The European carbon trading market has been suspended for a week after two million carbon credits worth €7 million (£6 million) were stolen by hackers.
The temporary closure, after repeated security breaches, marks a serious failure for the trading system, which is part of a European strategy to provide incentives for utilities to reduce their use of fossil fuels. Carbon trading schemes rely on moves to increase the price of carbon, but create a new currency with new opportunities for fraud.
A spokeswoman for the EU said that 14 of the 27 national trading registries need to boost their online protection “to minimum standards”.
In a statement, the EU said the closure of the registries is a “transitional measure” taken “in view of recurring security breaches in national registries over the last two months”.
Hacking attempts listed in the document mention one on Austria’s registry last week and the theft of 1.6 million credits from Romania’s registry last November. As the various robberies were spread over eight weeks, it is assumed that other credits have been stolen but the total has not been disclosed.
The trigger event for the closure was the theft of the 475,000 allowances reported by a Czech carbon trader, Blackstone Global Ventures. The firm said that the stolen credits were transferred to Poland last Tuesday, then to Estonia, onwards to Liechtenstein after which the trail disappeared.
Alan Bentley, international senior vice president at operational endpoint security specialist Lumension, said that the theft may be worrying but the fact that a trading market has been paralysed is of greater concern.
“If the registry has been polluted by hackers, the market is in trouble,” he said. “The registry holds allocations for each EU country, meaning that if the integrity of that data has been compromised, it will be difficult to switch the market back on.”
The seven day suspension of the registries – until at least next Wednesday – is an initial measure but the EU spoleswoman said that it will remain closed until the security systems are all in place.
“There is an obvious need for organisations that support critical infrastructure, to use more intelligent security defences,” observed Bentley. “Markets have contended with balancing their agility whilst incorporating bleeding-edge technology that errs on the side of caution.”
The thefts are particularly embarrassing for the EU which is on the verge of combining the registries and also has a major cyber-security initiative underway.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
William Beer, OneSecurity, PwC, said:
"Clearly, the hackers have exposed a significant lack in information security standards across international registries, so it’s obvious that the European Commission will have to mandate much tighter security measures that all member states will need to adhere to.
"The Commission put the size of the theft at as much as €30m. With the level of disruption caused, any investment in prevention would be relatively small in comparison to the size of the loss. Investment in security measures can pay for itself many times over and can help in protecting corporate reputation as well as reducing incidents of theft, loss and fraud."