Today’s financial world is becoming increasingly digital, and naturally, central banks want to adapt to a changing environment. The use of cash is rapidly declining. Globally, the rise of digital payment apps and Covid-19 has only exacerbated the decline in cash usage, demand for digital currency and simple payment solutions.
As crypto adoption continues to expand, so has the idea of central bank digital currencies (CBCCs). Governments around the world have been flirting with the idea of issuing their own CBCCs for a while now.
It is not clear when the CBCC will become formal. Don’t expect CBCCs to mimic the decentralized features of Bitcoin (BTC) because by definition a central bank is a centralized entity. That being said, they can offer some of the same benefits, such as reducing payment verification times and providing transaction verification. However, there are still a few challenges to overcome.
Related: Built to fail? CBDC can shadow a stable coin when the sun rises.
Among these challenges are the operational risks of the “cyber sphere”. While banks are accustomed to investing resources in protecting “fiat” reserves, protecting digital currencies requires a different mindset. Blockchain technology has some inherent vulnerabilities – anonymity and irreversibility – that can be exploited by clever fraudsters. Although it is not clear whether CBDCs will use block chain technology.
Could CBDCs Expose Central Banks to New Cyber Threats? And how are these potential risks or vulnerabilities identified?
Cyber security is not easy.
Hackers have become more sophisticated and bold in their attacks over the past few years. Both traditional finance and blockchain protocols themselves fall victim to malicious intent. In late 2020, Denmark’s central bank was hacked as part of Operation Solar Winds. This should sound alarm bells to governments everywhere.
Imagine that a group of hackers discovers a backdoor that allows them to gain access to a central bank’s private key. Private keys are the most important components of a blockchain system, as any transaction with a private key is accurately and securely recorded by the system. At this time, the bulk – or a significant part – of the country’s treasury is being held hostage by a criminal organization. The hacker can generate or burn digital currency at will.
An increase or decrease in digital currency can affect the value of real currency, causing inflation to consumers and financial losses to companies. A breach to this extent could be catastrophic and cause the entire economy of the country to collapse. Of course, an attack of this scale would be too much for even some of the most skilled criminals, but the threat cannot be eliminated. Such an attack is unprecedented, so predicting the outcome is anyone’s guess. But it won’t be pretty: the world’s economic and political order and stability will undoubtedly be tested.
Obviously, any government will spend big dollars on cyber defense to protect its newly established digital infrastructure. But simply investing an abundance of wealth does not guarantee hacks. Naturally, any central bank launching a digital currency would be an attractive target.
So how can a country that decides to open its own CBCC protect itself from criminals trying to steal its money?
Protecting the national treasury
Disrupting malicious cyber attackers is no easy task – they are always looking for new and valuable targets while exploiting small vulnerabilities. Crypto hackers are skilled at identifying vulnerabilities, exploiting them, injecting malicious code, and taking control of the private keys of individuals and organizations.
Banks invest millions and billions every year in protecting their databases and IT infrastructure. Different layers of security are used to protect against hackers, exploits or inadvertently releasing sensitive information. While banks are aware of information security, protecting digital assets requires a very different approach than traditional assets.
If they decide to use blockchain, central banks should consider how to adapt existing banking frameworks to blockchain’s distributed architecture, paying more attention to the system’s architecture, governance and communication mechanisms.
There is no such thing as “too safe” when it comes to protecting a nation’s treasury. In the case of CBCCs, banks must take significant steps to protect and protect their private keys. Today’s security solutions have come a long way, however, they all suffer from the same shortcoming. Due to the way blockchain transactions work, all transactions must take place while connected to the Internet at some point in time.
Related: U.S. central bank digital currency commentators divided on benefits, united in confusion
This connection is their single point of failure and the reason why they cannot be 100% reliable. When governments issue CBCCs, provide security services, and perform on-chain settlements, it is suggested that they look for a “never connected to the Internet” solution to store and manage private keys.
Most central banks are taking their time and taking all the necessary precautions to properly weigh the risks and rewards of CDCs. Some may decide to push their participation, especially given the volatility of the crypto market. But any country implementing a CBDC in the near future must ensure it is ready to protect its digital assets and, more importantly, its private keys.
When it comes to blockchain, central banks need to rethink everything they know about IT security needs. Only then can they launch their digital currency with enough peace of mind.
Leo Lamesh He is the co-founder and CEO of GK8, a blockchain cybersecurity company that provides security solutions for financial institutions. Israel’s cyber team, reporting directly to the Prime Minister’s Office and developing its skills, led the successful acquisition of the company from inception for $115 million in November 2021. In the year Under 30 list.