This is Bloomberg Crypto and Daily Bloomberg. I heard podcast and I'm Stacy Marie Ishmael, Managing editor of Crypto for Bloomberg News. It's Tuesday, September six. Sometimes it feels like everywhere you look there's somehow yet another crypto hack happening.
By some estimates, major crypto hacks two have cost the industry nearly two billion dollars this year alone, and those headline numbers don't even typically take account of the smaller exploits the target individual consumer accounts, so the real number is probably way bigger. In light of all this digital theft, crypto holders, the venture capitalists who invest in crypto companies, and the leaders of those organizations seem to only be
focusing on security. So how should people who hold crypto protect their assets and what kinds of security measures are currently in focus in the industry. Joining me now is Bloomberg Reports to Hannah Miller. We've really seen a lot of people in the industry come together to encourage safer, more secure usage of crypto. Hannah, always a pleasure to have you on the show. Thank you for having me.
We're going to talk about security again. I feel like we talked about security a lot, but I think it's because crypto seems to be bad at it. So, you know, in the time since we last talked about security, there have been several more hacks worth several hundred million dollars, so it feels like a relevant thing for us to be discussing. One of the stories that you wrote recently on this topic was about people turning to what are known as hardware wallets in response to this steady stream
of hacks and scams. What exactly is a hardware wallet? How do the work? Yeah, so think of something like a USB stick or you know, some of them even look like a credit card. These are physical devices that protect the private keys, which are essentially the passwords that you would need to access your crypto holdings. And they keep these passwords offline. So that's why they're called cold wallets or hardware wallets. These are physical devices that keep
your private keys offline. And what's the advantage of having your private keys offline? So like, if I, let's say I have my private keys in my email or my job books, like, what could possibly go wrong? Well, the Internet is a scary place. So hardware wallets add another layer of protection that keeps your keys safe from hackers.
There are still ways that hardware wallets can be compromised, but it's much more challenging than with an online wallet that might have an error in its code or something where a third party provider that's working with the wallet
has a security flaw. We've seen with a lot of these hacks, people connect their digital wallets using a link that they think is safe, that is from you know, an official crypto source or someone in the industry, and it ends up exposing their wallet and their assets get wiped. It's a really scary thing. So this really plays into this idea of you know, not your keys, not your coins, where if you are not in physical, solitary protected possession of the things that able you to access your crypto,
they're not really yours. Right, So that if if you have your crypto stored in one of these digital wallets they're describing and somebody hacks that, well, you know, tough cookies for you, there's sort of no recourse or real ability for you to get that back. Well, with some of these digital wallets, you do manage your keys, they're self custody wallets, and that would fall into the category of this, these are your keys, this is your crypto. But what a lot of people go for our digital
wallets that are managed by you know, exchange. For example, both Finance and coin base have wallet options where you put your crypto in them, but the exchange itself controls and manages the keys. And so some people would say, well, those aren't your keys, that's not your crypto. You know, your crypto is vulnerable, even though you may trust this exchange and you know they haven't stolen from you in
the past or anything like that. And even if it's not a question of them stealing from you, even if we were talking about companies that have developed a pretty reputable track record, there is still the possibility that they could themselves be compromised. Is that the concern? That is a concern? You know, there are other options to Like
people have been putting their crypto into lending platforms. Uh So we saw that with Voyager and Celsius, and then when these platforms had to freeze withdrawals, people were not able to access their holdings or get their money back out. So with all these factors coming together, people are turning to hardware wallets. They want these cold wallets that give
them more control over their crypto and keep it more secure. Here. Now, one of the things that's interesting about this idea of a hardware wallet, you know, you describe them as like they could be a USB stick, they could be something that looks more like a traditional credit card. This could also just be something you've written down in a piece of paper that's like, these are my keys and nobody else has access to them. So it doesn't necessarily have to be like a device. You're referencing an O G
paper wallet, So people do do that. You know, that is like considered to be a type of wallet. It's a very cool, but yeah, the big issue is what if I lose this piece of paper? What if I lose you know, these devices, so you always have to have backups or maybe have another trusted person you know, what your keys are. But yeah, I mean these hardware wallets, they're really great and that they're these nice small devices.
