Amid the crypto industry's myriad obstacles, hacks still rank at the top of the list. Despite the bear market, last year saw a historic spike, with nearly $4 billion stolen by cybercriminals, according to the analytics firm Chainalysis.
CAT Labs, a crypto crime-fighting startup founded by former Department of Justice special agent Lilita Infante, announced an initiative today to combat hacking, with backers including the digital asset custody provider Fireblocks, the crypto fund of funds Amphibian Capital, and the insurance giant Lockton.
In an interview with Fortune, Infante said she put together the initiative because of the volume of calls she received from investors and insurance companies about mitigating cybersecurity risk, which presented a roadblock for them to work with crypto firms. CAT Labs is focused on digital asset recovery, putting it in frequent contact with companies that have lost money through hacks.
Cybersecurity certifications such as SOC and ISO standards serve as a shortcut for companies seeking funding and underwriters, offering assurance that the firms have at least a baseline of cybersecurity measures in place. Even so, Infante realized the popular certifications weren't sufficient for the crypto industry, where many of the hacks stem from vulnerabilities not addressed by existing certifications, such as the management of private keys and multifactor authentication for signing transactions.
The CryptoCurrency Certification Consortium, or C4, does have a more tailored standard called CCSS, which the consulting giant Deloitte and the cybersecurity firm Halborn both trained as certifiers. The standard, however, still has limited adoption in the crypto industry.
"People have dollar signs in their eyes during the bull market," Infante said, arguing that investors did not push for potential portfolio companies to adopt the standard when funding and term sheets were flowing. "Now that things have calmed down a little bit, we're starting to sit down and think, 'Okay, what are the major issues that this industry is facing.'"
While the CCSS standard may not address frequent sources of crypto hacks, such as code exploits and protocol attacks, it would help mitigate risks with private key management. Infante said she hopes the initiative will help CCSS become the "gold standard" for the industry and is partnering with C4 with the goal of advancing cybersecurity standards that will in turn attract more participation from insurance companies and venture firms wary of hacks. It could also help mollify regulators, such as the Commodity Futures Trading Commission, which has begun to hone in on crypto firms' cybersecurity risks.
"It is initiatives like these," Fireblocks CEO Michael Shaulov said in a statement shared with Fortune, "that will solidify the security infrastructure necessary for digital asset custodians, crypto hedge funds, and other businesses in our industry."
