This new insurance is designed to cover any cases in which a bad actor was able to gain access to either Curv or the customer’s shares, both of which would be needed in order to sign off on an illicit transaction. As is stated in the press release:
“Even in an extreme scenario where both networks’ shares were somehow simultaneously compromised and a transaction were initiated outside of the corporate policy, Curv’s insurance would kick in to cover the loss*.”
One notable feature of Curv’s crypto wallets is that they do not use private keys, which is a common means for a user to access their encrypted data. Adrian Bednarek, a senior security analyst at Independent Security Evaluators (ISE), recently discovered that a so-called “blockchain bandit” was stealing Ethereum (ETH) by exploiting users with weak private keys, which Bednarek describes as both “your user ID and your password at the same time.”
In contrast, Curv uses multi-party computation (MPC) protocols that reportedly do not rely on just one username/password combo (private key) for accessing secure data. Curv also provides one omni-purpose wallet rather than separate cold or hot wallets.
As recently reported by Cointelegraph, major American cryptocurrency exchange Coinbase recently disclosed its hot wallet insurance coverage, which can cover up to $255 million in the case of loss due to malicious activity.