當(dāng)我和世界其他人一起等待第一個(gè)比特幣 ETF 獲得批準(zhǔn)時(shí)����,有一件事一直困擾著我:除了包括 Fidelity 和 VanEck 在內(nèi)的少數(shù)例外,幾乎每個(gè)現(xiàn)貨比特幣 ETF 的申請(qǐng)人都打算使用 Coinbase 作為其保管人��。
David Schwed 是 Halborn 的首席運(yùn)營(yíng)官�����。
作為專注于區(qū)塊鏈的網(wǎng)絡(luò)安全領(lǐng)導(dǎo)者�,這種風(fēng)險(xiǎn)的集中�、加密貨幣托管固有的高風(fēng)險(xiǎn)性質(zhì)以及安全最佳實(shí)踐仍在不斷發(fā)展的性質(zhì)讓我猶豫不決。
讓我擔(dān)心的并不是 Coinbase 本身��。
該公司從未遭受過已知的黑客攻擊,這解釋了為什么如此多的傳統(tǒng)機(jī)構(gòu)信任其專業(yè)知識(shí)�。
然而,不存在不可破解的目標(biāo)——只要有足夠的時(shí)間和資源��,任何人和任何人都可能受到損害����,這是我在網(wǎng)絡(luò)安全和資產(chǎn)管理交叉領(lǐng)域的職業(yè)生涯中學(xué)到的教訓(xùn)。
讓我擔(dān)心的是資產(chǎn)極端集中于單一托管人���。
考慮到加密資產(chǎn)與現(xiàn)金類似的性質(zhì)��,這種情況本身就令人擔(dān)憂��。
另請(qǐng)參閱:Gary Gensler 的比特幣 ETF 小丑秀
也許是時(shí)候重新考慮“合格托管人”的指定了��,這是一種監(jiān)管簽字�,其目前的形式不一定能確?;趨^(qū)塊鏈的風(fēng)險(xiǎn)資產(chǎn)必然(或最好)受到保護(hù)。
此外�����,理想情況下����,數(shù)字資產(chǎn)托管人應(yīng)該受到比現(xiàn)在更嚴(yán)格的州和聯(lián)邦標(biāo)準(zhǔn)、訓(xùn)練有素的監(jiān)管機(jī)構(gòu)更多的監(jiān)督�。
如今,大多數(shù)合格的托管人都保護(hù)股票�、債券或數(shù)字追蹤的法定余額,所有這些從根本上來說都是合法協(xié)議�����,不能簡(jiǎn)單地“竊取”�。
但比特幣 [BTC] 與現(xiàn)金和黃金一樣,是所謂的不記名票據(jù)����。
一次成功的加密貨幣黑客攻擊就像狂野西部的銀行搶劫一樣,一旦落入小偷手中���,錢就消失了�。
因此��,對(duì)于加密貨幣托管人來說���,只要犯一個(gè)錯(cuò)誤�,資產(chǎn)就會(huì)完全消失。
我們還知道����,全球加密貨幣犯罪的力量是強(qiáng)大且堅(jiān)定的。
僅舉一個(gè)臭名昭著的例子����,朝鮮的 Lazarus Group 黑客團(tuán)隊(duì)據(jù)信在過去六年中竊取了價(jià)值 30 億美元的加密貨幣,而且沒有任何停止的跡象���。
預(yù)計(jì)第一個(gè)交易周流入比特幣 ETF 的資金將超過 60 億美元����,這使得這些基金成為主要目標(biāo)����。
如果 Coinbase 最終在其數(shù)字金庫(kù)中存有數(shù)百億比特幣,朝鮮可以輕松組織一次價(jià)值 5000 萬美元的行動(dòng)來竊取這些資金�,即使這需要多年時(shí)間。
像俄羅斯 Cozy Bear/APT29 組織這樣的威脅參與者也可能會(huì)發(fā)現(xiàn)�,隨著這些資金池變得越來越大(可能會(huì)更大),追捕機(jī)構(gòu)加密貨幣越來越有吸引力�����。
This is the level of threat that major banks prepare for. One widespread model of risk management for financial institutions utilizes three layers of oversight. First, the business management layer designs and implements security practices; second, the risk layer oversees and evaluates those practices; and third, the audit layer makes sure that risk mitigation practices are actually effective.
On top of that, a legacy financial institution will have external auditors and external IT oversight, as well as numerous state and federal regulators looking over their shoulders. Many, many eyes will examine every aspect of risk and security.
But these multiple levels of redundancy and nesting failsafes require one deceptively simple thing: headcount.
During my time as global head of digital assets technology at BNY Mellon, the investment bank had roughly 50,000 employees, of whom around 1,000 – or 2% – were in security roles. Coinbase, even after recent expansion, has fewer than 5,000 employees. BitGo, also a qualified custodian certified by the State of New York and other jurisdictions, has only a few hundred.
This is not to impugn the intentions or skill of any of these organizations or their employees. But real oversight requires redundancy that these new institutions may struggle to provide at a level appropriate for securing tens of billions of dollars in bearer instruments.
See also: Bitcoin ETFs: The Bull Case
Before those numbers get even bigger (and more enticing for the bad guys), it is well past time to refine the cybersecurity standards for qualified custodian designation. Right now, the designation accompanies trust or banking licensing, overseen by state and federal regulators. These are financial regulators largely focused on traditional banking, not cybersecurity experts, and certainly not crypto experts. They understandably focus on balance sheets, legal processes, and other financial operations.
But for crypto custodians, those aren’t the only kinds of oversight that matter, or even necessarily the most important. There are no industry-wide standards for cybersecurity and risk management practices by crypto custodians specifically, meaning that “qualified custodian” status isn’t quite as reassuring as it might sound. That exposes not just investors but an entire nascent sector to opaque risk with potentially dire consequences.
The approval of a cast of bitcoin ETFs is just the latest step in the continued integration of digital assets into the financial system. You don’t have to trust crypto partisans on that prediction – just ask Blackrock, a legacy giant that championed the ETF. As these developments continue, regulators truly interested in investor protection will focus on adapting to this new world: one in which rigorous cybersecurity standards are just as important to financial stability as honest disclosures and financial audits.
熱點(diǎn):etf 比特幣 比特幣威 特幣
非小號(hào)行情
