The Australian Securities Exchange (ASX) has issued a warning to investors keen to buy into the crypto scene, especially regarding the security of private keys used to access digital funds.
In a submission [PDF] to the committee seeing Australia as a technology and financial center, ASX said it would be worthwhile to determine whether investors understand the risks and rewards of owning digital assets through a custodian or ‘a stock exchange operating as a depository.
Digital assets are associated with a user through an address, the “owner” being the one with the address.
“The user’s address is a mathematical derivation of their private key, which in turn is derived from a random seed. The user must keep their random seed secret to prevent other users from deriving their private key and access the address associated with its digital assets, ”ASX explained.
“Indeed, access to the private key of an address will confer custody of the underlying assets to that address. In this sense, access to the private key can be equated with a legal title.”
See also: We’re Not Flying To Mars: ASX On Using Distributed Ledger For New CHESS System
ASX added that it was concerned that many users would leave their digital assets on a crypto exchange, with the private key held by the exchange, leaving the user vulnerable to security breaches on the exchange or the risk that their assets may be treated in an undisclosed or unauthorized manner.
Likewise, he said that the fact that private key access determines a user’s access to digital assets raises challenges in the secure storage and management of private keys by crypto exchanges.
“In most cases, the custodian of the underlying digital assets is the exchange itself, and the user does not have access to their private key unless they choose to transfer their digital assets to a remote address of the exchange, and for which it directly manages the private key, “he continued.
Crypto exchanges, the ASX said, are no different from other businesses that may be subject to cybersecurity risks, as a number of recent examples of breaches can attest. However, those who wish to keep their crypto themselves in a “hot wallet” are also vulnerable.
ASX believes that a more regulated environment could counter some of these risks.
He asked the committee to review and recommend measures to meet disclosure requirements regarding crypto assets, including disclosure of the terms of custodial agreements – whether through a crypto exchange or otherwise – and the main risks for users.
He also suggested reviewing core standards and requirements for digital asset custodians, including with respect to capital, technology, operations and governance issues, as well as insurance requirements for digital assets. independence for custodians of digital assets, with respect to matters such as the legal title of crypto assets left on the exchange.
“In saying this, we also note that crypto assets and crypto exchanges are subject to inconsistent, and in some cases minimal, regulation globally,” he continued. “Any measure such as those discussed above should be seen in the context of the broader regulatory framework deemed appropriate, taking into account the nature and risks associated with these assets and activities. “
The Australian Transaction Reports and Analysis Center (Austrac) obtained authorization at the end of 2017 to extend anti-money laundering and terrorist financing regulations to cryptocurrency exchanges.
As a result, digital currency exchange service providers must apply the same obligations as other companies in the financial industry and are required to identify, manage and mitigate the risks of money laundering, terrorist financing and other serious crimes. They are also required to report suspicious facts to Austrac.
Appearing before Senate estimates in May, Austrac said it had received 4,200 reports of suspicious business from registered digital currency exchange providers. In response to questions asked on notice, Austrac revised this figure to 4,722 between May 25, 2020 and May 24, 2021.
“As part of their anti-money laundering and anti-terrorist financing obligations, digital currency exchange service providers must submit [suspicious matter reports] whether a suspicion is formed in relation to a transaction or to a person, “he explained.
As Austrac gives direct access to its database to state and Commonwealth law enforcement agencies, however, it said it often does not have visibility of reports that lead to operational results.
In line with remarks made by ASX, Austrac said digital currency exchange service providers operating in Australia were at risk of being exploited by criminals.
“Unregulated offshore digital currency / virtual asset service providers will continue to be attractive for criminal exploitation,” he added.