As previously mentioned, the crypto wallet is responsible for holding the user’s private keys, providing proof of asset ownership on the blockchain. These wallets are segregated by two major classifications: hot and cold, each of which offers its own respective benefits and drawbacks. Hot wallets are designed for usability and convenience, hosted through desktop clients, mobile apps and web browsers. 

Hot wallets

Hot/Warm wallets offer users a seamless experience when transitioning to and from DeFi & Web3 protocols, this convenience coming at the price of asset security. Backup phrases and security keys associated with hot wallets can be stolen by savvy hackers. Hackers are able to exploit clipboard hacks (when copying passwords from a password keeper), cloud storage breaches, password duplication, and screen-capturing software to uncover private keys. This exposure has led to many browser wallets such as Metamask and Avalanche launching various patches and upgrades in an attempt to keep up with ongoing hacking innovations. 

Hot wallets in centralised exchanges

Centralised exchanges are well known for their extensive service offering, one of which is the storage of users’ assets. Although the storage of user assets may seem straightforward at first, users may unknowingly relinquish control over their assets. Centralised exchanges (CEX) and lending platforms often maintain control over customers’ private keys, meaning the ‘on-chain’ ownership of funds lies with the exchange. The inherent murkiness of asset ownership has been highlighted as of late, with troubled lender Celsius pausing withdrawals from their platform, and later filing for chapter 11 bankruptcy. Celsius, with total control over pooled user funds, engaging in the rehypothecation of investor assets en-masse, was unable to fund user wallets with the funds owed – it left users with little to no agency over their frozen funds. 

Cold wallets

Cold wallets present an alternative asset storage solution, storing private keys in an offline medium. These wallets include; paper wallets and hardware wallets such as a Ledger or Trezor. Cold wallets are impervious to the vast majority of technical exploits that affect the integrity of hot wallets. Moreover, current cold-wallet vulnerabilities require the hacker to have physical access to the hardware device, in order to engage in power glitching or side-channel attacks. Whilst cold wallets provide greater security than their warm counterparts, they are limited in functionality & compatibility. 

There are numerous barriers and loopholes cold wallets have to cater to in order to engage in online interactions via Web3, the many metaverses and Defi. These limitations & associated quick fixes encourage less-secure behaviour in order to achieve a degree of simplicity for the user. An example of this is the blind signing of transactions. Blind signing occurs when the full details of a smart contract aren’t displayed on a hardware wallet or computer screen, and users ‘blindly’ sign the contracts without knowing their full repercussions. Additionally, the physical security of hardware wallets is entirely user-dependent, with the potential for wallet and secret phrase misplacement.

How can investors safeguard stored cryptocurrencies? 

After evaluating the two types of wallets presented above, it becomes clear that neither provides a complete solution to secure digital asset storage. Thus, a more nuanced and investor-friendly methodology should be adopted when investing in and storing large quantities of cryptocurrencies. It is this gap in traditional storage solutions, where the value of digital asset custodians (DAC) truly shines. DACs provide investors with an established framework for asset security & transparency utilising: cyber & cloud security/encryption, know your customer (KYC) / anti-money laundering (AML) processes, and provision of 24/7 client services i.e. dedicated customer support and/or trading desk. Many DACs also make use of delegated private keys to safeguard assets, whilst also maintaining investor agency. 

Zerocap’s Institutional Frameworks

In addition to the services offered by already sophisticated DACs, leading Digital Asset management firms such as Zerocap take things a step further – offering ‘white glove’ storage solutions, sophisticated financial and digital products, and tailored security protocols to suit the client’s needs. This has been accomplished through Zerocap’s distinct security and compliance procedures, and advanced digital asset custodial crypto wallets.

Zerocap, having recently received its SOC2 type 1 accreditation, leverages its industry-leading tech stack and cloud security protocols to proactively deliver the security, availability, integrity, and privacy of client information. Zerocap incorporates its compliance framework down to the transactional level, conducting on and off-chain transactional due diligence (DD). The DD includes a mandatory KYC/AML screening, flagging potentially high-risk transactions and wallets before they are actioned, 

In order to help safeguard against black swan cyberattacks, bad actors and ongoing hacking developments, Zerocap’s digital asset custodial services make use of Multi-Party Computational Signing (MPC-CMP), two-factor authentication (2FA), next-generation hardware isolation via Intel SGX, and backed by multilayered insurance – fine-tuned to suit unique client requirements, for example: delegating a quorum of directors to approve transactions. The need for MPC and 2FA has become increasingly important as of late, with the prevalence of bad actors seeping into crypto markets.

Perhaps Zerocaps’ most important differentiator resides in its clientele’s ongoing autonomy on custodied digital assets. Clients maintain ownership of their digital assets in every layer and process employed within Zerocap’s sphere of influence. Digital assets are held in custody, backed by both storage provider insurance, and Lloyds of London Insurance. The value of this offering is evident in the wave of crypto exchanges freezing customer funds and having cash flow issues. In the extremely unlikely event of default, Zerocap users’ funds will remain open for withdrawal, regardless of internal circumstances. 

These enriching processes & features encapsulate the holistic approach necessary for asset preservation, to assist in preventing existing vulnerabilities present within the realm of digital asset security and ultimately allowing for investors’ peace of mind when looking to establish and/or grow their portfolio of digital assets.

About Zerocap

Zerocap provides digital asset investment and custodial services to forward-thinking investors and institutions globally. For frictionless access to digital assets with industry-leading security, contact our team at [email protected] or visit our website www.zerocap.com

This material is intended for illustrative purposes and general information only. It does not constitute financial advice nor does it take into account your investment objectives, financial situation or particular needs. You should consider the information in light of your objectives, financial situation and needs before making any decision about whether to acquire or dispose of any digital asset. Investments in digital assets can be risky and you may lose your investment. Past performance is no indication of future performance.

Like this article? Share
Latest Insights
Weekly Crypto Market Wrap, 5th June 2023

Download the PDF Zerocap provides digital asset investment and digital asset custodial services to forward-thinking investors and institutions globally. For frictionless access to digital assets

Weekly Crypto Market Wrap, 29th May 2023

Download the PDF Zerocap provides digital asset investment and digital asset custodial services to forward-thinking investors and institutions globally. For frictionless access to digital assets

18 Oct, 22

Zerocap Q1 2023 Digital Assets Market Report

Please find our Q1 Digital Assets Market Report for 2023 attached, where we provide data insights on crypto performance tied with broader financial markets and

Receive Our Insights

Subscribe to receive our publications in newsletter format — the best way to stay informed about crypto asset market trends and topics.

Want to see how bitcoin and other digital assets fit into your portfolio?

Contact Us
Ready to sign up?
Create an Account