6 November 2018

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to insure their assets. According to CryptoIns analysts, the crypto assets insurance market is expected to reach $7 billion by 2023.

While developing the insurance program the two companies have scored more than 20 crypto exchanges and crypto wallets providers using both open-source information, available on exchanges’ websites and analytical capabilities of Group-IB’s Threat Intelligence (TI) system. In particular, Group-IB TI correlates information about different cyber threats, Internet fraud, data leaks, attacks and hackers’ activity in real time, which allows to analyze past incidents, predict and mitigate any targeted attacks, including on cryptocurrency exchanges.

Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats. The list of platforms now includes large exchanges, such as Kraken, Binance, Coincheck, Bithumb, HitBTC and many more. The full list of platforms is available on CryptoIns website. Going forward, the list of exchanges where users are eligible for insurance is expected to expand.

Why do crypto exchanges’ users need insurance?

According to Group-IB’s annual «2018 Hi-Tech Crime Trends» report, the estimated damage caused by targeted attacks on cryptocurrency exchanges in 2017 and the first three quarters of 2018 amounted to $877 million. During this period, at least 13 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group. Hackers attack not only exchanges, but also its clients. A Group-IB report «2018 Cryptocurrency Exchanges: Analysis of User Account Leaks» shows a steady increase in incidents involving compromised user accounts. From 2016 to 2017, the number of such incidents increased by 369 percent.

The lack of reliability and security of storing and withdrawing funds is one of the main deterrents for institutional investors managing cryptocurrency assets.

The crypto industry does not have sufficient means of securing customers’ funds against attacks by scammers and hackers ;Under the current circumstances, insurance of cryptocurrency assets on crypto exchanges is a good way to shield yourself from the risks most users are usually unaware of. Without a doubt, in order to create an insurance product it is important to involve independent experts specialized in countering cyber threats, who have access to unique data sources for crypto exchanges’ security assessment. Cryptocurrency exchanges collaborating with Group-IB help us create a more detailed cybersecurity profile, which at the end of the day improves their security and attracts new customers.

Andrey Busargin

Andrey Busargin

Brand Protection Director at Group-IB

What is cryptocurrency exchanges’ security assessment?

Group-IB assesses cryptocurrency exchanges’ security with criteria such as level of technical security, the reliability of storage of keys, passwords, and personal data of customers. Group-IB also evaluates exchanges’ infrastructure and architecture in order to understand ways to counter potential threats. This assessment focuses on open source data — white papers, information about founders, security policies. In some cases, with founders’ consent, the assessment includes penetration testing using social engineering methods aimed at the network compromise through the most vulnerable link at any organization— humans.

It also takes into consideration the quality of the risk management systems, the availability of KYC/AML guidelines and independent ratings of the exchanges. Group-IB also creates an incidents map for every exchange. This map represents a detailed profile that shows the history of attacks on a particular exchange, any incidents involving fraud, attempts to compromise users or investors or any other information that can be found in Group-IB TI.

Initial scoring by CryptoIns includes the assessment of traded volume, traders’ activity, internal fees and other characteristics. Exchanges are then sorted into one of four risk groups based on the aggregated information. The first group is the least vulnerable, and the second and third groups are rated satisfactory and low in security risk, respectively. CryptoIns doesn’t provide insurance for users on the exchanges that find themselves in the fourth group.

Based on this classification, CryptoIns experts calculate insurance rates for different exchanges depending on the risk group. The most common rate is 1.9% with the maximum amount of 15BTC or equivalent in other cryptocurrencies that can be protected on one exchange. The insurance period ranges from 90 to 365 days. Protection can be renewed at the end of the period.

Currently, approximately 3,600,000 BTC are stored in user accounts on cryptocurrency exchanges, making this market highly attractive for hackers. Implementing insurance mechanisms in the cryptocurrency market is no easy task. One has to take into account many nuances, including those related to legislation. The challenge for insurers is how to cover emerging risks for customers in a young industry formed by completely new technologies and relationships between market participants. Collaboration with one of the leading international cybersecurity companies will help us organize and conduct pre-insurance evaluations of the exchanges in order to assess their security, as well as the potential for fraudulent activities on the part of the founders and management.

Timofey Volkov

Timofey Volkov

CEO of CryptoIns

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol and has been recommended by the OSCE as a cybersecurity solutions provider.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
Report an incident