Halting RM41b in crypto theft key to growth, KPMG says


LOS ANGELES • The cryptocurrency market needs to improve how it secures digital assets for the US$245 billion industry to keep growing, according to KPMG.

At least US$9.8 billion (RM40.96 billion) in digital assets have been stolen by hackers since 2017 because of lax security or poorly written code, the accounting firm wrote in a report released on Monday.

Adoption of cryptocurrencies such as bitcoin and ether, among institutional investors, has led to competition for a place in portfolios, making safeguarding the tokens more important than ever, KPMG said.

“Institutional investors especially will not risk owning crypto assets if their value cannot be safeguarded in the same way their cash, stocks and bonds are,” Sal Ternullo, co-leader of KPMG’s crypto-asset services and co-author of the report, said in a statement.

Among the first companies to offer custody services for crypto are Fidelity Investments Inc and units of the exchanges run by Intercontinental Exchange Inc, Coinbase Inc and Gemini Trust Co.

Cryptocurrencies are a bearer instruments like cash or certain type of bonds, meaning whoever holds them is the owner. Yet the thing that’s held — known as a private key — is a random string of characters kept in a digital wallet or on a piece of paper.

When a user loses that key, or has it stolen, the asset is gone forever. That makes key custody a challenge for traditional financial firms accustomed to guarding non- digital assets.

“As crypto assets proliferate, custodians have a tremendous opportunity to profit — both by earning management fees for delivering straightforward custodian services, and also by offering adjacent services only possible in the emerging crypto ecosystem,” KPMG said in its report.

The industry needs to contend with heightened rules on storing cryptocurrencies for customers, KPMG said. As with all financial transactions, banks and brokers must abide by know-your-customer and anti-money laundering rules.

Even established financial institutions with mature compliance programmes in place must “enhance their methodologies to address the unique considerations for crypto assets and related data-management challenges”, according to the firm.