Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Why the FTX Collapse Was an Identity Problem
Cryptocurrency has a valuable role to play in a Web3 world — but only if the public can fully trust it.
May 8, 2023
4 Min Read
Source: JL via Alamy Stock Photo
The romance with cryptocurrency is over. After years of growth and investment gains, things came tumbling down with the collapse of the FTX Trading exchange in November 2022. The carnage was palpable.
Since then, investors have dumped crypto, the news media has churned out a stream of stories about failed exchanges, and political leaders have demonized digital currencies. And all for good reason.
At a US House Financial Services Committee hearing last December, John J. Ray, the new CEO of FTX, admitted to lawmakers that there had been "no record keeping whatsoever," and confessed that the crypto exchange had essentially engaged in "old-fashioned embezzlement."
So, it's understandable that markets, politicians, the press, and the public are seething. At first glance, all this chaos and turmoil indicates that something is fundamentally wrong with crypto. However, nothing could be further from the truth.
The stampede away from crypto isn't a referendum on its value to society — or on the underlying blockchain technology. The affliction affecting crypto is, at its heart, an identity problem.
Moving Beyond Currencies
Crypto enables transactions through the Internet and metaverse that otherwise aren't possible. Along with blockchain, it allows individuals to maintain ownership over money, data, and other assets in a highly interconnected digital world, and without a central authority.
But while digital ownership is crucial for unleashing all sorts of innovation, there's a problem exposed by the FTX collapse. It's the built-in security flaws of the digital wallets that held individuals' crypto assets.
Clients at FTX lacked the one thing that could have protected their funds: They didn't own the encryption keys to their digital wallets. FTX — the central authority — did. And with no regulators in place to oversee transactions and interactions, things spiraled out of control.
Digital Wallets Hold the Keys to Crypto
A digital wallet with crypto allows a person to buy and exchange nonfungible tokens (NFTs) and other digital assets, and even use physical objects in the virtual world, and vice versa.
While blockchain moved the administration of digital assets away from a central authority (e.g., banks), the digital wallet acting as a vault to those assets has generally remained under the control of the central authority. This is what allowed FTX to access client funds without consent.
What's currently lacking is a built-in mechanism for establishing ownership online and then securing the wallet to that identity. Fortunately, the answer isn't complicated, nor is it terribly expensive. Self-sovereign identity (SSI) gives users control over their digital identity — and everything that comes with it. This includes digital currency, virtual objects, NFTs, and more. Think of an SSI as a secure and private digital passport that fuses identity data and an identity wallet.
SSI is critical for building out a virtual world that matches trust that already exists in the physical world. These include property rights; laws and regulations set by governments and financial institutions so that it's possible to transfer ownership of property and goods; and central administrators like escrow companies that manage larger, more complex transactions.
With a secure digital wallet, the equation flips from inherently unsafe and untrusted to an environment that offers a high level of security. Without it, it's impossible to unlock the full value of Web3, the metaverse, and other decentralized token-based innovations.
A Matter of Identity
Arriving at this higher plane requires a basic recognition: Before anyone can trust anything, it's critical to prove a person's identity. Unfortunately, passwords are inherently weak and easily compromised, multifactor authentication is clumsy and far from foolproof, and third-party authenticators are a pain to use. They add steps and time to what should be an ultra-fast task.
Meanwhile, the same Web3-powered decentralized technologies, like blockchain, that underpin cryptocurrency can deliver SSI and provide users with control over their personal data. Instead of relying on third parties for identity verification, an SSI framework can be used to store multiple verified identity documents, such as a passport, driver's license, tax documents, etc., in a secured digital wallet.
A blockchain-based distributed ledger allows all IDs placed in the wallet to be managed by the user so they can control which identity data they want to share with third parties, including financial service providers, government agencies, healthcare providers, etc. The adoption of SSI makes it possible to bake security into cryptocurrency and a Web3 world, by fully vetting and verifying an individual using a paired public-private key to bind their identity and verified credential documents.
In addition, by adhering to well-established technical authentication standards and incorporating blockchain, SSI eliminates the need for an individual's identity to be locked into each provider's ecosystem. Since users have control over when, with whom, and under what conditions they share elements of their digital identity, fraud incidents like FTX can be eliminated.
Of course, digital transactions will continue to trend upward and a growing array of activities — and interactions — will span the physical and digital worlds. The need for a more secure framework for goods, objects, and property rights must take shape, preferably sooner rather than later. With the right identity safeguards and controls, we can reduce fraud and facilitate growth and innovation online. Cryptocurrency has a valuable role to play in a Web3 world — but only if the public can fully trust it.
About the Author(s)
Rohan Pinto is CTO of 1Kosmos. He previously architected security infrastructure for the Government of Ontario and the Health Information Access Layer for the Province of British Columbia, and is involved in establishing the United States Department of Defense’s Security Access Layer using Common Access Cards (CAC). Pinto is also an active member of the Decentralized Identity Foundation and the FIDO (Fast Identity Online) Alliance.
You May Also Like
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
Securing the Software Development Life Cycle from Start to FinishMar 06, 2024
Laptop with ransomware, and bitcoin in the palm of a man's hand to illustrate ransomwareCyberattacks & Data Breaches