Bitwise Ethereum ETF 10-K Cybersecurity GRC - 2025-03-17

Page last updated on March 17, 2025

Bitwise Ethereum ETF reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-17 17:25:43 EDT.

Filings

10-K filed on 2025-03-17

Bitwise Ethereum ETF filed a 10-K at 2025-03-17 17:25:43 EDT
Accession Number: 0000950170-25-040492

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyb ersecurity. Risk Management and Strategy The Trust’s cybersecurity risk management is established and governed by the Sponsor. The Sponsor determines and implements appropriate risk management processes and strategies as it relates to cybersecurity for the Trust and the Trust relies on the Sponsor for assessing, identifying and managing material risks to the Trust’s business from cybersecurity threats. The Sponsor’s cybersecurity policies and practices are set out in the Sponsor’s compliance manual and are reviewed on an annual basis. In addition, all officers of the Sponsor and all employees of Bitwise Asset Management, Inc. (“BAM”), the parent of the Sponsor, receive annual compliance training and annual cybersecurity training. Attendance at the annual cybersecurity training and the annual compliance training is tracked and recorded. The Sponsor engages a selection of third-party experts (“Experts”) to assist its internal legal, compliance and engineering personnel in developing, implementing and testing its cybersecurity policies and procedures. The Experts assist in performing assessments, penetration tests and reviewed areas of potential vulnerability. In addition, the Experts work with the Sponsor to conduct cybersecurity training, exercises and quarterly internal phishing tests. The Sponsor uses the findings of such exercises and campaigns to improve its practices, procedures, and technologies. The Sponsor also engages the Experts to support its cybersecurity threat and incident response management and maintains information security risk insurance coverage. The Sponsor conducts due diligence on the Experts and all third-party service providers both at the beginning of any contractual relationship and on an ongoing, periodic basis. The Sponsor reviews a selection of all of its service providers on an annual basis, with specific emphasis on any service providers deemed to be high risk and utilizes external compliance partners to assist with this review. As part of this review, the Sponsor tracks any identified deficiencies and requires that its third-party service providers have in place appropriate technical and organizational security measures and security-control principles based on recognized cybersecurity standards. The Sponsor also obtains contractual assurances from third-party service providers relating to their security responsibilities, controls, reporting, and roles and responsibilities as it pertains to cybersecurity incident response policies and notification requirements. While neither the Sponsor nor the Trust has experienced a material cybersecurity incident during the year ended December 31, 2024 , cybersecurity threat risks may materially affect either the Sponsor or the Trust, including the Trust’s business strategy, results of operations or financial condition. Governance The Trust does not have any directors, officers or employees. Under the Trust Agreement, all management functions of the Trust have been delegated to and are conducted by the Sponsor, its agents and its affiliates. Hong Kim, the Chief Technology Officer of BAM is responsible for assessing and overseeing the Sponsor’s and the Trust’s cybersecurity risks and providing direction and oversight for risk mitigation action in conjunction with Katherine Dowling, the General Counsel and Vice President of the Sponsor. Mr. Kim graduated from the University of Pennsylvania with a Bachelor of Science in Computer Science, and, prior to BAM, worked on Google’s backend infrastructure for Google Drive and worked in software security for the South Korean military. Ms. Dowling has served as a Chief Compliance Officer at various companies since 2015 and has more than ten years of experience as an Assistant U.S. Attorney, most recently in the Economic Crimes Unit of the U.S. Attorney’s Office for the Northern District of California. Mr. Kim and Ms. Dowling receive periodic reports from the Experts and members of the Sponsor’s Legal and Compliance team who take part in cybersecurity review, implementation, training and testing. 90 BAM, has a board of directors that is ultimately responsible for managing and directing the affairs of the Sponsor, including maintaining oversight of risks from cybersecurity threats . Mr. Kim serves on the BAM board of directors. Ms. Dowling serves as the General Counsel and Chief Compliance Officer and is on the Executive Management Team of BAM and therefore is able to report directly to BAM’s board of directors regarding cybersecurity risks to the Trust and the Sponsor.

Company Information