Highly secret assets are integral to a business. It doesn’t take much effort to conjure examples of some of the most beloved brands that hype the value of their trade secrets. Special fast food sauces, building block plastic that cannot be replicated, soda ingredients kept under physical lock and key, the secret baked beans recipe that could be revealed at any moment by a talking golden retriever. Corporations must steadfastly protect their critical trade secrets to remain competitive. In parallel, they establish sound succession plans for the handing down of proprietary information when trusted company leaders move on from the company, retire or pass away. But when digital goods, including cryptocurrencies and private wallet keys, come into play, asset protection and succession plans don’t always align.
A Canadian cryptocurrency exchange recently found itself in the crosshairs of such a misalignment. When the company’s CEO—allegedly the only person with the private keys to cryptocurrency wallets containing more than $100 million in company money—died unexpectedly, successors were left without access to critical funds. The company was suddenly unable to pay investors, and filed for protection under the Canadian Companies’ Creditors Arrangement Act, leaving shareholders questioning when, or whether, they will recover their money. Other troubling and mysterious facts have emerged around this particular matter. At a minimum, it has served as a stark reminder of the importance of including passwords, access codes, and crypto keys as part of broader trade secret protection and succession planning.
The unique challenge in doing this is that when it comes to cryptocurrencies, keeping private keys private is crucial. In just about every search related to cryptocurrency, mantras like “if you don’t own and secure your private key, you don’t own your coins,” will appear. While this rule is true for individual cryptocurrency owners, it can’t necessarily apply to a business whose assets, and investments, are secured by cryptocurrencies or are cryptocurrencies themselves.
Unless a business or its representatives are actively trading, digital assets such as BTC, ETH, or LTC should be stored away from exchanges and hosted wallets. First and foremost, this helps to reduce the risk of losing all of the coins in one fell swoop. Exchanges and third-party wallets hold private keys on a user’s behalf. Given the volume of currency they store, they are common targets of threat actors. Industry reports have indicated increased attacks aimed at digital wallets and computing resources used for mining bitcoins. If an attack is successful, if something else goes wrong with the host’s servers or if the exchange decides to shut down (which we’ve repeatedly seen in these volatile crypto market early days), the monies represented by those coins are at risk.
As an alternative to hosted wallets, many individuals and organizations secure cryptocurrencies offline, via what’s known as cold storage or, cold wallets. Cold storage allows companies to store private keys in a disconnected environment. There are many forms of cold storage, including paper, a hardware wallet, external devices, and desktop applications. While cold storage is an effective way to store cryptocurrencies offline, each type of cold storage has its own pros and cons. Companies considering them need to be thoughtful about which is most appropriate for their business needs, and how access to them will be managed, safeguarded, and incorporated into the succession plan.
Still, cold storage isn’t the sole solution to securing crypto assets long-term. Just like a trade secret, or regular use of sensitive data, cryptocurrency must be addressed in broader information governance programs. Business leaders, legal, and IT security teams should work hand-in-hand to implement information governance best practices. These should include sound hygiene relating to data redundancy, asset tracking, business knowledge transfer, and succession planning, specifically designed to address digital assets and currencies.
Likewise, consumers, shareholders, and partners of companies working with the constantly changing and the unpredictable cryptocurrency market have a responsibility to ask the tough questions about business practices before placing trust. By doing so, the entire ecosystem will be strengthened against misuse and threats, and help bring forth standards. As business users demand more transparency, cryptocurrency companies will become stronger in how they implement and disclose best practices for greater trust and resulting market share.