No investment class is safe. Regardless of how sophisticated a security system is, assets held online or via electronic channels could always be pilfered. As is expected, the crypto industry has seen its fair share of security breaches. Because of the seeming inevitability of hacks, the discussions have moved from how exchanges can prevent security breaches to what they can do in the event of one. As things stand, insurance could actually be the best option.
The objective of any insurance policy as far as crypto exchanges are concerned is to ensure that users are covered in the event of hacks. However, the option to have crypto assets traditionally insured might not be an option that most exchanges might want to invest in.
Why? Well, for one, crypto assets are essentially bearer assets. Once they’re stolen, they’re pretty much gone, without any hope of return. Then, there’s also the inherent nature of crypto assets which makes traceability difficult, if not impossible.
Still, the issue of customer protection persists. A report by American Express notes that while the global cryptocurrency market capitalization is north of $100 billion, the reported available crypto insurance is just $6 billion. In the absence of sufficient insurance cover, various organizations have approached the issue of insurance in their own way.
Coerced and Voluntary Insurance
Earlier this month, the South Korean cxFair Trade Commission was reported to have asked 5 South Korean cryptocurrency exchanges to increase their liability to their users in the exchange of hacks. Essentially, these exchanges were asked to update their terms of services and bear the responsibility of reimbursing users who are affected in future hacks, regardless of who is actually at fault.
However, most exchanges have chosen to take the path of setting up insurance and rainy-day funds. Last month, Binance, one of the most popular exchanges in the world, announced that it had been hit in a security breach that saw it lose about $42 million.
Still a thing for Large Exchanges?
According to a blog post, the exchange revealed that its attackers had gotten access to confidential user data, including private keys and two-factor authentication codes.
However, it’s worth noting that Binance was able to cover all losses in the hack thanks to its Secure Asset Fund for Users (SAFU). The SAFU was established back in July 2018, with a specific aim of taking care of situations such as this.
In a press release announcing the launch, Binance had said:
“Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.”
Sadly, it seems that the option to create a fund for insurance cover is one that is easier to create by the largest exchanges. They have high volumes of Bitcoin trading and other transactions, so they can gain funds from fees and commissions. While Binance has SAFU, Coinbase also revealed in April that it is covered for up to $255 million in customer funds. Keep in mind that these are large exchanges with substantial numbers in daily trade numbers. These are the most popular ones, and by default, the ones with the most to lose in the event of a hack or security breach
So, the solution seems quite simple; cryptocurrency exchanges which have massive potential liability need to get insurance, and if that means taking a chunk of their expected profits to reserve for a rainy day, then so be it.