trending Market Intelligence /marketintelligence/en/news-insights/trending/ghgNiGFoxl9qKew09AIetg2 content esgSubNav
In This List

Banks secure blockchain as attempted $1B heist flags cyber dangers


Banks’ Response to Rising Rates & Liquidity Concerns


Navigating Basel IV: Guidance and insight into complying with the new reforms for banks


Banking Essentials Newsletter: 23rd August edition


Banking Essentials Newsletter: 9th August Edition

Banks secure blockchain as attempted $1B heist flags cyber dangers

Anattempted billion-dollar cyberheist has drawn fresh attention to the frailtiesof a financial infrastructure banks and exchanges hope to overhaul using thetechnology at the heart of bitcoin. But developers face a challenge not only inensuring that blockchain-powered markets will be safe from external threats butalso from spying among competitors.

Oneof blockchain's principal attractions, at a time when hacking is one of the biggestdangers to the financial services sector, is its resilience — every transactionmade using it is simultaneously recorded everywhere on the network. No onewould have sufficient processing power to break into all the participatingcomputers, so the data is safe. This, combined with its potential to instantlyverify transactions and provide complete histories of all market activity, hasled to claims blockchain could save lenders $20 billion a year by 2022 and even needs for bond trading.

Banksand other financial institutions have rushed to form partnerships to developmainstream applications for the technology, which is also known by the termdistributed ledger. Goldman SachsGroup Inc., JPMorganChase & Co. and others signed a deal last September with R3,and one of the creators of credit default swaps, Blythe Masters, is now workingon blockchain software at tech firm Digital Asset Holdings.

Cyber heist

Alsoparticipating in the development drive is the , or SWIFT, which handles a messaging serviceused by more than 11,000 banks for making cross-border transfers. SWIFT saysthat blockchain developers need to clear several hurdles before it is ready forwidespread use, including compliance with regulations and better security. Asit happens, though, had SWIFT's messaging system already been using thetechnology, a recent spectacular theft of $81 million, in which thieves were targetingalmost $1 billion, may have been more difficult to carry out.

Keyto the hackers' methods was malware allowing them to delete records of theirfraudulent transactions, so that the victim, the central bank of Bangladesh,didn't realize what was happening until too late, according to an April 25 blogpostby BAE Systems cyber security expert Sergei Shevchenko. If the system had beenbased on blockchain, this would have been impossible.

"Therecord is immutable," Terry Roche, head of fintech research at the TABBGroup consultancy, said in an interview. "Since it would be resident inmany different ledgers … the opportunity to delete those records theoreticallyis eliminated."

Ablockchain system, in which transactions would be visible to otherparticipants, might also make it easier to monitor suspicious transactions,Roche said.

In astatement, SWIFT said it was aware of malware that can be used to hidefraudulent payments on its customers' local systems and stressed that its ownnetwork and core messaging services had not been hacked.

"SWIFTwas simply the highway that the stolen car was driven down," said Roche,noting that BangladeshBank's own system could have been compromised even if the centralbank had been used as the entry point to a blockchain system.

Similarly,while bitcoin itself has never been hacked, plenty of exchanges trading in thecryptocurrency have been, noted Dan O'Prey, chief marketing officer of DigitalAsset Holdings, a participating member of the Linux Foundation's HyperledgerProject, a collaborative effort to develop an industrywide blockchain standardgrouping 40 companies including banks, technology firms and exchanges.

"Theedges of networks always have vulnerabilities," O'Prey said in aninterview.

As aresult, although banks and other financial institutions are already accustomedto storing encrypted keys like those used for distributed ledgers, developersare looking at additional security features including allowing the use ofsubsidiary keys, derived from master keys, which would only provide access topartial data within blockchain systems.

Preserving anonymity

Butmore fundamental problems involving the nature of blockchain itself remain tobe resolved before distributed ledgers can be safe for conventional finance:How to both make something originally conceived for the bitcoin open universework efficiently within a closed system, and do so in a way that allows amarket to preserve the anonymity necessary for normal business.

Inbitcoin, transactions can only be added to the blockchain after a networkparticipant has devoted computer power to solving a cryptographic problem, aprocess known as proof of work. Transactions are then verified by the rest ofthe network. Such a method, which is based on the assumption that some networkmembers may be fraudulent, doesn't work in a closed system, posing asignificant technical problem. This is because verification algorithms forclosed systems involve a set number of communications between every member inthe network, and, as new members are added, the amount of computing workrequired increases exponentially and soon exceeds the capacity of currentsystems.

Anotherproblem is simply that financial institutions are wary of a system thatautomatically records all of their transactions on the computers of all theother network participants. Even if the identity of those behind the deals isnot included on the blockchain, banks and others fear that their competitorswill be able to deduce who is trading what and when, thereby gaining advantage.

"Becauseyou've got all the data you can work out quite a lot of information, or toomuch to be comfortable in financial services especially," O'Prey said."There aredifferent approaches to this; one is to replicate everything but encrypt it.But even then you are still replicating your data on your competitor's server."

Otherways of allaying these concerns involve cryptography to prove transactions havetaken place without presenting evidence, or which just replicate fragments ofinformation about transactions that cannot be reconstructed by anyone not partyto a deal.

Whilethe problems of scale and anonymity are hard, O'Prey is confident they willprove to be soluble relatively quickly. Blockchain could be channeling themajority of financial trades in markets within five years, he said.

Bythat time, blockchain systems might not only be boosting efficiency andsecurity for the financial services companies currently investing in them. Thetechnology's potential to squeeze out middlemen has led some to suggest it mayalso pose a challenge to the very existence of companies like SWIFT.

Butthe denizens of today's financial ecosystem intend to tame rather than besubdued by blockchain. In the case of SWIFT, the company could conceivablystreamline what is a two-phase messaging process for payments to a single step,Sean Tuffy, head of regulatory intelligence at private bank Brown BrothersHarriman, said.

"There'sa lot of work that needs to be done on blockchain, and the economics of it needto be worked out," Tuffy said, adding: "If we were move to ablockchain world, it would be almost natural for SWIFT to lead that becausethey already sit at the nexus of the banking industry."