In recent years, hedge funds have increasingly ventured into the crypto space, enticed by the potential for high returns, diversification benefits, and the growing legitimacy of the sector, demonstrated through its adoption by powerhouse worldwide financial institutions like BlackRock and Fidelity.
But with high rewards come even higher cybersecurity risks.
Hedge funds must face both old and new cybersecurity challenges to protect their crypto assets and sensitive data from cyber threats.
This article outlines essential steps to enforce robust cybersecurity strategies.
I. Never Understimate Basic Cybersecurity Threats
If there is one lesson to be fully learned from this entire article, it is this: a simple email can bankrupt you.
While cybersecurity threats may invoke images of intricate hacking techniques operated by worldwide-spanning villains deploying menacing ransomware, the vast majority of cybersecurity threats, especially the most devastating ones, involve the most basic tool of all: an email.
And it’s not Levitas Capital, a now-defunct hedge fund that managed $75 million, that would say otherwise.
How a Simple Email Forced a +75M Hedge Fund to Close: A Case Study
On September 2020, Australian hedge fund manager Levitas Capital, co-founded by Michael Brookes and Michael Fagan, was at its peak. They had achieved a 20 percent increase that year and were days away from finalizing a $16 million investment.
Then came September 10th, 2020.
On that fateful day, Michael Fagan received what appeared to be an innocuous email containing a link to an even more innocuous Zoom invitation. Unaware of the life-changing effect that link would have on his life and his firm, he clicked on it and forgot about it.
Unbeknownst to him, this link granted a criminal organization full access to Levitas Capital’s email system, utilizing a classic cyber criminal tactic known as business email compromise (BEC).
From that moment on, the perpetrators behind this scheme took the time to familiarize themselves with how Levitas Capital operated, mimicking their writing style, tone, and email interactions to get in — and get the money out.
Once they had achieved their goal, and as they now had the ability to send emails from all compromised parties, they struck on September 15th, 2020.
“In a matter of days, millions of funds were siphoned, Levitas Capital’s reputation was in tatters, and it would end up closing shop soon after.
If you’re interested you can read the whole breakdown of the story here:
How a Simple Email Forced a +75M Hedge Fund to Close
Business email compromise accounted for 99% of all reported threats faced by businesses in 2023, following a vertigo-inducing jump of 81% in 2022. BEC was responsible for more than $2.7 billion in losses in the U.S. alone, according to the FBI Internet Crime (IC3) Report.
Firms with a significant concentration of funds, such as asset managers, are prime targets for BEC criminal ventures.
There are three key steps Hedge funds can take to mitigate basic cybersecurity risks:
Implement Strong Access Controls
Access control is fundamental to cybersecurity. Hedge funds must enforce strict authentication and authorization mechanisms for accessing crypto wallets, trading platforms, and sensitive data. Utilize multi-factor authentication (MFA) for all accounts and employ role-based access controls (RBAC) to limit privileges based on job responsibilities.
Hedge funds should regularly review and update access controls to mitigate unauthorized access risks. This notably includes implementing an offboarding process for employees to ensure that no one leaves with access to sensitive information.
Secure Network Infrastructure
Secure network architecture is crucial for protecting against cyber threats. Hedge funds should implement firewalls, intrusion detection systems (IDS), and encryption protocols to safeguard sensitive data and transactions.
Regularly update software and firmware to patch vulnerabilities and deploy robust endpoint security solutions to protect against malware and ransomware attacks.
Continuous security audits are imperative for identifying vulnerabilities. Hedge funds dealing with crypto assets (or not) should engage third-party auditors to conduct comprehensive assessments of their IT infrastructure, trading systems, and storage solutions.
Educate Employees on Cybersecurity Risks
This last recommendation is probably the one that is taken the most lightly by companies, yet it is as, if not more, crucial a step to undertake to protect one’s company.
As we have seen in the Levitas case, employees, executives — anyone who has access to the company — has become today’s greatest attack vector for cybercriminals.
Human error is a significant cybersecurity threat.
Hedge funds should prioritize employee training and awareness programs tailored to cybersecurity and crypto asset security. Educate staff about phishing scams, social engineering tactics, and best practices for securely handling sensitive data and crypto transactions.
Cybersecurity education should not be limited to a basic Q&A every two years. Instead, it should involve on-site training complemented by an ongoing program that raises awareness of new threats as they emerge, rather than waiting until it’s too late. This effort should be accompanied by developing protocols for reporting suspicious activities and fostering a culture of vigilance to prevent insider threats and inadvertent data breaches.
Furthermore, the era of AI has opened the door to new cybersecurity threats.
Fraudsters now have access to AI tools that enable highly sophisticated attacks on an industrial scale, which makes navigating both Web2 and Web3 spaces even more challenging, hostile, and filled with traps for hedge funds
Learn more on the subject here:
AI-Powered Scams: The New Threat
Now, more than ever, operating a ‘traditional’ hedge fund safely is increasingly challenging. Hedge funds involved in crypto face an even more daunting set of security challenges on top of the classic ones.
