Advertisement
Advertisement

Just How Safe Is Your Crypto?

By:
Tim Alper
Published: Apr 13, 2022, 08:44 UTC

As tokens become more popular, crypto-related hacks are continuing to diversify – and may never totally cease. But who exactly is hacking crypto, and how?

Bitcoin,With,Locker,On,Motherboard.,Cryptocurrency,Law.,Digital,Security.,Btc

High-profile crypto hacks are on the rise. Last month saw the DEFI protocols Agave and Hundred Finance stung in an $11 million raid, just one of a slew of crypto hacks of a similar hue.

So what’s the deal? Does crypto suffer from security issues? Who’s hacking what? And is there anything you – the innocent crypto trader or HODLer can do about it?

What kind of crypto targets find themselves in hackers’ crosshairs?

Centralized Exchanges

Once upon a time, crypto exchanges were “low-hanging fruit” for crypto hackers with catastrophic effects, in many cases.

In Japan, Mt. Gox (in 2014), Coincheck (early 2018), and Zaif (late 2018) all suffered huge hacks. The former was put out of business altogether, while the latter two were bailed out by larger companies that eventually took them over.

The last attack of such a scale on a crypto exchange was the KuCoin raid of 2020 – leading some to suggest that, in more recent times, trading platforms have upped their security game.

Gina Kim, a South Korea-based cybersecurity expert, tells FX Empire that the security landscape has changed for crypto players in recent years. She says:

“Not so long ago, centralized exchanges – even the bigger ones – were notoriously lax when it came to security. Despite the fact that they were often handling millions of dollars worth of coins, they had very low security fences, so to speak. And hackers who targetted them knew that.”

Kim continues:

“Things have changed a lot now, with better security protocols for employees and improved security at the software level. They aren’t perfect, but they have certainly invested a lot more than they once did in staying safe. Some have learned the hard way.”

Regardless, the sector is still not immune to security breaches – only a few months have passed since hackers made off with almost $200 million worth of user funds from the BitMart exchange.

Hacks on Protocols and Decentralized Exchanges

Sadly, these kinds of attacks are now on the rise. A hack on the Ronin network recently saw the Sky Mavis-developed Axie Infinity play-to-earn title, its AXS coin and its users lose $625 million in the biggest hack in crypto history.

In January, the Qubit Finance Protocol suffered an $80 million loss, while Grime Finance lost $30 million in a hack at the end of last year.

As the amount of blockchains and decentralized platforms continues to rise, so too does the number of targets now open to exploitation by hackers.

Voice and spear-phishing

Kim tells FX Empire that this form of attack is now the “hacking attack of choice” for most would-be crypto raiders. She notes that the “prime target” of many hackers remains crypto exchange employees, who are sometimes targetted with sophisticated and “tailored” attacks that involve bogus job offers made via platforms like LinkedIn, with attackers posing as employees from partner companies.

She explains:

“All they need to do is convince you that they really are who they are pretending to be. Often that’s all it takes for you to trust them enough to click on a link that opens a back door for them. Once they’ve got that software onto a computer, they are set.”

But there is danger too for ordinary crypto traders and holders. Kim notes that targetting crypto exchange customers with “urgent-looking” messages and phone calls claiming that someone is trying to access their crypto often sends unsuspecting customers into a panic.

In a panicked state, it is often easy to lead victims to click on links in emails that send these customers to sites where they enter their login and password details – unaware that such sites have been custom-made to help hackers harvest such data.

Fortunately, many larger exchanges are aware of such threats, and inform customers about ways to make sure that mails actually do come from their staff. It’s worth remembering that no exchange employee will ever ask you to hand over your password or private keys.

Who hacks crypto?

Individual hackers and groups

People have all sorts of reasons for hacking. There are even some “white hat” hackers who break into protocols and exchanges to expose risks and later return the funds.

But there are also plenty of people who simply use their advanced computer skills to fill their own pockets.

Hacker groups are also common. In 2020, blockchain analysts claimed that the Eastern Europe-based CryptoCore group had masterminded no fewer than five crypto exchange hacks, reaping some $200 million in the process.

In the case of notorious attacks like the $ 520 million 2018 Coincheck raid, police are still hunting down raiders – with very little to show for their efforts.

Do states hack crypto, too?

The UN has repeatedly accused North Korea and the notorious Lazarus group of masterminding multiple raids on crypto targets across the border in the South – as well as elsewhere in the world. Experts in Washington and Seoul have claimed that Pyongyang has trained a group of at least 20 “elite cyber warriors” to hack crypto exchanges as part of a long-term fundraising strategy.

The North has rejected these claims, however, calling them fabrications that only a morally bankrupt “spying empire” like the United States could “concoct.”

The South Korea-based Kim remarks:

“It’s hard to say if the allegations about North Korea are 100% true or not, but there can be no doubt that there are some very well-thought-out traps out there in the Korean language – obviously laid by Korean-speaking hackers with their eyes on some very lucrative crypto prizes!”

What’s the future for crypto security?

Crypto has a long way to go if it is to shore up its security holes once and for all. Some may argue that perhaps it will never achieve this feat, and that users will simply have to accept that using digital forms of money and decentralized assets will always be subject to risk.

In South Korea and some other areas, crypto exchanges are required to back their users’ deposits on their platforms with their own token and fiat holdings – meaning that in the case of hacks on regulated exchanges, platforms are legally obliged to refund users.

This might be of some comfort to those who keep their coins on centralized exchanges, but CEXes are not the be-all, end-all of the crypto world. Some even prefer not to use them at all.

So in the absence of a silver bullet that will slay all hackers, how can individual crypto holders boost their own security?

The (very) short answer: Keep your crypto as secure as possible, avoid anything that looks remotely like a scam, back up your wallets, move any crypto you’re not trading into cold wallets, consider self-custody and keep your security phrases under lock and key.

About the Author

Tim Alperauthor

Tim Alper is an IT writer with over a decade and a half of top-level journalism experience. He has written about tech, including crypto and blockchain, as well as other subjects for leading media outlets including the BBC, the Guardian, the Times of Israel, Chosun Ilbo, Maeil Kyungjae, Kyunghyang Shinmun, the Korea Times and the Jewish Chronicle. He has also worked with major bands in the IT space, including Microsoft, Samsung and Accenture.

Did you find this article useful?

Advertisement