Skip to main content
banner image
venafi logo

Digital Currency Hit by Expired Certificate — Root Cause for Prolonged Outage

Digital Currency Hit by Expired Certificate — Root Cause for Prolonged Outage

eccb-expired-certificate
March 17, 2022 | Brooke Crothers

DCash, a digital version of the Eastern Caribbean dollar (XCD), is working again after being down since January 14. The two-month outage happened when the identity certificate on nodes in the Hyperledger Fabric network expired.  

What if you could eliminate certificate outages forever? Learn about our No Outage Guarantee!
">

DCash is a central bank digital currency (CBDC) commissioned by the Eastern Caribbean Central Bank (ECCB), which is the monetary authority for a group of island economies including Antigua and Barbuda, Grenada, St Kitts and Nevis, Saint Lucia, and St Vincent and the Grenadines.

When rolling out the DCash digital payment platform last March, the ECCB partnered with banks, credit unions, and businesses. Bitt Inc was commissioned to develop the CBDC.

Responding to the outage in January, ECCB said that the DCash platform “experienced an interruption in service that has affected all users.”

About two months later, on March 9, the ECCB issued an advisory saying “full functionality of the DCash digital payments platform has been restored.”

A major part of the fix was better certificate management.

“As part of the restoration, the platform now benefits from several upgrades including an enhanced certificate management process and an updated version of the software which provides the foundation for the DCash system,” the ECCB said.

A “Bold Caribbean Experiment in E-Cash”

When the ECCB announced the pilot program it explained:

The pilot involves a securely minted and issued digital version of the EC dollar - DCash. The objective of this pilot is to assess the potential efficiency and welfare gains that could be achieved: deeper financial inclusion, economic growth, resilience and competitiveness in the ECCU - from the introduction of a digital sovereign currency.

Then things went south in January.

“This is an important case study in things that can go wrong in the rollout and expansion of a digital currency,” Josh Lipsky, the director of the Atlantic Council’s GeoEconomics Center, told Bloomberg in an article titled "A Bold Caribbean Experiment in E-Cash Hits a Major Obstacle."

 “Every country trying do a large rollout has had problems,” Lipsky added.

The problem was related to an expiring certificate on the version of the Hyperledger Fabric that hosts the DCash ledger, which “forced the bank to roll out updates,” Karina Johnson, a DCash project manager at ECCB, said in an email to Bloomberg.

How to deal with expired certificates

Expired certificates not only cause outages but can also act as the gateway for criminals to infiltrate corporate networks, notes Pratik Savla, Lead Security Engineer at Venafi.

“Not only can expired certificates cause unplanned system or service outages as has been seen several times over in different incidents, but what is not equally well-known is that they can also open the door through which malicious actors can find entry into one’s environment,” Savla said.

Proper and timely renewal of expired certificates is key to mitigating man-in-the-middle attacksnotes Savla. “The first step is to make sure that you develop and continuously update a detailed certificate inventory. Next, expiry notifications should be setup to ensure it reaches the right owners ahead of time. This includes a set period starting at least a month before the expiry date for non-critical systems and starting with at least two months before the expiry date for systems deemed critical.”

Related posts

Like this blog? We think you will love this.
twitter-api-key-bot-army
Featured Blog

Researchers Find 3,200 Apps Exposing Twitter API Keys, Cite ‘BOT Army’ Threat

Key Findings:

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more