Crypto-heists are becoming more and more sophisticated
The Poly Network, a decentralized finance network that the majority of people outside the crypto world are unlikely to have heard of, was hacked earlier this summer by an anonymous hacker, who stole approximately $600 million in cryptocurrency. Afterwards, the hacker returned it.
Four months after that, hackers gained access to the cryptocurrency exchange Bitmart and stole at least $150 million in cryptocurrency assets. In one instance, unidentified hackers were able to access and extract funds from two “hot wallets” using a stolen private key, according to the findings of the investigation.
However, while security incidents of this nature are not new in the cryptocurrency world, the magnitude of these hacks appears to be increasing as cryptocurrency prices have soared in the last year, garnering increased mainstream attention in the process.
As reported by consumer website Comparitech, five of the ten largest cryptocurrency thefts in history occurred this year, bringing the total number of such thefts to five. Moreover, according to financial technology experts, these occurrences are likely to continue as the use of cryptocurrency rises.
Find out what’s going on and how to protect your digital assets by reading the following information.
What exactly is going on?
Cryptographic exchanges and decentralized finance (DeFi) services, according to Tom Robinson, chief scientist at London-based crypto compliance firm Elliptic, are the two most common targets of crypto hackers at the moment.
The hacking of centralized exchanges has been going on for several years. A user’s assets are stored in “hot wallets,” which are digital wallets that can be accessed online. As a result, they are more easily accessible to users, but they are also more vulnerable to sophisticated cyberattacks.
Recently, the BitMart website was hacked, which was one such example. One such example is the Coincheck attack in 2018, which resulted in the theft of approximately $530 million, making it the largest cryptocurrency theft ever, according to Comparitech’s data — until the Poly Network incident this year, that is.
A relatively new addition to the crypto world, decentralized financial infrastructure (DeFi) services. In addition, because they run directly on top of blockchain platforms, DeFi software applications remove the need for exchanges entirely, and hacks of these services, according to Robinson, are typically the result of programming errors or design flaws. Poly Network is a well-known example, as is the more recent hack of Badger DAO, a platform that provides users with vaults in which to store bitcoin and earn a profit from the transactions. The Badger DAO hack resulted in a loss of $120 million in funds.
What is clear from the majority of these attacks this year is that they are frequently exploiting a vulnerability, says Rebecca Moody, head of research at Comparitech. “The majority of these attacks this year are exploiting a vulnerability,” she adds. In part, this is due to the fact that the industry is growing at an exponential rate and is based on open source technology, which makes platforms vulnerable to exploitation if hackers discover a flaw in the code.
Is there anything specific that you stand to loose?
Because an exchange has been hacked, it does not necessarily follow that all of your money has been lost.
Various levels of protection against hacking are provided by different cryptocurrency services. For example, BitMart makes a guarantee that it will replace any assets that are stolen.
Although an entity may be unable to compensate impacted users, according to TRM Labs’ crypto-crime analyst Joe McGill, law enforcement agencies such as the Internal Revenue Service Criminal Investigations Cyber Unit may still be able to recover the funds that have been fraudulently obtained.
No assurances can be given, however, Many banks provide deposit insurance up to a certain amount, but when using a third-party service to store cryptocurrency assets, there is no such guarantee. The extent of insurance coverage — if any — available to certain businesses will vary depending on the platform used.
According to reports, the cryptocurrency has been stolen and may be permanently lost. Adam Morris, co-founder of Crypto Head, told CNN Business that hackers are frequently successful in escaping with stolen funds because cryptocurrency is virtually untraceable and can be easily disguised through wallets in a matter of seconds.
What measures can cryptocurrency investors take to protect their holdings of cryptocurrency?
When choosing a cryptocurrency wallet or exchange, experts recommend that users take the company’s size and professionalism into consideration..
“Has someone been assigned to the task of ensuring cyber security? The company’s reputation has been harmed or enhanced. Is there a size specification for the company? Do you know how many people are employed by the organization? All of these are indicators that you can place your trust in the company’s ability to protect your assets in a responsible manner “”It’s a complicated situation,” Robinson says.
There are also some fundamental security precautions that users can take when logging into their cryptocurrency account. Two-factor authentication, as well as hardware keys, which are essentially offline passwords, is recommended by McGill University. Also recommended by him is requiring approval for all cryptocurrency withdrawals as well as whitelisting addresses, which limits the ability to withdraw cryptocurrency funds from your account to specific addresses in your address book.
According to McGill, “while there is no 100 percent guarantee against cybercrime,” understanding the exchanges being used, their history with cybercrime, and the response systems in place are all critical.
According to Morris, using a hardware wallet, also known as “cold storage,” rather than storing one’s crypto assets with a service is another way to protect one’s crypto assets. While this is widely regarded as the most secure method of storing cryptography, it places the entire burden of responsibility for storing private keys on the shoulders of the individual user. In the event that those keys are stolen or lost, there is no larger financial institution that can assist you with your situation.