The latest in a string of crypto thefts and security breaches, this week's Crypto.com hack has caused some to question the overall security of a rapidly growing industry.
Early Monday morning, hackers discovered a software vulnerability in Crypto.com's authentication system that allowed them to bypass the 2FA process. It then took them just minutes to make off with over $30 million worth of ETH before the company was able to pause withdrawals across the entire exchange.
But even this pales in comparison to the BitMart hack back in December, when the popular crypto exchange lost $200 million dollars (mostly in safemoon tokens) after a private key was stolen. After initially promising to refund users, the company has since gone silent on how and if they plan on doing so.
Further back, in 2019, Binance lost $41 million worth of Bitcoin and a year before that, Coincheck lost $500 million. But the grand prize undoubtedly goes to Tokyo-based Mt Gox which, back in 2014, filed for bankruptcy after 850,000 bitcoins were stolen (currently worth over $35 billion).
All told, in 2021 alone, hackers made off with $3.2 billion worth of cryptocurrency, a 516% increase from just a year earlier. A large chunk of this can be traced back to the North Korean Lazarus Group which accounted for $400 million of that total, leaving western law enforcement agencies with little to do but watch as the group expands its operations through 2022.
Unfortunately, theft is still not the greatest threat facing cryptocurrency holders. Far more pervasive, and successful, are the thousands of online scammers who took home a record $8 billion in 2021. One popular scam, known as The Rug Pull, occurs when scammers push little-known tokens to smalltime investors, promising sky-high returns. Once the price begins to pick up, trading is suddenly halted, and the money is funneled out to the criminals' accounts.
One such rug pull took place back in October when a mystery coin named after the show Squid Game took off. In just days, the value went from a penny to over $2,000, resulting in global coverage by news outlets like the BBC and CNN. However, once the coin hit $2,860, all trading was halted, $3.36 million worth of Squid Game was cashed out by the founders, and the coin plummeted to a third of a cent in 10 minutes. (At the time of writing, the now-decentralized $SQUID is trading at $0.04 a pop.)
It's not all bad news though. Due to their reliance on public ledgers, crypto-thieves are finding that it's far harder to launder their bounties than they'd anticipated. For example, after one hacker siphoned out $600 million worth of digital tokens from Poly Networks this past August, they found that there was simply nowhere to go. In one of the strangest stories in crypto history, the would-be multimillionaire voluntarily returned the full amount and even published a public apology:
"Keep calm and this is the happy ending! I have to admit that my wild or mad behaviors have led to crises to your project, your team and even your lives. Sorry for the inconvenience! It must be one of the most wild adventures in our lives."
Poly Networks responded with a thank you note and a job offer.
Furthermore, although crypto thefts are growing, legitimate cryptocurrency activity is growing far quicker. In 2021, for example, illicit activities were responsible for only 0.15% of the total $16 trillion in trading volume, an all-time low. (Funds are considered illicit if they are connected to an illicit activity or were obtained illegally.)
There are a number of ways in which crypto holders can protect themselves. For one, any significant amount of money should be kept in a ‘cold wallet.' As opposed to hot wallets which are directly connected to the internet and are therefore susceptible to the kinds of hacks, glitches, and outages discussed above, cold wallets are hardware devices that are specially designed for safe crypto storage.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.
Even when plugged into a computer, many cold wallets will perform all operations locally before broadcasting any changes to the network via your computer's internet connection. This ensures that any funds stored on the device are virtually inaccessible to anyone on the internet. Make sure to safely back up your wallet in case it's lost due to theft, damage, or misplacement.
Finally, as with any investment, it's important to perform cyber due diligence before purchasing any cryptocurrency, utilizing a new exchange, or downloading a new software product. Some things to consider when purchasing a new coin:
Does it serve a purpose? Most cryptocurrencies will be minted as a reward for verifying blocks of data that serve some purpose outside of simply perpetuating the currency itself. While Bitcoin is one notable exception to this rule, it is the exception that proves the rule.
Does it have a white paper? Nearly all currencies will be launched with an accompanying white paper laying out the vision and purpose of the coin. If there is no white paper available, or it is of poor quality (such as the Squid Game white paper), it's probably best to stay away.
Where can you buy and use the token? Unless you're mining the coin, you should only purchase coins from a reputable exchange. These exchanges will have performed their own due diligence before onboarding the coin and require certain disclosures before listing.
Finally, find out who is behind the coin. Whether these are the developers, backers, partners, or board of directors, most legitimate coins will have trustworthy names associated with the project.
Update: Managing the Log4j Vulnerability
Why Hackers Love the Holidays
Securing the Cyber Supply Chain