Using Smart Deposit Boxes To Secure Blockchain Assets

10 TIPS TO BETTER SECURE BLOCKCHAIN ASSETS - PT 4

Last month, we began exploring how to best secure blockchain assets. In part one, we looked at two simple ways to avoid losing access to your company's assets. In part two, we examined how to better mitigate the risk of digital theft and, in part three, the risks of accidental damage and burglary.

This week, for the concluding part in this series, we will explore how to address risks of deadlocks, insider-fraud and coercion using Knabu's new and very unique smart deposit boxes.

SMART DEPOSIT BOXES

Just like their physical counterparts, smart deposit boxes are designed to help protect valuable assets against theft and are operated by a combination of keys: the majority of keys are operated by the owner, and an additional, independent set of keys is operated by Knabu.

Rather than securing physical assets, smart deposit boxes are designed to secure blockchain assets like Bitcoin, Ether and ERC tokens. Instead of physical locks and keys, they are protected by cryptographic digital locks and keys.

Similar to business bank accounts, Knabu's smart deposit boxes can be configured with spending limits, payee whitelist, multi-level thresholds and multi-authority approvals. They are built on top of battle-tested multi-signature smart contracts and can be fitted with 3 types of smart locks designed to mitigate several risks associated with the self-custody of blockchain assets.

MITIGATE THE RISK OF DEADLOCKS

As we saw in part two, multi-signature wallets are a great way to keep your assets out of reach from hackers. But what happens if and when the minimum number of signatures can no longer be obtained?

Imagine the following chain of events: a while ago, your company identified key employees in charge of co-managing its blockchain assets. A carefully designed multi-signature scheme was set up for each of your company’s wallets. Everything was going well until one day, one of your key employees is no longer able (or willing) to cosign outgoing transactions in one of your stricter N-of-N wallets. To make things worse, no one else in your company is capable of (re)gaining access to the suddenly compromised key. What do you do? What can you do? N-of-N multisig schemes require all cosigners to validate each and every transaction.

Any business can be at risk of a multi-signature deadlock. All it takes is a heated argument, an unfortunate accident, or an executive going rogue or becoming mentally unstable.

To mitigate this risk, Knabu's smart deposit boxes can be fitted with one or more resilience locks. This type of smart lock consists of redundant private keys combined with a strict recovery process. These private keys, owned and operated by Knabu, effectively act as spare keys and are used only in the event of deadlocks. When the need arises, operators of smart deposit boxes can request a sweep transaction where, once the consent of the company has been explicitly established, Knabu can use its private key(s) to assist in moving the assets back to safety.

TIP 8

MITIGATE RISKS OF MULTISIG DEADLOCKS WITH REDUNDANT SPARE KEYS MANAGED BY AN INDEPENDENT TRUSTED 3RD PARTY.

MITIGATE THE RISK OF INSIDER FRAUD

Each time a company grants authority to managing its assets, it exposes itself to new risks of insider fraud. This is as true in regulated industries as it is in unregulated industries. Having anti-fraud controls in place is a must for any company managing substantial amounts of financial assets.

For companies managing blockchain assets, multi-signature schemes can provide some degree of remediation but they are not 100% infallible to expert fraudsters and collusion.

To mitigate risk, Knabu's smart deposit boxes can be fitted with anti-fraud locks. This type of smart lock consists of a non-redundant private key combined with a stringent approval process. The private key, owned and operated by Knabu, belongs to a strict multi-signature scheme and is required to cosign every transaction. Prior to cosigning, Knabu verifies and records that each cosigner involved is aware of the recipient and purpose of the transaction and explicitly consents to it. Depending on the transaction amount, this approval process can be done via emails, sms or phone calls. By collecting a consent audit trail for each transaction, this anti-fraud control can help quicker detect and deter fraud and collusion attempts, ensuring both accountability and peace of mind.

TIP 9

MITIGATE THE RISKS OF INSIDER FRAUD AND COLLUSION WITH COMPULSORY ANTI-FRAUD CONTROLS MANAGED BY AN INDEPENDENT TRUSTED 3RD PARTY.

MITIGATE THE RISK OF COERCION

In December 2017, Pavel Lerner, manager at the UK-based Bitcoin and cryptocurrency exchange Exmo, was abducted outside of his company’s office in Kiev, Ukraine. Within two days, he had paid a ransom of more than $1M worth of Bitcoins in exchange for his freedom.

This event demonstrates that as your company grows, it must be prepared to mitigate the risk of attracting the attention of criminals who may attempt to coerce your key personnel. Multi-signature schemes do provide some degree of remediation but what happens when one or all cosigners are being held hostage or are under duress?

To mitigate risk, Knabu's smart deposit boxes can be fitted with anti-coercion locks. This type of smart lock consists of a non-redundant private key combined with a multi-channel duress detection procedure. This private key, owned and operated by Knabu, belongs to a strict multisig scheme and is required to cosign every transaction. Prior to cosigning, Knabu verifies that none of the cosigners involved in the multisig scheme is under duress. Above a certain transaction threshold, this verification process is done by video calling each cosigner. Detected threats are escalated with the company and, if need be, with the relevant authorities.

TIP 10

MITIGATE RISKS OF COERCION WITH COMPULSORY DURESS DETECTION PROCEDURES MANAGED BY AN INDEPENDENT TRUSTED 3RD PARTY.

CONCLUSION

As we've seen over the last few weeks, to efficiently secure blockchain assets and mitigate the many risks associated with self-custody requires a multifaceted strategy based on segregation of duties, internal controls, adequate tools, and trusted service providers.

I hope that you have found this series informative and useful. If you have any questions or comments, please feel free to contact us or drop a comment in the section below.

__________________________________________________________________________

This post was originally posted on Knabu's Blog

__________________________________________________________________________

Want to learn more about Knabu and meet the team?

Come to our FREE event on September 24th 2019 at Google Campus in London, UK.

**************************************************************************

Date: Tuesday 24th September 2019

Time: 18:00

Location: Google Campus, 4-5 Bonhill St, Shoreditch, London EC2A 4BX

**************************************************************************

CRYPTO MASS ADOPTION: How do we get there?

Come and join us for an invigorating evening of learning, discussion and networking, jam-packed with industry expert speakers, detailed panel discussions and an audience Q&A session!

SPEAKERS:

Gabrielle Patrick, CEO @ KNABU

Hakim Mamoni, CTO @ KNABU

Ryan Hanley, MD @ TOKENMARKET

On Yavin, CEO @ COINTELLIGENCE

Landry Ntahe, CEO @ BCB ATM

Nikola Tchouparov, CEO @ MONEYFOLD

Chris Bradbury, Product Manager @ MAKERDAO

**************************************************************************

AGENDA:

18:00 - 18:30 Registration and Networking

18:30 - 20:00 Industry Expert Talks

Speakers will examine crypto security, Investment, ATMs, Central Bank Digital Currencies, and the Crypto-Lending landscape.

20:15 - 21:00 Panel discussion and Audience Q&A

This session will explore mass adoption of crypto assets, and our journey to building a digital world. There will also be a panel discussion and audience Q&A, plus a great chance to network with top industry leaders and thinkers in the digital asset space!

21:00 - Close Networking

Free pizza and drinks will be provided!

THIS IS ONE NOT TO MISS!!

**************************************************************************