Blockchain and Crypto Centralized Finance (CeFi) & Decentralized Finance (DeFi) are the potential future alternative to our economic and social systems. But there is still a huge obstacle in their way for mainstream adoption by the general public, and that is hacking. Crypto hacks are the talk of the town again, and we all know the reasons.
From crypto pickpocketing to security breaches through phishing and now to blockchain bridge breaches, crypto hacks have come a long way. Following the recent high-profile thefts that have occurred on various crypto platforms, wallets, and exchanges, crypto is no more the biggest gold mine for investors.
The year 2022 saw itself as a bear market, but this didn't stop the hackers from doing their thing. In fact, October was the busiest month of the year so far for the hacking groups, as $718 million were stolen from 11 hacks across different DeFi protocols.
On the whole, this year has observed a gross loss of of $3 billion across 125 hacks which are inching closer to the last year's tally of $3.2 billion with a month to spare. Looking at these numbers, it is safe to say that 2022 will see an all-time high for crypto hacks.
Unlike centralized systems that have evolved to be more secure against hacks and how they manage their funds, crypto finance protocols, including centralized & decentralized finance (CeFi & DeFi) protocols continue to expose their vulnerability to this exploitation, mainly due to their open-source nature.
This has led to a serious discussion on whether crypto hacks are an inherent problem of CeFi & DeFi or simply the new cost of doing business today!
How Bad is it
Those who follow cryptocurrency crime trends would know that hacking has certainly risen to the top as the biggest challenge this industry faces today regarding a real threat to finance and data security.
The intensity of this issue is transforming the dynamics of the industry. If it continues to surge on the same projection, investors will soon lose faith in investing in blockchain and DeFi platforms. The crypto experts had predicted that things would settle down as we move from 2021 to 2022, as the market will convert from bull to bear.
However, the bad boys didn't like the idea very much and kicked off 2022 with a solid series of blockchain and DeFi protocols being hacked and deprived of millions of assets. The most prominent hacks of the year 2021 were as follows:
- Wormhole cross-blockchain bridge lost $325 million
- Axie Infinity crypto game's Ronin bridge lost a huge $625 million
- BNB chain-based bridge that lost $100 million
A DeFi network -Beanstalk Farms lost $182 million worth of crypto
Hackers accessed DeFi protocol Wintermute and stole crypto worth $160 million
How Do These Hacks Occur
Social Engineering
For a major part of history, crypto hacks resulted from security breaches when hackers somehow managed to get access to users' private keys and hopped onto the wallet to steal quick tokens. The human factor of leniency came into play in these scenarios.
Like when private keys are shared via shady airport Wi-Fi, they somehow always end up in the hacker's lap. Other social engineering hacks could result from email phishing, investment scams, hot wallets, and connecting via insecure networks.
Example: March 2022 saw the biggest crypto hack of the year when ETH and USDC worth $620 million were stolen from Ronin Network, a crypto game Axie Infinity's Ethereum-based network. The attacker did two transactions on the Ronin Bridge contract using the compromised private keys to fabricate phony withdrawals.
Crypto Exchanges
Centralized & Decentralized exchanges are more prone to hacking today than ever, and crypto exchange is the reason Well, it is arguable whether or not you can hack a blockchain platform completely. However, it is well established that a hacker can use a platform exchange to access digital assets and steal them.
For instance, bitcoin is decentralized, so there is no system to be hacked. However, during its exchange, there is a huge possibility that this asset gets to a place that exposes it to potential hackers.
Example: The most high-profile cryptocurrency exchange hack occurred in October 2022, when the Binance exchange was hacked, and $570 million was stolen from the network. Hackers could take access to BSC Token Hub, a cross-chain bridge, and create 2 million extra BNB tokens.
51% Attack
This is the latest and the most dangerous way hackers are taking on blockchain networks. Since blockchains operate on certain consensus mechanisms, one requires the majority of ownership to make changes and confirm them.
