This article is more than nine months old

How Fireblocks onboards big banks like BNY Mellon and BNP Paribas into crypto

How Fireblocks onboards big banks like BNY Mellon and BNP Paribas into crypto
Fireblocks is helping customers like BNY Mellon and BNP Paribas among others tap into crypto.
  • Fireblocks has expanded its services to make it easier for banks to tap into crypto.
  • The timing is notable, with more financial titans exploring the asset class and the crypto winter showing signs of thawing.
  • Still, banks hesitate to dive in amid risks associated with crypto, with some cutting off services to the industry.

When it comes to crypto, banks have a problem.

On the one hand, the asset class presents lenders with an opportunity to settle transactions swiftly, respond to demand for crypto services from customers, and delve into a potential wealth of investment opportunities in the $1.2 trillion market.

On the other hand, tapping into crypto means putting customers’ money at risk, pairing uneasily with the security and compliance standards banks must live up to.

Fireblocks is one of the firms trying to solve this conundrum. The digital assets infrastructure provider was founded in 2018. It secured an $8 billion valuation on the back of a $550 million Series E round in 2022.

It has set out to help existing customers including BNY Mellon and BNP Paribas tap into crypto.

Balancing the opportunities of crypto with the security of traditional finance solutions is no easy feat.

“[Crypto] looks like money, behaves like money, but it’s different,” Shahar Madar, head of security products and research at Fireblocks, told DL News.

“You have to find a way to follow the guidelines the banks already have. Mostly they want to innovate in this field, but they also are usually restricted in what they can actually do.”

Join the community to get our latest stories and updates

Fireblocks recently expanded support to get banks to onboard crypto services with a new integration for hardware security modules, as well as public and private cloud computing.

The timing is notable.

The crypto winter that has harrowed the industry over the past 18 months shows signs of thawing.

Bitcoin has soared 75% in 2023, and Ethereum is up 53%, according to CoinGecko data.

The surge comes on the back of growing demand for crypto among institutions, with digital asset investment rising by a staggering 71.5% since the start of 2023, according to CCData.

At the same time, investment powerhouses like BlackRock and Fidelity have pushed into the industry by filing to launch spot Bitcoin exchange-traded funds.

“The overall enthusiasm around digital assets is on an upswing,” Joshua de Vos, research lead at digital assets research firm CCData, told DL News this week.

NOW READ: Flashbots bags biggest funding round as VC crypto investments jump 30% — we ranked who won most in July

Still, the industry faces a US regulatory crackdown spearheaded by Securities and Exchange Commission Chair Gary Gensler, who has fired off a barrage of lawsuits against leading firms including Coinbase and Binance.

Elsewhere, politicians feud over forthcoming crypto laws and influential organisations like the Bank of International Settlements have questioned if there really is a need for crypto that is balanced by its risks.

NOW READ: Powerful central bank group says crypto ‘amplifies’ risks and contributes nothing to society

For some banks, the difficulty of holding crypto while maintaining security standards just isn’t worth the hassle.

Others, such as the HSBC-owned Hang Seng Bank in Hong Kong, are taking a hard-line stance and recently began limiting services to companies that deal with crypto. A similar pattern has emerged in the UK and Australia.

It’s against this background that Fireblocks is trying to woo financial institutions to tap into digital assets.

Crypto services like SWIFT

Fireblocks is trying to create ways for banks to use crypto assets with the kind of security provided by the SWIFT payment system, which most big banks use thousands of times daily to transfer money.

According to Madar, that task is more difficult than it sounds, especially when considering financial criminals.

“You need to be very conscious about the fact that [banks] are huge targets,” Madar said. “They know that, attackers know that, and we know that.”

The SWIFT payment system has several checks and balances in place to discourage attackers.

Any attacker who wants to hack into a bank’s systems to steal money must access the system and remain undetected for a long time, making it easier for the bank to spot them.

Crypto, on the other hand, presents more opportunities for digital thieves to do quick hit-and-runs for the same reason the asset class is so attractive in the first place — ease of use.

NOW READ: ‘Most attackers are sloppy’: critics slam decision to live-tweet Curve exploit

Holding and sending crypto is more straightforward than traditional money.

Assets are secured by password-like private keys that the owner directly controls, and can be sent by simply putting in the receiving address and hitting send — no matter if you’re transferring $1 or $1 million.

But that is also the problem.

“If you’re able to steal that private key, you win,” Madar said.

While crypto offers many benefits such as trustlessness and near instant finality, it is also less secure for banks than systems like SWIFT.

Fireblock’s infrastructure essentially tries to find a balance between the two by making sending and receiving crypto more similar to SWIFT.

Its solution is still non-custodial, allowing banks to retain control and ownership of their private keys and wallets, but adds more checks and verifications to mimic the SWIFT system.

According to Madar, flexibility is a priority. Banks won’t be able to use Fireblock’s software if it isn’t compatible with what they already have.

“What we allow is for a hybrid solution,” Madar said.

More sensitive core components are deployed within the bank’s own system, he said. Then the bank sends requests via API to Fireblocks’ software at multiple stages of each crypto transaction.

The result is a ping-pong of confirmations between Fireblocks’ servers and the bank or financial institution, which should make it incredibly difficult for any potential attacker to intercept, spoof, or otherwise compromise its crypto transactions.

While security is paramount, it’s also crucial to preserve the trustless transactions that blockchain technology offers, Madar said.

“It’s about making and being able to deploy and use a platform that’s zero trust,” he said, referring to a system that requires all users, whether in or outside the organisation’s network, to be authenticated and continuously validated for security.

While some banks have jumped at the chance to offer crypto services, more conservative banks and financial institutions are reluctant to use Fireblocks’ solutions because they require sending messages outside their own computer systems, Madar said.

The fear is any communication to entities outside of the bank’s infrastructure present a possible attack vector, or a way for information on the bank’s activities to leak.

DL News asked Madar if Fireblocks plans to cater to such institutions in the future.

“Never say never,” he said, while also acknowledging the challenges of creating such a security system.