As Nigeria braces to receive the e-Naira, which is set to be launched by the Central Bank of Nigeria (CBN) on October 1, 2021, many are starting to inquire about the security of this new digital currency and if it is vulnerable to hackers.
Nairametrics reviewed publications from the Central bank of Canada and interviewed security experts on the matter.
Securing your e-Naira would be by Proof of ownership, you could either keep them in a bank account, or you keep them in an e-wallet that contains the CBDC tokens’ “anonymous” private key. The e-Naira would be maintained in an account, the account’s distributor (usually a commercial bank) must validate your identification before opening the account. These KYC standards are in place to prevent money laundering, terrorism financing, and other financial crimes.
The big advantage of account-based ownership is that it reduces criminal activities and we know quite well how to effectively protect these accounts from hackers. Also, if an account owner forgets the password to the account, the money isn’t lost. Access to the account can be restored once the rightful owner has been identified beyond doubt.
But of course, the problem with account-based ownership of CBDC is that it is not anonymous and that in emerging markets (especially), millions of people do not have access to banks. There are legitimate reasons why people want or have to use physical cash as a medium of exchange and if we want to introduce CBDC as a true alternative (or substitute) of physical cash, there needs to be some form of privacy protection.
The Bank of Canada has done an excellent job of enumerating all of the dangers that a CBDC faces. In essence, the issue is that most criminals are unaware of how much money is kept in individual wallets. As a result, they gravitate toward the largest pool of money and tend to target the major cryptocurrency exchanges, banks, or, in the case of CBDC, the central bank itself.
In particular, hackers from countries like North Korea, who have already successfully hacked into the central bank of Bangladesh in the past, will be targeting CBDC networks.
According to the Bank of Canada report, the most straightforward way to steal CBDC is to seize control of the majority of nodes in a distributed ledger, allowing criminals to control all tokens. This is one of the main reasons why the CBN will most likely not employ a public network for its CBDC, instead opting for a permission network of participating banks and organizations that are tightly regulated and have the necessary security measures in place.
Nonetheless, computational power is always increasing, so what appears unhackable today may not be so in a few years. In fact, quantum computing is on the verge of becoming a reality.
What are the experts saying?
Access granted (name changed), a black hat hacker had this to say:
“Despite the fact that quantum computing is a work of fiction, the key security gap for any CBDC already exists. It’s you, of course.
“I tell them that modern cryptographic methods are so secure that I’m not concerned about them being constantly hacked in order to take digital money. When the largest security risk to digital currency is sitting in front of the computer, criminals just don’t need to put in the effort.
“E-wallets and cryptocurrency accounts, as well as any CBDC, will be owned by ordinary people and guarded by passwords. People also use bad passwords on a regular basis. Or they forget their passwords, which isn’t so bad if they have a bank account, but if they forget the password to their e-wallet, which contains all of their CBDC’s very secure cryptographic keys, they’re out of luck and have lost all of their money forever.”
Chuks Nwaneri Lead Developer/Security Expert for Quickair Networks Limited affirmed the notion that humans may be the weakest link.
“Like every other thing digital, one of the weakest links in security chain still remains the human element. Users would have to ensure a strong password is used to avoid easy guesses that can lead to the loss of their funds,” he said.
“There’s nothing that is 100% hackproof. While the blockchain itself as technology is among some of the technologies that are near unhackable, the way the e-Naira wallet is implemented might leave some vulnerabilities. And on that subject, let’s hope the CBN has done their due diligence to mitigate such,” he added
When asked how fast fintech companies will integrate e-Naira to their payment service, he stated that “The apex bank will have to make public documentation that would enable merchants and developers to work on integrating such into their platforms — website, mobile apps, etc. We’re expecting that this should be out by now or shouldn’t take long after the official launching come October 1st.”
Chuks also expects that the information from the e-Naria would be stored.
“I expect some degree of data gathering from the users via the wallet. That’s what the central bank wants to do in the first place, basically monitor transactions. It’s important to know that the blockchain offers a public ledger where anyone can trace the movement of money and, in the case of the CBDC being centralized, the apex bank can easily keep an eye on who’s sending what, to where, and how much is being sent. This is similar to what the commercial banks already know about us.”
“Now, this is where the real question comes in. While blockchain is strong and difficult to hack mainly because of its decentralized nature, the central bank digital currency takes a slightly different approach, it is built to be centralized. This leaves room for possible vulnerability as all it will take is someone to be able to gain entry or hijack that central point.
“People should know that the central bank digital currency is not actually a cryptocurrency. The big difference is the censorship there. A cryptocurrency is one that is not in the control of anyone. So, on that, I expect the government and the central bank, most especially, to ensure a close monitoring and proper management of the central point and the servers involved,” he explained.
Abolore Salami founder and CEO of RibyFinance said, “Naturally, for everything new, people will be defrauded especially in the early days. I also think this is a good opportunity for the CBN and government to expand digital inclusion and digital finance in all forms people currently utilize.
But the greatest battle Nigeria has now is the battle of Economic Inclusion (EI). EI should be Nigeria’s #1 focus right now with Financial Inclusion (FI) and other similar efforts even being second to EI.
When people are making money, great things happen. Agent Banking is a perfect example of this. Agents / Agency Banking has become a huge EI measure.”
He also commended the CBN for always moving fast and proactively, and making redress when such is needed, stating that with the e-Naira, the CBN should fully embrace FinTechs and work with industry players to make the industry successful as the CBN itself is now a FinTech.