The Evolution of Crypto Custody: A Chat with Fireblocks CEO Michael Shaulov
The cybersecurity side of the cryptocurrency industry has always been the backbone of the space for better or for worse.
When this backbone was ‘weaker,’ so too was the industry as a whole. Poor cybersecurity standards and practices made the industry seem dangerous and uninviting to new participants. Now that cybersecurity standards have been boosted, a whole new crop of institutional entities has set up shop in the crypto world.
Recently, Finance Magnates sat down with Michael Shaulov, chief executive and co-founder of fintech cybersecurity infrastructure firm Fireblocks. Michael spoke about the evolution of the cybersecurity side of fintech, including today’s top technological standards and the implications they have for the crypto industry.
”Although I Had Spent a Lot of Years in the Cybersecurity Space, You Rarely See a Situation in Which Someone Loses $200 Million Overnight.”
Previously to co-founding Fireblocks, Michael served as a software team leader in the Israeli intelligence corps, co-founded Lacoon Mobile Security, spent three years as the head of products in mobile and cloud security at Check Point Software Technologies, as well as a number of other positions in other firms.
It was during his time at Checkpoint that Michael’s interest in working in the cryptocurrency space began.
“At some point, we were brought into a cyber investigation in South Korea, where four cryptocurrency exchanges were hacked by what was eventually attributed to North Korean cyber hacking teams,” he said. “Basically, they were able to steal $200 million worth of Bitcoin and other cryptocurrencies overnight.”
“So, the interesting thing about blockchain and cryptocurrency assets is that there’s no recourse – once it’s gone it’s gone. And although I had spent a lot of years in the cybersecurity space, you rarely see a situation in which someone loses $200 million overnight.”
Eventually, “we discovered that the future of finance is really around blockchain and digital assets. Nowadays, it’s much more clear as we see central bank digital currencies, stablecoins, and a lot of great innovation that’s coming in the next year or so.”
However, “even back in the days that it was created, this kind of technology can really solve a lot of pain points around counterparty risk, access to financial services, and also speed and fees.”
In the past, “Funds Were Locked, and at Times, You Could Wait a Day or Two to Actually Do a Transaction.”
Still, despite the promise that blockchain and digital asset technology showed, Michael said that there was “a huge lack of proper infrastructure for financial institutions and fintech companies that really operate in that space,” and that without this infrastructure, it was not possible to continue building “innovation and the right business models.”
Specifically, this lack of infrastructure had to do with the custody of digital assets: “the only thing that existed was essentially cold storage.”
This presented some huge logistical challenges: “funds were locked, and at times, you could wait a day or two to actually do a transaction, which was sort of the complete opposite of what you would expect of digital assets.”
Anchorage co-founder and president Diogo Monica described this phenomenon as ‘pirate custody’ in an interview with Finance Magnates earlier this year: “imagine pirates in the 1700s,” he said. “They have gold coins. They put them in chests, they bury them on islands, and then they create a treasure map.”
Indeed, this was the status quo for cryptocurrency custody for most of the last ten years. The ‘gold standard’ of digital asset custody was akin to putting encrypted hardware devices in safety deposit boxes, sometimes in remote or distributed locations, and creating elaborate rituals on how to access them.
Addressing “the Gap between Availability and Security”
Therefore, in order to adequately address this problem, a new infrastructure for custody needed to be built from the ground up.
“When we started Fireblocks, we viewed ourselves as a cybersecurity company, but I think we have evolved into being a fintech infrastructure provider with a team and founders and technology that [focuses on] cybersecurity,” Michael Shaulov said.
“We provide two main components: the first is custody technology: the ability for financial institutions to set up an infrastructure in which they can set up custody accounts that can hold cryptocurrencies or digital assets either for themselves or on behalf of clients, if they have a B2C business.”
Swissquote Joins oneZero EcoSystem to Bolster Liquidity OfferingGo to article >>
With regards to this custody component, Michael said that “we were actually able to bridge the gap between availability and security.”
“[…] We had to explain to people why it’s ok not to use cold storage – why they can use something that is connected to the internet and allows for real-time access to the asset,” he said.
This is possible through a kind of technology known as multi-party computation (MPC), which is “essentially the main technology that is used today to solve the private key problem.”
“The Market Evolved, and MPC Became a Standard.”
Michael explained that when people eventually understand that “it was no longer ‘cool’ to be in cold storage,” the conversation shifted.
“The market evolved, and MPC became a standard,” he said, “which is really beneficial for the market. It really unlocks all of the use cases that we were dreaming of, from remittances to security tokens, et cetera, and it allows customers to do it in a secure way.”
Michael also said that the use of MPC “also provides flexibility from a regulatory standpoint.”
“A lot of what happened in the last year or so is that we started to see [development] across multiple jurisdictions: first was Germany with the BaFin license, and then Singapore with the payment license,” he said, also referencing the United States’ OCC letter.
“Let’s say you are a bank or a financial institution, and now you want to set up a licensed activity: you need to understand the key distribution, right? So, one way to do it is that a bank or financial institution holds 100 percent of the private key material (and then customers have 100 percent counterparty risk to them), whereas one of the powerful things can enable is the distribution of that trust.”
For example, “part of the private key material could actually be kept in the mobile device of the end-customer,” he said, “which doesn’t mean that the private key is gone if the customer loses the device. There is still sufficient redundancy there.”
Still, MPC creates a relationship of “mutual responsibility or mutual ownership between the institution and the customer,” which Michael said “[realizes] the promise of blockchain.”
“The decentralized capability of blockchain on the macro level brought down to the micro-level in the interaction between you and the service that you are using: you don’t have full risk to the service.”
“It’s Really Difficult to Make Sure That a Transaction Will Go to the Right Party.”
The second component of Fireblocks’s business has to do with another aspect of transacting securely: “what we discovered was that the main operational hurdle when you’re actually sending a cryptocurrency or blockchain transaction is that at the moment that you transfer, that you make sure that you’re transferring to the right party.”
This is because cryptocurrency transactions are sent via private keys, which are long strings random characters. These can be altered by viruses that attach themselves to electronic clipboard functions, incorrectly entered, or otherwise intercepted.
These addresses can also be sent with malicious intent “by a hacker that was able to impersonate the other side, or it can even be an insider – an employee that wants to send cryptocurrency to his own wallet and then run away with it.”
In short, “it’s really difficult to make sure that a transaction will go to the right party,” Michael said.
Therefore, regardless of how advanced the custody technology is, “people spend a lot of time verifying that they are sending a transaction to the right party.”
This involves procedures like “test transfers,” in which the sender will send “Something like 0.0001 BTC to the other side, and then they’ll do a conference call to say ‘hey, did you receive it?’ before they send $100,000 in Bitcoin to the same address.”
“It was a really cumbersome process,” Michael said. Fireblocks’s answer to this is something called the Fireblocks Network, which Fireblocks claims has “no counterparty risk.”