The crypto industry is booming, but it is also plagued by incessant security breaches that undermine its credibility and trustworthiness. According to a report by CipherTrace, a blockchain analytics firm, crypto-related thefts, hacks, and frauds amounted to $1.9 billion in 2020, a 57% decrease from the record $4.5 billion in 2019, but still a significant threat to the industry. According to Forbes, over $3 Billion have been lost to crypto hacks, annually. NBC News places that number even higher with $14 Billion in Worldwide hacks. Yet another source has the total for all scams and hacks since 2017 at over $20 Billion. The most common types of attacks are:
Exchange hacks: These involve hackers exploiting vulnerabilities in the platforms that facilitate the trading and storage of cryptocurrencies, such as centralized exchanges, decentralized exchanges, and wallets. Some of the most notorious examples are the Mt. Gox hack in 2014, which resulted in the loss of 850,000 bitcoins (worth about $460 million at the time), and the KuCoin hack in 2020, which resulted in the theft of $281 million worth of various cryptocurrencies.
DeFi hacks: These involve hackers exploiting vulnerabilities in the protocols that enable decentralized finance (DeFi) applications, such as lending, borrowing, trading, and staking. DeFi is a fast-growing sector that aims to provide financial services without intermediaries, but it also poses unique challenges and risks. According to CipherTrace, DeFi hacks accounted for 45% of all crypto thefts in 2020, totaling $129 million.
Scams and frauds: These involve hackers deceiving or coercing users into sending them cryptocurrencies or revealing their private keys or passwords. Some of the common methods are phishing emails, fake websites, social media impersonations, Ponzi schemes, and ransomware attacks. For instance, in July 2020, a group of hackers hijacked the Twitter accounts of several prominent figures, such as Elon Musk, Barack Obama, and Joe Biden, and posted messages asking followers to send bitcoins to a certain address, claiming they would double their money. The hackers managed to collect over $100,000 worth of bitcoins before the scam was exposed.
Causes of Security Breaches on Crypto Exchanges
Poor security practices: Some crypto exchanges do not implement adequate security measures to protect their systems and users from unauthorized access. For example, they may use weak passwords, store private keys online, or fail to encrypt sensitive data. These practices expose the exchanges to hacking attacks that can compromise their funds and information.
Lack of regulation: Unlike traditional financial institutions, crypto exchanges are largely unregulated and operate in a legal gray area. This means that they do not have to comply with any standards or rules regarding their security, transparency, or accountability. This also means that they do not have any legal recourse or protection in case of a security breach. Users who lose their funds or data due to a security breach may have no way of recovering them or seeking compensation.
Human error: Sometimes, security breaches on crypto exchanges are caused by human error or negligence. For example, an employee may accidentally leak confidential information, a user may fall victim to a phishing scam, or a developer may introduce a bug in the code. These errors can create vulnerabilities that can be exploited by hackers and cybercriminals.
These security breaches not only cause financial losses to the victims, but also damage the reputation and confidence of the crypto industry as a whole. They also attract regulatory scrutiny and intervention, which may hamper the innovation and growth of the industry. Therefore, it is imperative that the crypto industry takes proactive and effective measures to prevent and mitigate these security breaches. Some of the possible solutions are:
Implementing robust security standards and practices: The crypto industry should adopt and enforce high-level security standards and practices for its platforms and protocols, such as encryption, authentication, verification, auditing, testing, monitoring, and updating. These security measures should be transparent and verifiable by third parties, such as auditors, regulators, or users. Moreover, the crypto industry should foster a culture of security awareness and education among its participants, especially users who are often the weakest link in the security chain.
Leveraging blockchain technology and innovation: The crypto industry should leverage the inherent features and advantages of blockchain technology to enhance its security and resilience. For example, blockchain technology enables immutability, traceability, decentralization, and consensus, which can help prevent or deter unauthorized transactions or alterations. Furthermore, the crypto industry should embrace innovation and experimentation to develop new solutions and approaches to address its security challenges. For instance, some emerging technologies that may improve crypto security are zero-knowledge proofs (ZKPs), multi-party computation (MPC), threshold signatures (TSS), and quantum-resistant cryptography (QRC).
Collaborating with stakeholders and regulators: The crypto industry should collaborate with various stakeholders and regulators to establish a common understanding and framework for its security issues and solutions. These stakeholders include other crypto platforms and protocols, cybersecurity experts and researchers, law enforcement agencies, policymakers, standard-setting bodies, industry associations, and users. By engaging in dialogue and cooperation with these stakeholders and regulators, the crypto industry can foster trust and legitimacy among its participants and society at large.
Security breaches are a serious threat to the crypto industry that require urgent attention and action. The crypto industry should implement robust security standards and practices; leverage blockchain technology and innovation; and collaborate with stakeholders and regulators to solve this problem. By doing so, the crypto industry can enhance its security and resilience; protect its users’ assets and interests; improve its reputation and confidence; and promote its innovation and growth.