In reality, it looks exorbitantly expensive idea for a hacker or a group of hackers to buy 51% of bitcoin or any other blockchain asset. However, with the help of fraudulent identities and accounts (Sybil attack), 51% of attacks could be made practically possible.
Example: The biggest 51% attack scenario happened in 2018, when Bitcoin Gold a hard fork form of Bitcoin, lost $18 million to attackers that could take major control of the network and alter the transactions.
Can We Retrieve Stolen Assets
These days everyone who is invested in the blockchain is concerned about the security of these platforms. The question is whether or not the industry has any tools to retrieve the funds once they get stolen through hacking exploits. The answer is Yes & No.
The first scenario is when an account is hacked, and there is a known identity behind the wallet which made the transaction. The funds can very well be followed where they're going. Everything's available forever publicly on the blockchain. Provided one can trail the funds, know which off-ramps they're using, and the exchanges being utilized, one has a good shot at getting those funds frozen by those exchanges' compliance teams and then returning them.
The second scenario is when the assets are hacked, transferred via an exchange, turned into fiat, and moved off the platform, there is very little to no chance of getting those back purely through freezing the funds on the account. The ball is now in the court of law enforcement and investigation agencies which can follow the case from there on, probe alleged hacking groups and individuals based on the prevalent data, and trace out the funds.
Do Frequent Crypto Hacks Expose the Vulnerability of DeFi?
Though blockchain experts all agreed that there needed to be more attention and resource allocation to the cybersecurity of DeFi platforms, a potential cause of increasing hacking attempts, to say whether hacking as a vulnerability is an intrinsic element of DeFi won't be justifiable.
The reason behind this is that data security is an equal concern for both centralized and decentralized platforms. Be it banks, financial institutions, or any other entity that deals in public money, users' personal identity is always being threatened to be stolen, scammed, or hacked to some degree. The root causes of the evil, security breaches, and phishing campaigns are the same. A huge number of businesses all around suffer vulnerabilities from ransomware that is also delivered through either malware or clicking on the wrong link or other phishing links. Yet alone in the cryptocurrency.
The only difference between DeFi from centralized exchanges is there's an additional attack vector that hackers can carry out due to the decentralized nature of the platform. Additionally, with DeFi, there is also a challenge of open-source code, which means anyone can parse over this open source code and look for code vulnerabilities that they can exploit. The invention of smart contracts has also proved to be a secure answer to this problem.
How To Prevent Crypto Hacks
This is insurmountable. Everyone's hacked. DeFi, as an industry, will require investing in the code and making it immune to hacking attempts and misadventures. The community will require to evolve and grow to prioritize cybersecurity in DeFi. Multi-factor Authentication is one way of doing this.
When the DeFi platforms first boomed in 2021, and so many new entrants started joining the force, anyone could spin up a smart contract managing millions and millions of dollars. But at the expense of growth, people did not prioritize cybersecurity or didn't care much about it. And today, the industry is receiving the repercussions of those decisions.
As an individual, there are a few practices that can ensure your crypto belongings are secure from being stolen. The critical factors are understanding how your keys are stored, how you and others can access them, and what you can do to make them inaccessible.
The use of cold wallets should be prioritized in place of hot and other types that could be manipulated with internet access could be the key here. Other best security practices could be using VPN when dealing in crypto, securing your devices, updating passwords regularly, and being aware of the ever-evolving phishing scams.
Wrapping Up
Crypto hacks are in full swing. The industry has been deprived of around $3 billion in the ongoing year, out of which Bitcoin Gold $718 million has gone only in October. The year 2022 is expected to surpass the previous year's total losses of $3.2 billion to become an all-time high year for cryptocurrency and blockchain hacks.
While hackers are busy finding new ways to intrude the blockchain networks, industry experts believe this is a matter of time and priority when cybersecurity is prioritized and strict security protocols are implemented. So, blockchain, crypto exchanges, and DeFi platforms would become less vulnerable to hacks.
For more details on how DeFi can be secured, contact blockchain experts at aspired.io.