II. Building Effective Crypto Security Risk Management Processes
Multi-factor authentication, strong email authentication protocols, and strict financial controls are essential.
Additionally, implementing a foolproof security suite can help mitigate the risks associated with malicious software downloads through links or even PDFs.
PDFs Are Emptying Crypto Wallets!
However, these are primarily security practices that are involved in securing asset managers from basic threats. The security threats facing crypto hedge funds are substantially more extensive, as they include their own unique security challenges and the threats faced by the protocols and tokens, whether centralized or not, that they engage with.
With more than $2 billion lost in 2023 and hacks occurring almost daily, it’s safe to say that the crypto landscape is rife with security risks.
Despite the pervasive security risks in the crypto landscape, hedge funds can still take basic steps to mitigate the risks they face as much as possible.
Securing Private Keys
$112.5 million was lost in a private key exploit involving Chris Larsen, chairman of Ripple, in January 2024.
Private key exploits were the most damaging hacks for the crypto space in 2023, resulting in $765 million lost through 27 incidents targeting every type of crypto actor.
Although there is no foolproof technique to guarantee the security of one’s private keys, there are countless steps that hedge funds can take to mitigate the risk associated with private key exploits.
We have prepared a detailed report outlining what to do and what NOT to do to keep your private keys safe. Dive into the report now:
How to Secure Your and Your Company’s Crypto Wallet Private Keys
Securing Crypto Wallets And On-Chain Live Monitoring Threats
Crypto wallets are prime targets for cyberattacks.
The most basic step for any hedge fund is to store their crypto assets in secure wallets with robust encryption standards, such as hardware wallets. Use hardware wallets for large holdings and limit exposure to security risks by keeping only operational amounts in hot wallets when necessary for interaction and transactions with other parties.
However, this step only goes so far. Ultimately, hedge funds will need to interact live with third parties on the blockchain, and that’s where the risk lies.
That’s why at Nefture Security, we protect DeFi asset managers from crypto threats by detecting on-chain vulnerabilities in real-time. We block suspicious transactions by providing security information on every transaction leaving our clients’ wallets.
Additionally, we monitor users’ assets in real-time, tracking events on smart contracts and wallet activity to send alerts in case of suspicious activity, such as private key theft, phishing attacks, or other vulnerabilities.
Nefture ensures that only safe transactions are processed, and dangerous transactions are blocked.
Implementing a robust monitoring and incident response framework to detect and mitigate threats promptly is key to ensuring the safety of digital assets.
Whitelisting And Address Poisoning
Hedge funds engage with multiple counterparties’ addresses, which exposes them to two main risks: address poisoning (or zero-value transactions) and incorrect deposit addresses.
New Scam in Crypto Town: “Zero-Value Transactions”
The security risk posed by address poisoning can have enormous implications and may even lead to financial ruin, as exemplified by a recent incident where $68 million was lost in a single transaction due to the inadvertent use of a malicious address instead of a legitimate one in an address poisoning attack.
A simple step to circumvent these risks is to whitelist the addresses you interact with. At Nefture, we have developed an efficient tool for whitelisting addresses you engage with!
More, Nefture protection goes beyond whitelisting, we safeguard against address poisoning by verifying and validating addresses involved in transactions.
Nefture cross-checks addresses against known databases and employs security protocols to ensure that the addresses you interact with are legitimate. This helps prevent malicious actors from tricking you into sending funds to fraudulent or incorrect addresses.
Another tip is to not hesitate to directly communicate with the counterparty you transact with on a 3–6 month rotation, and before any subsequent transaction, to verify if their deposit address has been updated. This can help prevent potential issues in case they have forgotten to communicate any changes.
Check Your Approvals, Save Your Wallet
Approvals are an essential part of using decentralized apps and wallets, but they can also pose a potential security risk to asset managers’ hot wallets.
In fact, approvals represent a silent threat to one’s crypto wallet security.
The issue lies in the fact that Web3 users often do not fully understand the implications of granting “approval” to the platforms they use. This confusion may arise because “approval” is sometimes mistaken for “signing” a transaction, although they are fundamentally different actions.
When you approve a smart contract or app, you give it permission to access your tokens, collect data, and perform actions on your behalf.
The critical point here is that depending on the scope and permissions of these approvals, they can allow an entity to perform any action possible with your crypto wallet.
If a DApp is malicious or hacked, it can put your funds and personal information at risk. Many hacks involve exploiting old or obsolete versions of smart contracts, as seen in incidents like the $2.5 million Atlantis Loan hack and the $3 million NFT Trader hack.
An essential practice for crypto security hygiene is to conduct routine security checks monthly or bimonthly to ensure that your hot wallet is not unnecessarily exposed to approval exploits.
That’s why we have developed a tool to help you mitigate the threat posed by approvals to your crypto wallet.
It’s a quick, easy-to-use, and free wallet health check!
