- Coinbase controls most of the custody market for the Bitcoin and Ethereum ETF issuers, making it a centralized vulnerability that hackers can target.
- The FBI recently warned that North Korean hackers are targeting ETF issuers in a shift from their traditional DeFi and CEXes targets.
The advent of Bitcoin ETFs earlier this year, and the subsequent debut of their Ethereum counterparts were landmark events for the crypto sector, availing these regulated crypto products to the most sophisticated investors and attracting billions of dollars into the sector. However, they are emerging as major targets for hackers, and Coinbase could be the weakest link.
As we reported this week, the US FBI warned that hackers from North Korea are now shifting gears to target ETFs. These hackers have targeted DeFi projects whose security tends to be lax; just this week, Penpie, a DeFi protocol, was hacked and lost $27 million. Hackers have also targeted centralized exchanges, and while these tend to have better security, the amount of money they hold is enough to have the hackers working on one target for several months. Last year, Chainalysis revealed that hackers made away with $1.7 billion.
The one thing all the targets have in common is that they centralize the storage of crypto. In its recent warning, the FBI captured this, noting that the hackers are “a persistent threat to organizations with access to large quantities of cryptocurrency-related assets or products,” and what could hold larger quantities of crypto than ETFs?
Coinbase the Weakest Link for Crypto ETFs
As Fox Business reporter Eleanor Terrett notes, Coinbase has monopolized the custody of BTC and ETH held by the ETF issuers.
It doesn’t bode well that nearly all crypto ETF issuers have the same custodian for all their $BTC and $ETH. This makes @coinbase a potential single point of failure and that’s scary. https://t.co/47RNMQ5dQN
— Eleanor Terrett (@EleanorTerrett) September 4, 2024
For context, Coinbase is the custodian for eight of the BTC ETF issuers, either as the primary partner for the likes of BlackRock, Grayscale and ARK, or the secondary partner for the likes of Valkyrie and VanEck. BlackRock and Grayscale are the market leaders, holding over $40 billion worth of BTC. If a hacker managed to breach Coinbase Custody, he would theoretically access over 70% of the entire Bitcoin ETF assets under management, potentially collapsing an industry that’s not even one year old.
Coinbase is arguably crypto’s most secure platform, as David Schwed, the former head of digital assets at BNY Mellon, sums it up:
It’s not Coinbase itself that worries me here. The firm has never been hit by a known hack, which explains why so many traditional institutions trust its know-how.
However, that doesn’t make it impenetrable, as some bigger companies in other industries have also been hit in the past decade, showing that no company is immune. Schwed comments:
However, there is no such thing as an unhackable target — anything and anyone can be compromised, given enough time and resources.
Fox’s Terrett argues that this massive vulnerability could be resolved if the government allows banks to custody crypto by amending SAB 121, a controversial law that places immense requirements on banks that seek to custody digital assets.
This is case in point for why SAB 121 should be repealed. The @SECGov is discouraging federally regulated banks from custodying crypto, narrowing the custodian pool, thus making them more centralized and potentially vulnerable.
The government should WANT a federally regulated… https://t.co/8EULtwXK4q
— Eleanor Terrett (@EleanorTerrett) September 4, 2024