Bridge or Breach: Unpacking TradFi/ DeFi Collaboration Risk

Ashurst’s Simon Williams, Counsel for Digital Assets & Financial Innovation, returns for Part 2 of the DLT (Digital Ledger Technology) podcast series and is joined by Meredith Fitzpatrick, former FBI Special Agent, and now Forensic Risk Director of Cryptocurrency at FRA.  

Simon and Meredith discuss how traditional finance (TradFi) and decentralised finance (DeFi) are working together and explore the risks that arise from these collaborations, when two worlds collide and how to manage those risks. ‍

Cybersecurity and Operational Risk  

The pair discuss how cybersecurity risk in cryptocurrency isn’t the same as it is for traditional finance – it’s fundamentally a cyber risk because assets are digital and often, irreversible once lost.  

_{Meredith explains, “If they can exfiltrate funds from the wallet - because of the irreversible nature of the blockchain - they're gone. There isn't a help desk at a corresponding bank that you can call to try and freeze the funds and get them back.”}

However, there are some exceptions. Meredith goes on to explain, “There is a bit of nuance to what I just said. So if it is going from centralised cryptocurrency exchange to another centralised cryptocurrency exchange, that is a specific scenario where maybe there is that help desk type of situation. But for the most part, that still requires the funds being sent back is that once they are sent out.” Thus, because of the irreversible nature of the blockchain, and the fact that these assets live online, there is a much higher impact when funds are stolen or unintentionally transferred.

Meredith highlights the importance of securing assets, “Think about securing these assets, it's really your cybersecurity posture. So what is your two-factor authentication? How do you think about your hot storage versus your cold storage? Things of that nature. So really thinking about your cyber hygiene.”

The increasingly common issue of supply chain hacks is where a provider’s systems are targeted and compromised - the target is not necessarily the core platform but that of a supplier.  

In addition to supply chain hacks, and those that are highly sophisticated technical attacks, human factors - through social engineering - also remain a major vulnerability.  

‍Technology Risks

Meredith details how public blockchains differ from private blockchains.  

^{“I would say from a cybersecurity perspective for public blockchains, because it's distributed, I am not as worried about the actual blockchain getting hacked. I would think more about that cryptocurrency platform needing to have really robust cybersecurity when it comes to their hot wallets.”}

She then goes on talk about the flipside, “When it comes to private blockchains, that's when different types of threats come in. So, insider threats or the fact that because there isn't as much computing power behind it, the risk of somebody wanting to do a 51% attack and then rolling back the blockchain so it is then having a different ledger take over. It's really up to the companies to do a risk assessment as far as the business need for the private blockchain.”

Meredith states how private blockchains bring different threats, like insider misuse and the pair discuss how organisations need to assess access control, identity/permissions, and vendor risk carefully when using private DLT systems.

Cultural Differences

Meredith explains how TradFi is often seen as ‘slow’ and ‘highly regulated’ verses the perception that DeFi start-ups ‘prioritise speed’ and ‘innovation’.

^{She explains that both sides are adapting; “crypto currencies are maturing compliance functions and TradFi is learning new tech paradigms.”}

Meredith’s view is that successful collaboration depends on mutual understanding of risk culture and setting governance standards.  

Regulatory landscape

Regulators are increasingly taking a tech-neutral approach, whether using public or private DLT, Simon and Meredith discuss how the risk must be addressed.  

They go on to explore how cryptocurrency regulation is rapidly evolving and consider how collaboration between TradFi and DeFi will depend on aligning regulatory expectations. Simon and Meredith recognise that differences in standards still exist, posing challenges for globally interconnected financial players.

Conclusions on collaboration  

Meredith and Simon conclude that TradFi-DeFi collaborations are happening and growing, but they must be underpinned by robust risk management, cybersecurity, and governance frameworks. Cultural differences and evolving regulations add complexity but also push both sides towards more mature practices.  

To listen to the podcast, click here.

To listen to Part 1 of the podcast, click here.