With the dependence VeChain has been bestowed by its clientele and partners it is our job to be innovators and trend setter for security, assurance, and preparation. It is with that commitment that VeChain spearheaded the first Cryptocurrency Disaster Recovery Plan (CDRP) that meets the demands of accredited firms. This is the first of its kind in the world and sets a standard for corporate level DRP and risk management of internal or external controls on blockchain solution and cryptocurrency assets both on digital and physical wallets.

1. Purpose of CDRP

Considering the unique and special attributes of cryptocurrency, VeChain Foundation (the Foundation) designed the world’s first Cryptocurrency Disaster Recovery Plan (CDRP). The criteria of this plan had to ensure a large volume of daily transactions in large amounts, referencing SOX 404, System and Organisation Controls (SOC), ISO 27001 as well as the key lifecycle management controls from WebTrust standards to comply with the needs of large enterprise users and meet regulatory requirements.

2. Definition of CDRP

In the CDRP, the Foundation has defined different types of threat scenario bases on its severity and likelihood, and corresponding controls and procedures to protect the crypto assets from from these threats.

Type I — Adverse Event (low risk): Adverse events are observable occurrences in a system or network with a negative consequence. These events do not directly affect the security and integrity of digital wallets or private keys, and usually can be mitigated by limited procedures by the operator immediately. Examples of adverse events include:

Loss of exchange account login password

System crashes on the devices storing digital wallets

Detection of virus or malware in the network

Detection of suspicious activities or attack attempts from the Internet or internal networks on the devices that do not store digital wallets

Type II — Security Incident (medium risk): Security incidents refer to a violation or imminent threat of violation of VeChain’s security policies, which may result in direct impact on the security and integrity of digital wallets or private keys. It usually requires more participants to work in unison to recover the digital wallet through keystore restoration procedures, or re-backup the private key under the monitoring of independent parties. Examples of adverse events include:

Unauthorized use of system privileges or access to sensitive data in the network

Devices that store digital wallets are affected by virus or malware

Hardware damage of the computer or USB drive that stores the keystore files

Loss of digital wallet transaction password

Type III — Private Key Compromise (high risk): The compromise or suspected compromise of the private key or keystore file due to security incidents, confidentiality breach, network compromises, natural disaster or man-made disasters, that will cause significant direct impact on the security and integrity to digital wallets or private keys. If any Type III event occurs it will immediately trigger the procedures defined in the CDRP to replace the digital wallets, and transfer all crypto assets to the new addresses. This includes the compromise or suspected comprise of private keys, keystore files or exchange account passwords and 2 factor authenticator.

The Foundation uses two types of cryptocurrency storage methods, i.e. hot wallet for daily operations and frequent expenditures, and the rest is stored in cold wallets.