If there is anything we should all know in 2022, it is that security – in all its realms – should never be taken for granted.
In January, a hacker took advantage of a defect in a smart contract and stole some $80 million from a Binance-based fund. Less than a week later, an infiltrator manipulated contracts on a Solana-to-Ethereum bridge to make off with $325 million. Then in April, a criminal exploited a “flash loan” – whereby monies are borrowed and paid back in one transaction under the guise of donating funds to Ukraine – to mint $182 million. Even the North Korean-associated Lazarus group allegedly pocketed $100 million in digital assets in late June, sparking concern that the stolen goods would be used to finance Pyongyang’s nuclear ambitions.
It is just the tip of the iceberg regarding the various inflammatory news stories illuminating that this year has been the worst for hacks in the crypto industry. Although digital currency, and its underlying technology, Blockchain, are certainly refashioning and revolutionizing the planet’s banking system and financial handling, like everything, that are thin cracks in the infrastructure that make it susceptible to violations.
Those ongoing tricks are treats to criminal enterprises, but there is a lot that can be done to put a candy halt on the hackers.
So before panic sets in, let’s put it all into perspective. There is not a single financial institution on planet earth that is not in some way vulnerable to infiltration and cybercrimes. Heists and hacks happen every day across the world’s banking system, the same system that has been around for decades and is still unable to conquer the ceaseless stream of breaches.
For one, the lauded 49-year-old SWIFT system suffers from persistent intrusions, even with cutting-edge security systems in place. Despite the more than $250 million spent on cybersecurity, Conglomerate JP Morgan was subject to a jaw-dropping infringement in 2014. The data of more than 80 accounts was leaked, followed by some serious stock manipulation.
And according to the FBI’s Internet Crime Report, Americans lost $7 billion in cybercrime and internet scams last year alone. By comparison, crypto’s DeFi (decentralized finance) processes only really kicked off properly a few years ago, meaning it is still in its early days in cementing the tiny tinctures of loopholes. Even so, less than four percent of FBI complaints pertain to crypto violations.
In fact, Blockchain technology comes with a myriad of revolutionary security advantages. Blockchain networks – an assemblage of computers termed nodes – are entirely transparent and “break” if altered or tampered with, making them highly complex collections that only skilled and well-funded infiltrators can successfully enter.
But nothing is foolproof, including crypto. So, how does it happen?
Most crypto apertures still occur the old-fangled way: phishing and malware attacks that abuse unsuspecting users by swindling them to input critical credentials or pass on the keys to their wallets with malicious links often concealed as trusted third-party requests.
Then there are “51 percent attacks,” whereby a user – or several users – gain preponderance over the hash power on a given blockchain system and can thus rewrite transaction history on double spends. Typically, double spends are wiped are the transaction is complete, and the recipient receives the goods. However, attackers, in this case, can then re-use the tokens.
Another type of attack is “typosquatting,” by which tricksters develop fraudulent websites, such as a fake crypto exchange, to glean user data and then breach a person’s crypto wallet. There are also “routing attacks,” which involve a hacker intercepting data as it is disseminated to an Internet Service Provider (ISP) and the computers or nodes. The criminal can then cleverly fashion a flood of fake transactions. Further, there are “Sybil attacks,” which utilize a method of deluging the node network with requests from counterfeit identities, causing a system crash. (To date, no hacker has been successful with this expensive method, but that has not stopped some outfits from trying.)
But more and more, crypto enthusiasts have been scammed by a new phenomenon called “Blockchain bridges.” This bridge is a piece of software that acts as an intermediary that links the exchange of digital assets from one chain to another and has gained popularity as a way for users to circumvent the centralized exchange process. However, Blockchain analytics experts lament that hackers can intercept assets in various ways, suggesting that the needed security is not on-par with a bridge’s monetary value.
The good news is that a lot can be done to secure your cryptocurrency, making the risk of any meddling extremely low. An important first step is understanding how your keys are stored and how to make them inaccessible to anybody but you. Many devotees are turning to cold wallets (no wired or wireless connection) rather than hot wallets (always connected to the internet) for storage purposes.
“For security purposes, you should never store your keys on a device that has a connection that is always on or accessible. If it has a connection and an application is used to access your keys, it can be hacked,” Investopedia warns. “Contrary to advertising and cryptocurrency wallet reviews, you don’t need a commercially manufactured device to act as a wallet. A USB thumb drive with encryption can also work. However, USB connections can degrade over time; additionally, once a cold storage device is connected to a computer or other connected device, it becomes hot storage until it is disconnected.”
Moreover, never share your private keys with anyone – and certainly never on an email or text request that comes your way. Indeed, it can’t hurt to brush up on the 101’s of identifying the many social engineering online scams.
Furthermore, do your homework when it comes to choosing where to trade. Recently, some software has been exposed for being built on faulty (often hastily created) code. This enables hackers to sneak into the infrastructure rather than individual accounts.
The industry at-large bears a lot of responsibility too. Developers should prioritize a big budgetary portion to cyber security from inception and implement stringent testing protocols to avoid code glitches. If breaches happen, they could and should share this with the broader crypto community as a means for everyone to learn and prevent going forward.
Some enthusiasts are also floating “reversal” solutions.
In September, Stanford University researchers proposed adding a standard “reversible version of ether and non-fungible token (NFT) coins that would give token owners a short window when they could appeal to a decentralized panel of judges who could first freeze and reverse the transaction if they believed it was appropriate.”
Nevertheless, this method would ignite controversy among crypto’s libertarian-leaning contingency, as the notion of “judges” would add a centralized mechanism to the widely lauded decentralized platform.
Additionally, other experts advocate for “graph database” technology as a real-time mechanism for activity verification. As cyber network Security Boulevard points out, “a financial institution, for example, could use a cryptocurrency network graph to identify the percentage of funds received from various actors. For example, how many funds were received from the darknet, exchanges or smart contracts? The graph can also highlight flows of funds as well as transactions that originate from a specific location.”
Further, “an organization could also load an entire bitcoin blockchain into a graph database and then—with help from third-party data—determine if a specific address is closely associated with known risky addresses or risky users.”
In essence, the space of DeFi is a space that continues to mature by the day, with developers continuing to expose vulnerabilities and dedicate resources to perfect the coding, making the protocols more and more secure.
However, diminishing the number of infractions by bolstering cybersecurity – still very low compared to its centralized counterparts – should be the paramount priority of everyone inside the crypto arena. Cryptocurrency hacking endeavors are only as effective as the poor security practices they exploit, and everyone has a role to play in safeguarding their goods.