Don’t trust, verify. Theft and crypto.
Hackers stole $1.3 billion in the first three months of this year. How can you manage risk as an investor?
Hackers steal $625 million in March
The largest crypto hack to date occurred just this year. In March 2022, Axie Infinity’s Ronin Network lost $625 million in an attack now linked to North Korean group Lazarus. The hacker got control of five of the nine validator nodes needed to recognize a deposit or withdrawal. On June 28, Sky Mavis, the developer behind Axie Infinity, began reimbursing victims of the attack.
In 2021 alone, hackers stole $3.2 billion worth of cryptocurrency. While blockchain by design is highly secure, hackers can still infiltrate crypto platforms. Unregulated DeFi platforms especially have raised concerns regarding safety and security. How can investors manage this risk when investing in cryptocurrency?
Established blockchains nearly impossible to hack
Hacking an established proof of work blockchain is a difficult and expensive process. To do so, miners must control over 50% of the network’s mining hash rate or computing power. A 51% attack allows hackers to rewrite parts of the blockchain which leads to double spending. They can also monopolize mining new blocks and reap all of the rewards.
Blockchain hacks are also rare. Established blockchains, like Bitcoin and Ethereum are nearly impossible to attack. However, smaller chains are more susceptible. Krypton and Shift, both offshoots of the Ethereum blockchain, suffered a 51% attack as did Bitcoin Gold in 2018 and 2020. Proof of stake blockchains are equally difficult to attack as a hacker would have to own 51% of the staked cryptocurrency.
DeFi hacks on the rise
Hackers tend to target DeFi platforms. Growth in the DeFi sector has made hacking increasingly lucrative. Of the $3.2 billion stolen in 2021, approximately $2.2 billion, or 72% of those funds came from DeFi platforms. In the first three months of this year, hackers have already stolen $1.3 billion, mostly from DeFi platforms.
The majority of these hacks can be grouped into three categories: security breaches, human-error hacks and agency problems. Security breaches occur when hackers find a loophole in a platform’s security system. Human-error hacks involve ransomware or malware. Agency problems are when founders disappear or an inside agent siphons money over a period of time. Hackers of Poly Network, MT Gox and Wormhole preyed on system vulnerabilities while hackers of Ronin Network, Coincheck and KuCoin took advantage of hot wallets. Hot wallet private and public keys are stored online making them vulnerable to an attack.
The valuation of these attacks seems significant, but compared to total transaction volume, which grew to $15.68 trillion in 2021, it pales in comparison. In fact, crypto crime rates have never been lower. In 2021, transactions involving illicit addresses made up 0.15% of cryptocurrency volume. This includes everything from malware and terrorism to stolen funds and darknet markets.
How to safeguard your crypto investments
Reasons for slowing rates of crypto crime include improved law enforcement, increased regulations and tightened security for centralized exchanges. The narrative that crypto cannot be traced is also dissipating as proven by the February 2022 arrest of the alleged Bitfinex money launderers. While crypto crime is slowing, it remains imperative to trade safely and securely. Here are some guidelines and best practices:
- Reputable and trusted centralized exchanges that feature Know Your Customer (KYC) identification and adhere to regulations like Anti-Money Laundering (AML) protocols are typically safer and more secure.
- Security experts also suggest using a “cold” wallet or hardware wallet and keeping your private keys offline in a safe location are best practices.
- Do not download investment apps that you don’t know or have limited knowledge. The FBI recently issued a warning that cybercriminals are stealing millions from Americans using fraudulent crypto investment apps.
- If you’re using DeFi platforms, do your research - avoid platforms that use untested technology, such as unfinished, beta platforms
- Use two-factor authentication (2FA)
- Use secure networks and avoid public WiFi
- Use a VPN or encrypted communication channels like Telegram, Signal or ProtonMail
- Don’t post online about your success in crypto
- Be wary of scams such as exit scams or rug pulls - when promoters of a cryptocurrency disappear with investors’ money after an initial coin offering
The mainstream explosion of cryptocurrency within the past few years has led to an increase in the amount of coins, platforms and opportunity for investment. Crypto’s growing popularity has made hacking increasingly lucrative, especially in a relatively unregulated environment. While illicit transactions make up a small portion of overall crypto transactions, it is important to remain proactive to protect your investment against crypto crime.