Everything you need to know about cryptographic key management

0


Blockchain and cryptocurrencies are certainly not new terms or ideas. Since 2016, cryptographic valuation, cryptographic taxes, cryptographic reports and blockchain for accounting and auditing practices have emerged in conversations in articles, magazines and podcasts, on YouTube channels and in each accounting-related conference. However, even with all this talk, two critical aspects of how blockchain, cryptocurrencies and accounting overlap remain in the background: key management and custody practices.

Not being familiar with the keys and key management, many have not been something that the CPAs thought would be a prerequisite for offering advisory services at the beginning of the blockchain and cryptocurrency movement, but now, it is more than a requirement. Key management and compliance are undoubtedly possibly the most important areas in which CPAs can add value to any customer involved in the cryptocurrency space.

What are private keys or keys?

The first thing to understand about private key management is how it connects to bitcoin and other cryptocurrencies. In general terms, and even including stable currencies (cryptocurrencies backed by other real-world assets, such as gold, oil or US dollars), the only way to definitely prove ownership of cryptography is through private keys.

While this may sound abstract, this is no different from how cash works; Cash is a fungible asset whose ownership depends on who is in physical possession of the asset. In other words, if your client does not have custody of their private keys and robust controls to safeguard these assets, they are putting themselves at risk. And, ultimately, you can return in guilt when you land on your desk. This should be the first thing you talk to any client, current or future, who is interested in owning, making transactions or dealing with cryptocurrencies.

After understanding what the keys are and where they fit in the wider cryptocurrency space, the next step is to understand where and how these keys can be stored.

Key storage

It may seem relatively simple, given what has just been said, to understand what the keys are, but storing these keys can be a complicated matter. Many individual clients who have invested in bitcoin or other cryptocurrencies, in most cases, may not have personal property or custody of private keys due to the fact that they have done so through exchanges such as Coinbase. In these situations, the cryptocurrency exchange actually has the private keys of investors, as well as the way in which traditional brokerage firms have custody of the funds and accounts of investors.

If it is the case with your cryptocurrency client, that makes the conversation simpler, and can focus on reporting, tax implications and making sure records are maintained properly. Leaving that scenario aside, and assuming you have a customer that holds the keys of an exchange, which is not so unusual if your customer is paid in cryptocurrencies for goods or services, the conversation is a bit more complicated. Let's take a look at some of the options that exist.

Before discussing what types of wallets there are, it is important to realize that there are no cryptocurrencies actually stored in a cryptocurrency wallet. However, these wallets point to where the cryptocurrencies are stored in the underlying blockchain.

There are several different wallets that customers could be using, and it is important that each professional have at least a practical knowledge of these options:

Hot wallets: What a hot wallet represents is something more like an online access portal or website than a physical or virtual security tool. These are accessible online and are configured to be used on a desktop computer, laptop or even mobile devices, but with these levels of convenience they also carry greater risks. Perhaps highlighted in the most prominent way by hacking in Binance during May 2019, these types of wallets are not protected by blockchain encryption, only by passwords.

-To take the professional: advise your clients to never store cryptocurrencies in a hot wallet or that they only keep the amounts they plan to use or that they can tolerate losing.

Cold Wallet: A cold wallet is called that because of its Internet connection or other online portals; Think of it as a specialized USB drive. The advantage and key benefit is that, since you are not connected to the Internet, there is a much lower risk of being hacked remotely. However, this is not a 0 percent risk, since if a cold wallet is connected to a computer infected with a virus or other malware, it could be infected that way. Given that risk, it is always recommended to ensure that the cold wallet has an integrated component that can help you resist or even prevent this type of piracy.

-To bring practitioners: what cold wallets lose in comfort are able to compensate for data security, but that does not reduce the risk to 0%; Practitioners still need to be active participants in this conversation

Paper wallets: Apart from the naming convention, it is not necessary that the keys stored in a paper wallet be written on sheets of paper. In addition to the risk of degradation over time, there are better options for storing information securely. Paper wallets may have private information engraved on pieces of wood or even stamped on sheets or metal, but there is a touch of irony that must be recognized. Many of these, due to the fact that the keys are actually attached to a physical product, must be stored and secured, and generally stored in a safe deposit box. In other words, the cryptocurrency is required to be stored in the same institution that was destined to interrupt.

-To take the professional: paper wallets are the safest form of storage compared to hot or cold wallets, but limit the accessibility of funds. They also require that physical storage security protocols be implemented.

Cryptocurrency storage and key management are areas of rapid growth; However, they can often fly below the radar. For professionals to offer a comprehensive set of cryptocurrency or blockchain services, they must understand them and it is also necessary to be able to understand and give advice related to the management of private keys.



Leave A Reply

Your email address will not be published.

five × 5 =