Securing Cryptos In A Vulnerable World
There’s a certain irony to the contention that a central quality to blockchain technology is its secure cryptographic design. Security is touted but security is a challenge.
There’s little question that the consensus and hashing processes make fraudulent activity exceptionally difficult. In addition, the use of key-pairs provides a rigorous authentication mechanism.
That said, blockchain-based systems, particularly those supporting cryptocurrencies, have been the victim of a high number of significant cyber-attacks over the years.
Here is a brief summary of some of the worst crypto hacks beginning with the first major attack in 2011.
This hack took place against a Tokyo-based crypto exchange called Mt. Gox. At its peak, Mt. Gox handled 70% of all Bitcoin transactions. Its prominence at the time made it an appealing target. It got attacked twice. First in 2011, the exchange lost 25,000 Bitcoins that were worth at that time around $400,000. It was attacked again in 2014 and lost around 650,000 Bitcoins which were now worth $473 million. At the time, some mystery surrounded the Bitcoins disappearance. Was it bad management, criminal activity, or bugs in the software? While 200,000 Bitcoins were finally recovered, the concluding assessment was that the cryptos were stolen from Mt. Gox’s hot wallet. The exchange finally filed for bankruptcy and was liquidated in April 2014.
An even larger hack occurred in 2018, also to a Japanese exchange called Coincheck. Once again, the vulnerability appeared to be the exchanges’ hot wallet, and the theft amounted to $534 million. This time, the exchange did survive and was later purchased by a Japanese financial service company, the Monex Group.
The largest crypto hack to date occurred in early 2022 and targeted the Ronin Network, a provider to the Axie Infinity blockchain-based gaming platform. Hackers were able to breach the Ronin Network and acquire $625 million worth of Ethereum and USDC, a stablecoin. Security agencies have claimed the attackers were a North Korean state-backed hacking group.
In late 2022, the popular Binance exchange suffered a breach and lost $570 million. Hackers were able to create new Binance Coins and then use a creative process to withdraw the funds. In this instance, it was a bug in the blockchain software that allowed the attack to take place. The code that runs on blockchains is referred to as a smart contract.
Most recently, crypto attacks have involved exploiting smart contract weaknesses in some of the more elaborate decentralized finance or DeFi systems. In particular, crypto bridges that connect blockchains and enable the transfer of crypto between them, have been a target. In February 2022, Wormhole, a bridge connecting the Ethereum and Solana blockchains was hacked and around $320 million worth of crypto was stolen. Other even more complex schemes have taken place since.
What is obvious from this summary of major hacks is that they almost always involve crypto exchanges. The weakness appears to be their hot wallets and it lends its support to the notion that you must carefully assess the security measures of the crypto exchange you choose. In addition, you need to consider when your private keys should be moved to cold storage or whether you should manage them yourself.
In addition to security risks with exchanges, increasingly, weaknesses in blockchain and related-systems code have also resulted in vulnerabilities. Part of this is the newness of some of the underlying technology that facilitates the broader crypto ecosystem such as DeFi, gaming, stablecoins, and non-fungible tokens or NFTs. Rapid innovation is often accompanied by code weaknesses that are remedied over time.
If crypto is to have any chance at long-term success, these exchange hacks and code weaknesses in applications will have to become less frequent. Each negative story that drops weakens people’s confidence and makes the market concerned about viability. You can be sure that crypto providers are working hard to reduce these risks.
This excerpt post is adapted from Dr. Jonathan Reichental’s upcoming and completely new version of his popular course, Securing Cryptocurrencies, on LinkedIn Learning. You can also check out Dr. Reichental’s comprehensive Cryptocurrency QuickStart Guide which is available in paperback, eBook, and audio formats: reichental.com/crypto.