Our free vulnerabilities scanning tool does not need you to connect your wallet, but just to copy-paste your address.
Then, in just seconds, you will be provided your wallet score based on the quality of the approvals you have granted.
If you have granted approvals to entities entangled with suspicious activities on the blockchain, or that have potential for exploit, you will receive a low score.
If you’re (relatively) safe, you will receive the highest score!
Diversification As A Security Risk Mitigation Strategy
By diversifying their investments across different cryptocurrencies, exchanges, or platforms, hedge funds reduce their dependency on any single counterparty. Diversification helps spread risk across multiple parties, thereby reducing the impact of any single counterparty failure.
Every cryptocurrency exchange and DeFi platform faces security risks. Diversifying holdings across multiple reputable exchanges can help mitigate the risk of one exchange experiencing security issues. This approach ensures that hedge funds are not overly exposed to the security vulnerabilities of any single actor.
Screening Security for Crypto Third Parties
It’s crucial, given the onslaught that crypto companies face, to ensure that you invest funds in protocols and tokens that are not highly vulnerable to security breaches.
Here’s a security checklist outlining necessary actions that third parties you engage with should have taken to protect themselves against various security breaches:
1.Recruiting a strong team of developers capable of writing high-quality code, ensuring from the beginning that the possibility of security breaches will be quasi non-existent.
2.Smart contract audits from independent and knowledgeable auditors such as Halborn, Certik, Hacken, etc., to conduct penetration testing and smart contract analysis to identify and fix security vulnerabilities.
3. Regular security updates and analysis as well as an ongoing threat monitoring and proactive threat detection process.
4.Implementing strong cybersecurity practices, such as providing high-level education on cyber attack risks to every member of the company to prevent hacking, phishing, and ransomware attacks, especially private key exploits.
5. A high level of data encryption, as well as toughened processes to restrict access to internal systems and data.
6. A bug bounty program to ensure continued awareness of old and new vulnerabilities.
7. An alert reporting system, as well as an incident response plan to respond to security breaches and ensure a coordinated and effective response to security incidents when they occur.
Nefture provides strong defense against malicious counterparty threats through our innovative dual-layered approach.
The Due Diligence Report
Introducing Nefture’s DeFi Protocol Due Diligence Report — your solution for effortless counterparty risk management.
Navigating counterparty due diligence has never been this easy. Essential to risk management in the crypto industry, our tool simplifies and accelerates the evaluation of potential investment opportunities, ensuring you only engage with trustworthy entities.
Our comprehensive Due Diligence Report covers over 25 criteria, including protocol security, code reviews, audits, inter-protocol dependencies, liquidity analysis, governance assessments, and ownership monitoring.
We also delve into testnet usage, contract modifications, auditor reviews, and off-chain data. This thorough approach guarantees a reliable assessment, even for new protocols with limited histories.
By leveraging our tool, you tackle common challenges such as lengthy due diligence processes, difficulties in pre-selecting protocols, and accessing audit data. Supported by a dedicated team of over seven professionals available 24/7, Nefture provides the expertise and resources to overcome the limitations of manual risk assessment.
This results in faster, more accurate validation, allowing your team to focus on strategic decisions without being bogged down by time-consuming tasks.
24/7 Monitoring of Threatening Contract Upgrades
Secondly, our live monitoring system continuously tracks a wide range of malicious activity indicators.
Whether a counterparty is waiting to execute a rug pull, a protocol faces a takeover that turns it into a threat, or a malicious smart contract upgrade occurs due to an exploit, our system is on alert.
We monitor for unusual or potentially illicit activities such as unexpected spikes in transaction volumes, irregular trading patterns, and the deployment of smart contracts with obfuscated code.
Furthermore, to ensure the safety of our clients’ digital assets, Nefture provides alerts about contract upgrade from protocols and any entities they engage with that could pose a threat.
Our detection system ensures that all upgrades are meticulously tracked, verified, and screened, alerting clients to potential malicious endeavour that could compromise their financial security.
With Nefture’s dual-layered defense, your investments is safeguarded from both pre-engagement risks and ongoing malicious counterparty risks.
Cybersecurity is a critical consideration for hedge funds operating in the crypto market.
By anticipating security risks, implementing robust security measures, and fostering a culture of cybersecurity awareness, hedge funds can mitigate risks associated with managing crypto assets and protect investor interests.
Continuous investment in cybersecurity infrastructure and proactive risk management are essential to navigate the treacherous waters of the crypto landscape!
About us
Nefture is a Web3 real-time security and risk prevention platform that detects on-chain vulnerabilities and protects digital assets, protocols and asset managers from significant losses or threats.Nefture core services includes Real-Time Transaction Security and a Threat Monitoring Platform that provides accurate exploits detections and fully customized alerts covering hundreds of risk types with a clear expertise in DeFi.Today, Nefture proudly collaborates with leading projects and asset managers, providing them with unparalleled security solutions.Book a demo🤝
Cybersecurity Best Practices for Hedge Funds Dealing with Crypto Assets was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.