They're easily transportable, but they can be easy to lose, and people also don't like paying money to get them. It's like, give me, give me free security that is super robust and you know, super convenient. Those three things are rarely true at once, Right, the most secure solutions for something are often the least convenient because that source of the point. You want to make it hard and annoying for somebody to hack you. And as as I listened to you talk about this, I'm reminded of the
very similar conversation that folks have about password security. And you know the fact that a best practice is using not just two factor authentication or multi factor authentication, but using physical multi factor authentication in the form of like a USB thing that you plug into your computer, and
if that's not there, you don't do it. And then people either don't want to do that because it's annoying, and if you switch computers and you don't have it, you can't log into your thing or you lose the thing. We as a species seemed to be quite bad at balancing this trade off between security and convenience. So how are folks who work in and around bitcoin and crypto helping consumer adoption? Like, what are the strategies they're trying
to use here? Yeah, I mean, you really touched on this idea that people choose the path of least resistance. They're gonna want to get that app that you can download easily online and you know, jump on board with it and just immediately start, you know, using it. With hardware wallets, you might have to order it online wait a few days. But we have seen moves by hardware wallet makers to make these devices more accessible. Ledger, for example, which is a really big startup based in France, they
create a hardware wallet. You can buy their product at best Buy. You can drive on over there, get it in less than an hour, you know, and have it and start using it. So they're kind of making these very consumer friendly products. They ran a promotion after a big hack involving a Salana based wallet. You know, they're doing a lot of outreach on Twitter. They're making these devices look cute with different designs, and then you have people within the industry advocating for the use of these
hardware wallets. We saw after this Alatta wallet hack, the Salona Foundation urged people to get hardware wallets, start using hardware wallets. So we've really seen a lot of people in the industry come together to encourage safer, more secure usage of crypto. Coming up. How the crypto industry is approaching the need for better security measures. With Bloomberger porta Hannah Miller. Now I want to go back to something that you said a little bit ago, which is that
hardware wallets are still potentially vulnerable. I remember in I think it was late twenty Ledger, who you mentioned, the French startup, were themselves compromised in kind of slightly diabolical way, which is that their servers were affected by a breach, and then that you know what they described as an unauthorized third party We're able to access their software which they used to power some of those wallets, which could
have potentially compromised those wallets. Now that's a degree of sophistication, but as we heard our colleague Jeff Stone on the Cybersecurity Desks say, it's also not outside the realm of possibility that these things are going to happen. If you have nation state hackers operating out of places like North Korea who realized that hacking crypto is a good profitable way forward, this is like the level of risk that folks who are using crypto in any form need to
get comfortable with. Can you keep up with the technology that hackers are using to get into new spaces, Yes, of course. I mean, you know, hikers are always hiking in the exactly the same way. You know, the problem is education in the space, and you know, people are understanding that how many people are really prepared for going up against North Korean hackers? Though, Like I just I feel like across the industry that seems like something that's
not discussed at that level very often. Yeah, it is definitely a thing that's becoming more prominent within the industry. People are getting worried, and that's why I think we've seen a lot of interest grow in blockchains to purity startups, even as fundraising has declined within the crypto industry more broadly, there are still strong interest in security startups. Ledger, for example,
is looking to raise you another huge round. We have seen some other smaller companies come to prominence, So people are wanting to tackle these issues. You know. One of the people I spoke to for my wallet article is with how Born, a blockchain security firm, and they are so active and just advising startups working with major crypto companies to build better security solutions. So this is something the industry is actively working on. Why are they working
on it now? Is it a response to the sort of the threat or potential of regulation, is that the people are finally tired of losing hundreds of millions of dollars at a time. Yeah, I think just these hacks keep happening there, keep happening to, you know, just regular people who might not know a ton about crypto. There is a lack of consumer protection and regulation around this area. So I think people are coming together and kind of preparing for greater regulation and just greater focus on the
industry in general. I mean, hacks get reported on all the time. Crypto Twitter is super active in talking about them. There's just a bigger spotlight on the industry and issues within it. The last time that we talked about this, you know, one of the things that you said was just like, nobody should ever click on any links, and which there's advice I try to give to my friends and family as well, but they're like, but the whole Internet.
I'm like, yeah, I know. It's a problem in terms of other than you know, folks having the ability or the relative degree of savvyists to switch over to you know, solutions like o G paper wallets or or hardware wallets. What are some of the other types of consumer friendly guidance you have seen out there or at least not consumer unfriendly. I would say, yeah, no, I would say that people just need to be more suspicious us. I've seen a lot of people on crypto Twitter, you know,
sounding the alert when a hack happens. Um, We've seen you know, security firms like Curtic they run these crypto alert accounts that actually, you know, tell people when a hack is happening. So I think just really paying attention to what's going on and really thinking before you click, because a lot of these websites that have these links mimic those of real crypto platforms and really down to the letter. So it's it's something that people have to
really pay attention to. And you know, there are even you know, security courses you can take online that help educate you on how to to best navigate the industry and things like that that could be helpful for for users to take advantage of, you know, long story shorts. It's a question of when somebody will try to come for you with something fraudulent or scam as opposed to if yes, I'm not pleasant notes, I think I think we shall leave it there. Thank you so much, Hannah,
always a pleasure. Thank you You can find more of Hannah's reporting on the Bloomberg terminal, on Bloomberg dot com or on Twitter. She's at h G. Miller twenty nine. On the next episode of Bloomberg Crypto. Singapore established itself early on as a hub for crypto and for blockchain technology. Now, like many regulatory regimes around the world, it's dealing with the aftermath of several high profile collapses. We'll dive into
these issues that are being faced by Singaporean regulators. This is Bloomberg Crypto, a daily podcast from Bloomberg and I Heart Radio. For more shows from I Heart Radio, visit the I Heart Radio app, Apple Podcasts, or wherever you get your podcasts. Send us your comments, questions, or suggestions for the show to Crypto at Bloomberg dot net or find us on Twitter. We're at Crypto. The supervising producer of Bloomberg Crypto is Vicky Verglina. Our senior producer is
Janet Babin. Our producer is Sharon Barriro. Associate producer is Ty Butler. Desta wonder At is our engineer. Original music by Leo Sidron. I'm Stacy Marie Schmal. We'll be back tomorrow