A cause for celebration for crypto enthusiasts but a cause for worry for cybersecurity experts – the approval of the first spot Bitcoin ETFs is exposing a whole new segment of investors to concentration risk, wrote David Schwed. In an opinion piece for Coindesk, the COO of cybersecurity firm Halborn warned that currently regulatory standards are not ready to guard this new asset class.
11 exchange traded products (ETPs) have been cleared by the US Securities and Exchange Commission (SEC) to list, and most of them intend to use Coinbase as their custodian. David Schwed described the situation as one that gives him pause – the concentration risk, compounded by “the inherently high-risk nature of crypto custodianship and the still-evolving nature of security best practices”, cannot be good news.
He clarified that his critique was not an expression of doubt in the abilities of Coinbase, which has never been hacked. “However, there is no such thing as an unhackable target – anything and anyone can be compromised, given enough time and resources,” he wrote.
Coinbase might be deemed a “qualified custodian”, but David Schwed doesn’t think that the designation is as reassuring as it might sound. He described the qualification as a “regulatory sign-off” overseen by regulators “largely focused on traditional banking” who are “not cybersecurity experts, and certainly not crypto experts”.
“It is well past time to refine the cybersecurity standards for qualified custodian designation,” he urged. In a new world where “rigorous cybersecurity standards are just as important to financial stability as honest disclosures and financial audits”, regulators who truly care about investor protection will have to adapt, and quickly.