Security has seemingly fallen by the wayside in the cryptocurrency goldrush, leaving an industry exposed to black-hat hackers who use a simple phishing attack to walk off with millions of dollars from cryptocurrency exchanges or initial coin offerings.

“Hundreds of millions of dollars are stolen from exchanges, and 10 percent of all the money [in ICOs] has been lost or stolen,” said Hartej Sawhney (pictured), co-founder and president of Hosho Group Inc., a global leader in blockchain security. “And there’s simply not enough platforms for this to be discussed.”

Sawhney spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during HoshoCon in Las Vegas. They discussed blockchain and cryptosecurity issues and solutions.

It shouldn’t be easy to lose $500 million

Hiring a chief information security officer is the first step to solving the security problem, according to Sawhney. “Most companies when you ask them who’s in charge of security, they point their finger at the [chief technology officer],” he said. “The CTO is in charge of architecting the software; you need to have somebody full-time in-house taking care of the security, ideally as [chief information security officer]. And if you can’t afford it, pay someone $5,000 to $10,000 a month as a consultant to come in for a couple of months and take care of your in-house security. These are basic things.”

In a live demonstration at HoshoCon, white-hat hacker Anand Prakash proved how easy it is to hack into a cryptocurrency exchange. “To have a white-hat hacker walk us through that opens up our eyeballs as to how easy it actually was for a Japanese exchange to lose $500 million,” Sawhney said. “That’s no small sum of money. And this industry is only going to survive if we together as a community come together and evaluate how was it that $500 million got stolen.”

Security will become even more critical as crypto hits the mainstream. Fortune 500 companies are evaluating how they are going to leverage blocks and technology in their businesses, according to Sawhney.

“They’re going to leverage decentralized applications and tokenization for already-running products that have millions of customers,” Sawhney said, predicting a huge paradigm shift to a world where using blockchain technology will be commonplace. Hosho is preparing for this by taking “a big turn toward catering, toward more publicly traded, large sophisticated companies.”

A partnership with telecom giant Telefónica S.A. and security network Rivetz Corp. is giving Hosho access to major entities worldwide through a bundled security package for mobile communications. The company has also innovated an open-source tool to find security vulnerabilities in smart contracts. Inspired by the lack of fast and powerful tools for smart contract protection, Hosho’s engineers created Meadow Suite, which was launched this month and is available on GitHub.

However, security goes beyond protecting your company, warned Sawhney, who believes every member of the cryptocurrency community could be a target for kidnap or ransom.

“People feel uncomfortable thinking about their physical security.” he said. “They think that ‘oh no, we’re in America; we’ll just call the cops.’ What about when we travel? What about when you and I are in a village in Thailand hanging out? You know we are microorganisms, and when microorganisms are hungry, they will do whatever it takes to eat. So, if they smell abundance, you and I are in trouble.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s independent coverage of HoshoCon 2018:

Photo: SiliconANGLE