GK8 takes fresh look at digital asset protection

The best way to help financial institutions secure digital assets is not to improve on existing technologies but to actually solve the problem outright, Lior Lamesh said.

Mr. Lamesh is the cofounder and CEO of GK8, a cybersecurity company offering custodian technology for managing and safeguarding digital assets. The best part is the entire process, including sending transactions to the blockchain, can be done without an internet connection.

The idea for GK8 grew from an experience Mr. Lamesh and cofounder Shahar Shamai, both former cybersecurity experts for the Israeli Prime Minister’s Office, had when they encountered what they were told at the time was a secure crypto wallet, one which at the time managed billions of dollars in assets. And they hacked it.

“We were so surprised by that,” Mr. Lamesh recalled. “People thought of it as a state of the art solution.”

Lior Lamesh

The seeds were planted to develop a solution which provides banks and financial institutions with a self-managed solution that offers the same level of security they see with their non-digital assets. Once digital assets are gone, they’re gone for good, so your security better be tight.

Part of the philosophy behind GK8 technology is to make the act of hacking not worth the effort, Mr. Lamesh explained. Given the growing value of digital assets in many custodians’ care that means making it prohibitively expensive. If hundreds of millions of dollars are available, hackers will have no trouble spending a few million for a good shot at it. Make it more expensive and time consuming while significantly decreasing the chances of success and they move on.

Assets are most at risk of theft when they are in transit. Change the whole design of how they are transferred and you are really on to something.

“We tried to think if it could be an option to make a fully operational system to communicate with the blockchain without the need to be connected to the Internet at any point,” Mr. Lamesh said.

Other solutions need to be connected to the Internet at some point, so Mr. Lamesh and Mr. Shamai developed a solution which allows users to sign and send blockchain transactions without the need of being connected to the Internet so it is not exposed to any attack vector.

So far things are working out well, Mr. Lamesh said. GK8 technology guards more than $1 billion worth of digital assets and provides banks with the same level of service for their digital assets they have with more traditional ones.

Up until now you had to choose either a hot or cold wallet. Any cold wallet needs to be connected at some point with bi-directional connectivity to complete a transaction so the cold wallet becomes hot at some point. The best hot wallets are based on multi-sig or multi-party computation. Instead of one private key or shard being involved, two or three computers might be involved. While more difficult for a hacker, the $2-$3 million it would cost is well worth it if $10 or $100 million are at stake.

“If it’s not secure enough there’s too much incentive,” Mr. Lamesh said. “I can assure you in the upcoming years these kinds of solutions will be compromised for sure because hackers will be incentivized enough to do so.”

GK8’s solution, which includes seven pending patents, includes only outbound unidirectional connectivity to send already signed transactions. Current clients include eToro, Prosegur and INX.

“That’s why it’s impossible to compromise our system because there is no way to reach it,” Mr. Lamesh said. “You can’t hack what you can’t reach.”

GK8 serves clients with a range of familiarity about digital assets. More traditional ones who want to invest in digital assets have some fears because they may not completely understand the technology and wonder how the rules they must function under will adapt in the digital space.

With the end-to-end solution from GK8 they can essentially plug and play. It combines a cold vault which is never connected to the Internet managing a majority of the assets. A second layer multi-party computation process manages the remainder so the hacker doesn’t have enough incentive to go after the smaller sum.

“We never let hackers have enough incentive to even compromise the solution,” Mr. Lamesh said.

Combine that with an API and SDK which is integrated with endpoint applications and it’s all the technology a new entrant needs. After a few days of installation and training the bank is ready to go, with the assurance of $500 million per vault in insurance and systems assessed by industry leader Chainalysis.

“Thanks to our experience with the giants already working with us, we’re very experienced with how should these banks manage these situations, how should they define groups of employees, what should exactly be the policies and how should it all work togethers,” Mr. Lamesh said.