In December 2017, the value of bitcoin hit an all-time high of $20,000, making it the type of commodity owners need insured. But just a few months later, Tokyo-based exchange Coincheck reported a loss of around $534 million worth of coins to hackers.
And in the first half of 2018 alone, roughly $1.1 billion worth of cryptocurrency was stolen, according to cybersecurity company Carbon Black.
Cryptocurrency owners have two options for how to store their digital currency: cold storage, where data is stored offline, on a USB stick or hard drive; or hot storage, where data is stored on a cloud system, such as with a wallet or exchange service.
For insurers, the risk is “pretty clearly defined,” says Greg Bangs, senior vice president, regional crime manager for North America with AXA XL. “The hot wallet exposure is a significant exposure—hackers can get it, and they’re proving it over and over. The cold storage exposure is really more of a traditional vault-type risk.”
The value of bitcoin lies in the private key—a string of code that, when combined with the public key, represents the cryptocurrency. Insurers like AXA XL are only willing to consider high excess coverage for “an organization that has a very large cold storage cryptocurrency exposure,” as long as “they can demonstrate sound security practice,” Bangs says.
An example of these practices includes “sharding the key,” which involves “dividing up the private key into separate geographical locations,” Bangs explains. “In order to recombine that key, thieves would have to get those shards from each location, which means they’d have to physically get into each vault. I won’t say it’s impossible, but it’s extremely hard to do.”
Wild fluctuations in cryptocurrency values present another challenge to insurers. “It’s concerning because the risk that you’ve underwritten for a $5- to $10-million exposure suddenly has a $30-million exposure,” Bangs says. “It’s really something that you have to keep an eye on. Otherwise, these values will creep up on you pretty quickly.”
Insuring cryptocurrency in hot storage, which Bangs describes as “the overwhelming bulk of the exposure,” won’t be an option until there are major improvements in security controls.
“There are too many hacks going on, and there’s too much cryptocurrency walking out the door to theft,” Bangs says. “It’s a little bit of a Wild West right now.”
Will Jones is IA assistant editor.