Bakkt to Acquire DACC & Partner With BNY Mellon

DACC acquisition will help Bakkt to develop a solution for secure storage of assets & BNY Mellon will help to create geo distributed system of private keys
30 April 2019   734

Institutional Bitcoin Futures Platform Bakkt announced the purchase of Digital Asset Custody Company (DACC), and reported on the partnership with a large American bank BNY Mellon.

As operational director Adam White writes in the company's blog, Bakkt acquired the DACC to further develop a solution for secure storage of digital assets. According to him, the DACC team shares the desire of Bakkt to put security at the forefront, and will also be able to share valuable experience in developing secure and scalable custodial solutions.

He also made it clear that with the purchase of DACC, the Bakkt offer could be expanded to other cryptocurrencies.

As we look to scale and support custody of additional digital assets, DACC’s native support of 13 blockchains and 100+ assets will serve as an important accelerator, and we’re pleased to welcome Matthew Johnson, Adam Healy, and the entire DACC team to Bakkt.

Adam White

COO, Bakkt

In order to solve the problem of storing assets, Bakkt also entered into a partnership with BNY Mellon, with which it is working to create a geographically distributed system of private keys.

BNY Mellon has a longstanding history of safeguarding the assets of institutional clients such as hedge funds, asset managers, and broker dealers, and we’re excited to work with them.

Adam White

COO, Bakkt

Additionally, Bakkt has provided insurance coverage for assets that it will store in cold wallets.

Bakkt uses both warm (online) and cold (offline) wallet architecture to secure customer funds. The majority of assets are stored offline in air-gapped cold wallets that are insured with a $100,000,000 policy underwritten by leading global insurance carriers. 

Adam White

COO, Bakkt

Adam also reported about cybersecurity program of his company.

Bakkt leverages one of the world’s most sophisticated cybersecurity programs, and the same systems that protect the New York Stock Exchange. Threats are identified from a “red team first” perspective and managed by a global team of security specialists. These experts collaborate closely with law enforcement and the global intelligence community to identify, analyze and prevent attempts at inbound intrusion.

Adam White

COO, Bakkt

As a result, Mr. White said, a program continuously adds controls to prevent the unauthorized access, disclosure, destruction, modification, or disruption of company data and prioritizes protections from a threat-objective driven approach.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   975

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.