Japan, as the first major country to truly embrace cryptocurrency online trading legally, is looking to ramp up the regulatory framework with regards to cold wallet storage. The reason for this action now is very straightforward, as almost $500 million has been stolen from Japanese Exchanges in 2018 alone. While not all of this was from cold wallets, there is still a large enough portion that it worries the Japanese financial watchdog.
A cold wallet as a security measure is not enough
Using a cold wallet alone is not enough for the Japanese regulator. While the offline wallets were less of a risk to hacking, they have been found out, and more and more thefts are happening internally. Crypto exchanges such as Mt. Gox, Zaif and Coincheck have all lost internal, offline wallet funds due to hacks.
So to combat these types of hacks, the Japanese Financial Services Agency (FSA) is looking to bring about new regulations that will deal with cold storage specifically. There will also be increased regulation of hot wallets, as this is another area that the Japanese FSA has decided needs increased regulation.
Any exchange that operates in the country will be required to follow these new guidelines. Failure to keep their security measures in line with the new framework will result in regulatory backlash. One part of the current regulations is keeping client funds in a cold wallet.
Changes incoming to cold wallet security
There are several different changes that would be made to cold crypto wallet security. The first would be one of the most straightforward changes that common sense dictates should be happening anyway.
Do not leave all the fund in one cold wallet. While there is a good reason for this not to happen (easier to keep everything in one wallet than in multiple wallets), it also gives an intruder a single point of entry. Keeping funds in multiple wallets means more work is needed to reach all of the money.
Another regulation to be added is to keep cold wallets changing hands. This is in response to one of the largest cold wallet hacks ever and it happened a company called Trade.io in October of last year. The company reported a loss of $8 million but sources close to the company have speculated that more was lost. In fact, as much as $11 million might have been taken from the company. The hackers, or thieves, managed to steal the money from a cold wallet that was in a bank safety deposit box.
Important Notice: Please cease trading of TIO on HitBTC & https://t.co/QuZqjRRPDT.
— trade.io (@TradeToken) October 21, 2018
Man-in-the-middle (MitM) attacks have also taken place where an attacker would steal the seed phrase of a cold wallet and load it onto another device. The more security-conscious companies are suing multi-sig cold wallets amid a number of newer innovations in wallet security.
However, just by changing the person who is in control of a cold wallet, MitM and Fansmitter attacks become decidedly less successful. The new regulations will incorporate a lot of the newer innovations as well, but to see the details we will have to wait until the regulations are published.