In Times of Uncertainty: The Questions to Ask

The 2022 crypto winter has left many crypto enthusiasts out in the cold with mounting losses, rug pulls, scams, and massive thefts. The FTX bankruptcy has affected many large and small investors and shocked the entire industry. Coupled with inflation in global fiat currency markets there is a general sense of despondency and pessimism in some circles. Those that are holding on for dear life (HODL) are wondering if they made the right decisions with their financial resources. Long-term crypto investors that have been watching the ebb and flow of crypto assets have seen bear markets before and are urging patience, noting that is important to shift the narrative about engaging in crypto investing. To make this mental shift it comes down to two key questions:

• How can we, collectively, act to apply principles of sound fiscal management in this arena with uncertain regulations, multiple, competing blockchains, and complex protocols?

• More importantly, how can we act individually in this context to safeguard our futures in light of such uncertainty?

The first question is one that can be addressed by looking at some of the macro trends in global geopolitics and public policy. These topics will be addressed in a subsequent article. This article will address the second question to help readers find footing in the quicksands of these times.

Veterans of blockchain investing in both currencies and token varieties (fungible and nonfungible) often invoke the mantra to “do your homework” (DYH) when evaluating the myriad of features of engagement. Some of the most fundamental aspects for entry into these markets include having foundational knowledge about:

• What type of exchange to register for,

• Whether to use a hot or cold wallet, and

• Whether to bank on “proof of work” or “proof of stake” protocols.

There are multiple detailed resources online for answering these questions. Here I want to walk you through some of the most basic features at a high level to help you on your DYH path.

A decentralized exchange, or DEX, is a trading platform for crypto assets. There are three key features that users should watch for when selecting a DEX.

1. Is the DEX decentralized or centralized in its structure?

2. Is the DEX in a country that requires pre-screening of participants with Know Your Customer (KYC) / Anti-Money Laundering (AML) processes?

3. Is the DEX collateralized? If so, with what kind of asset?

ONE: The underlying philosophy of blockchains is the notion of decentralization. And, in general, many of the organizations that have emerged to service that market sector have adopted that philosophy. Not all, however. One of the observations made by technology reviewers about famous failures like the November 2022 collapse of the FTX Exchange is that the governance and control apparatus was highly centralized. This led to poor management and risky investments by inexperienced leadership. A more decentralized organizational structure for a DEX is believed to be less vulnerable to such pitfalls.

TWO: The KYC regulatory requirements stem from regulatory authorities under the US Patriot Act. Originally passed to help agencies monitor terrorism financing, it was later extended to DEXs seeking to license within the US. There are two key rules governing KYC through oversight by the Financial Industry Regulatory Authority (FINRA). These are Rule 2090 and Rule 2111. The US Financial Crimes Enforcement Network (FinCEN) requires customers and financial institutions to comply with KYC standards for the prevention of AML. Investors outside of the US are often subject to US laws given the role of the US dollar in global markets; even in blockchain-based currencies. Investors in crypto DEXs are encouraged to read the terms and conditions posted on their websites to make sure they are fully aware of their policies regarding KYC/AML compliance.

THREE: DEXs that hold a form of collateral to back up the holdings of cryptocurrencies and token assets are more likely to be able to withstand periods of high liquidity during a bear market than those that do not collateralize their holdings. DEXs typically collateralize their holdings with a fiat currency, gold, or a stable coin (i.e., a crypto coin that is pegged to a fiat currency). Those that collateralize with a selfattested token (e.g., the FTT as in the case of the recent FTX crash) are vulnerable to volatile swings in the market and rapid rates of withdrawals by spooked customers. The recommendation is to ascertain the type and level of collateralization of your DEX before investing.

The above are not the only DEX topics a potential investor should research before investing, but they do give you a starting point.

One of the first adages I heard when starting to explore the world of crypto was “Trust No One” in the blockchain world. That is the real takeaway from this article that I pass on to you. And when it comes to hot versus cold wallets, that is played out by distinguishing between non-custodial and custodial ownership.

When a user creates a wallet, either directly through a DEX or by using one of the many online browserbased wallets on the market; these are called hot wallets. The reason they are considered hot is because there are many ways in which nefarious threat actors can hack into a computer or mobile device and steal digital assets from a browser.

For example, hackers can use an Attacker-in-the-Middle hacking technique where they infect a device and intercept traffic going to and from your browser-based wallet. Or they can use one of the many browser-based injection techniques such as those detailed by MITRE’s Common Attack Pattern Enumeration and Classification System (CAPEC).

It is for these reasons that most sophisticated users purchase cold storage wallets an example of which is pictured here. These are physical drives external to your computing device that can be plugged into a port for transfer of digital assets. Once the assets are transferred out of the hot wallet to the cold storage wallet the security of the system depends upon the ability of the user to retain custody of the device and, importantly, the PIN and recovery phrase given when the device was activated. Always write down these two things and store them in a safe location.

Fundamental to the idea of a blockchain is its mathematical proof of what is called a “decentralized ledger”. Satoshi Nakamoto posted the famous Bitcoin white paper on October 31st, 2008. His mathematical proof was based on a proof of work algorithm that called for solving complex equations that enabled “miners” an opportunity to create new coins that would be registered on the ledger and confirmed at any node. This led to the development of large-scale, energy-intensive mining operations located all around the world, primarily in areas with low-cost energy resources. In parallel, an alternate blockchain community emerged that took the original proof of work concept and extended its functionality with features called “smart contracts”. These were, in essence, additional fields and side chains that could be confirmed using additional mathematical proofs. This work was based on the Ethereum blockchain which, at that time, was also based on a proof of work algorithm.

Then, in 2015 the Bitfury group proposed an alternative approach called “proof of stake”.

“The main declared advantages of proof of stake approaches are the absence of expensive computations and hence a lower entry barrier for block generation rewards.”

This emphasized an ownership stake in the chain and a verifiable and transparent mechanism for confirming that ownership stake. Several alternative communities of interest have emerged based on both the proof of work and proof of stake algorithms. And, with alternate blockchain-based distributed ledgers extending the concept of “smart contracts” this led to an explosion of alternative coins (e.g., Altcoins) and the flourishing of digital art and sales channels for these assets.

It is the mission of this magazine to help readers sort through the noise surrounding these various features of blockchain technologies supporting distributed ledgers, so we do not kill the golden goose. There was wisdom in the fairy tale.

Jane Ginn, MSIA, MRP is a cyber threat analyst and the Co-Founder of the Cyber Threat Intelligence Network (CTIN). She specializes in hunting for malicious activity on computer networks and devices and has trained hundreds of cyber threat hunters currently working in business, industry, and government. She served as the Secretary of the Cyber Threat Intelligence Technical Committee during the development of the global standards for sharing cyber threat information. She was subsequently awarded the Distinguished Contributor Award by OASIS-Open in 2020. She also served on the EU’s Threat Landscape Stakeholders Group. She currently serves on the Board of Directors of the Cyber Resilience Institute. Plus, she is the Commercial Facilities Sector Chief for a state Infragard coalition. She is currently applying her cybersecurity knowledge to threats in blockchain communities. She holds a master’s degree in information assurance (MSIA) from Norwich University.

@CTIN_Global