SEC proposes new crypto rules for exchanges to protect users from hacks

SEC proposes new crypto rules for exchanges to protect users from hacks

The Securities and Exchange Commission is outlining new cryptocurrency accounting standards that would protect crypto assets held by companies for users against hacking losses. This move comes as more trading platforms allow users to deal in crypto and hacks continue to occur.

In a new accounting bulletin published Thursday, the SEC said there are risks with safeguarding crypto assets and noted that crypto assets change hands and prices very quickly, making them different to protect than more traditional financial assets. The SEC also noted there are far fewer regulatory requirements for exchanges or companies holding crypto assets on behalf of users, and that they may not be complying properly with regulations, increasing risks to investors.

The SEC advised that an exchange or company holding cryptographic key information for a user or users’ crypto assets in digital wallets should account for those as a liability at fair value of the crypto assets on their balance sheet and warn investors of the risks of safeguarding those assets. Financial statements should include clear disclosure of the nature and amount of crypto assets that the exchange is responsible for holding for users, with separate disclosures for each crypto asset, and the vulnerabilities the exchange has, the staff wrote.

Let see how this turns out

1 Like

People should have far better technology to secure their private keys. First off, there should not be an easy way to export keys from a wallet, instead you should hold your crypto in a smart contract that authorizes one or more keys/addresses and require more endorsements depending on the size of the transaction. Then we can finally generalize from people to organizations. See our work in this area:

3 Likes

I’ve always thought the security in metamask was kind of – lax. We are giving up the option for legal recourse when we choose to transact in crypto; you’d expect the technology to be more secure to make up for it, but no. Millions of dollars stored in a browser wallet where it takes a few button clicks to expose your seed phrase. Yes we can call users stupid for falling for phishing scams but am I crazy or was making something “idiot proof” generally accepted as a design principle?

2 Likes

Any extension wallets I use are linked to my ledger so any transactions need to be signed by physically pressing the wallet. It is a bit clunky and a pain sometimes but at least I can sleep well :joy:

1 Like

Are ledgers safe? I haven’t seen any publicized hacks so I’ve been thinking about getting a ledger but not sure if it’s just because I haven’t heard of any

1 Like

Your keys never leave the device so to sign any transaction you need to have physical access to the ledger itself, so even if your computer is compromised you are good.

The only “hack” you will read about is where someone has gotten access to the ledger in transmit then setting it up and printing out a legit looking card with the keys written on them. As long as you buy it direct from ledger and it hasn’t been tampered with you should be good.

Computer literacy is something that should come first in the 21st century. Blindly trusting a bright website is not okay. Metamask is an excellent tool, with excellent functionality and quite sufficient in fact. But it still has room to develop.

1 Like

Ok cool yeah I’m DYOR but this is good to know

1 Like

Yeah, it’s better to have two levels in my opinion: one one level are keys that are on user-operated devices, and this is used to access the “keychain” which is on level 2: on the blockchain. That way we can explicitly manage all this governance for one account.

1 Like

They will give out your email and contact info. But otherwise safe.

We are actually looking to collaborate with developer’s here in the [inter_coin] network and community in order to integrate and deploy a smart contract as our ledger, defining a common interface for our local client transaction call and global authentication method that our authenticated end-user exercises. The client would be pre–installed with deep-link metadata ,a web3app browser plugin, or FIDO Authentication that can be called through any browser using a zombie-cookie API. Different authentication methods such as secure PIN, biometrics (face, voice, iris, fingerprint recognition, etc.) and second–factor devices can be “plugged in” via this standardized interface into the client side. The deep-link smart contract would send a query call to our biometric_ agreement api that randomizes a snippet string return {autho} to the next ledger .node with a (ai) generated key-code that is set to re-randomize after node is opened then split\break the key-code in half once the agreement is validated to the smart-contract block-id! The protocol is based on standard public key cryptography… I look forward to any insight of feed back on this .
Cheers’

1 Like