Many investors and people across the globe have been lured into the crypto realm through the attractive promise of being able to quickly increase their wealth tenfold (with high risks involved). While the promise is not completely untrue, it misses the point of why cryptocurrency has been an attractive store of value for many.
For most of the original people in this space, adapting to using crypto was done for reasons regarding the safety of their money and not to risk its safety in hopes of a wealth increase. Crypto was a solution to people who had been unbanked or lived in sanctioned countries with unstable economies. Crypto promised to be a stable form of money which people could bank with independently to mitigate the risk of funds being ceased by central entities.
While this ethos still exists, it has become lost in the gold rush of the crypto space and the results are striking.
Can crypto be hacked?
Yes, it is possible for crypto to be hacked. As the name “crypto” suggests, it is difficult to hack crypto. Well… at least sometimes.
It was revealed in a report by Cryptoslate that, in 2021, there were 251 hacks–most of them favouring Decentralized Finance (DeFi) platforms. In total, around $3.2 billion in crypto was stolen. These stolen funds did not just come from the DeFi platform’s treasury but also from their user’s accounts.
So far, in 2022, there have been about 65 hacks amounting to a whopping total of $1.7 billion.
To make matters worse, these 316 security breaches do not even include the individual people who have had their main crypto wallets hacked.
Is this the price we have to pay for emerging new tech?
Over the past year, projects in the crypto space have been emerging rapidly with everybody rushing to be the first. The problem with this is that it causes a lot of negligence and carelessness in the development of products. Rather than spending the maximum amount of time to deliver the most robust platform, builders are competing to see who can spend the least amount of time to catch the wave of a trend.
Despite this, the promise of crypto still remains to be that you will no longer have to worry about your money because of revolutionary cryptographic technology that cannot be cracked.
So, if crypto is so smart, why do the platforms keep getting hacked?
How do hackers steal crypto?
Scams vs direct theft
The easiest way for attackers to steal crypto is by scamming using sociotechnical methods. This method is similar to standard internet phishing schemes. Sometimes it also involves activities such as cyberstalking.
Due to their simplicity, scams and phishing schemes are more common in crypto theft than direct hacking.
The more complicated way for cybercriminals to hack crypto is to get control of a platform’s assets by directly attacking its smart contracts.
Types of crypto hacks
Smart contract coding mistakes
The majority of blockchain infrastructure is built on smart contracts. Smart contracts are self-executing programs of code which eliminate the need for human intermediaries to complete transactions.
Smart contracts are a relatively new tool in technology, so they are prone to have vulnerabilities.
While developers work hard to ensure the security of their smart contracts, they cannot always eliminate human error. Hackers take advantage of these errors to find coding mistakes in smart contracts. Due to the open-source nature of code for blockchain-based software, anyone is able to access the code and spot mistakes.
Security audits can help mitigate the risk, however, when it comes to blockchain software, even the tiniest of mistakes can cause major problems. If the foundation of a platform is insecure, then so is everything that is built on top of it. This makes smart contract hacking the most dangerous of hacks.
Mistakes in smart contract code are usually responsible for the largest crypto hacks.
These type of hacks usually occur on blockchain bridges, crypto exchanges and third-party applications such as hot wallets.
A 51% attack occurs when a crypto miner or group of crypto minors gain control of over 50% of the computer power to mine and process crypto transactions. These attacks are also known as majority attacks.
In the case of a 51% attack, malicious agents are able to block new transactions from being confirmed, block other miners from mining crypto and even reverse transactions to double spend cryptocurrency.
This sort of crypto hack requires a lot of energy, computing and coordination. Because of the logistics involved, 51% attacks are less likely to occur on large blockchain networks.
Targeted phishing attacks
Phishing attacks usually target a specific group of people, high profile crypto professionals or employees of a crypto company. Attackers will study these people’s activity and obtain their email addresses so that they can later send phishing emails.
For example, the attacker will send a phishing email posing as a crypto platform telling you that there is a problem with your account and that you need to click the attached link to fix it. If you connect your wallet to the phishing site attackers will be able to drain your funds. Phishing sites may also ask for private information such as your seed phrase or private key, which is information you should never give out.
Airdrops are a common gateway to stealing from a large group of people. Cybercriminals will pose as a crypto brand and create a fake dApp for you to claim an airdrop. To claim your fund from an airdrop you need to sign into the dApp using your wallet. Hackers are able to hijack the interaction by granting themselves access to your wallet.
Here are signs of phishing to look out for.
Top crypto hacks
1. Axie Infinity Ronin Bridge (2022) – $625 million
The largest crypto hack in crypto history was suffered by Axie Infinity in March 2022. The gaming platform’s Ethereum-linked sidechain, Ronin, was breached after hackers gained control over its cryptographic keys. Four out of nine keys were stolen after an Axie developer clicked on a fake job offer PDF.
2. Poly network (2021) – $611 million
The second biggest crypto hack ever was a $611 million heist from Poly network in August 2021. Mudit Gupta, a blockchain security researcher, observed that the thief found a way to buy crypto tokens on the Poly Network without selling the corresponding token on other blockchains.
3. Coincheck (2018) – $547 million
In Januarary 2018, Japanese crypto exchange, Coincheck, revealed that $547 million worth of the cryptocurrency NEM was stolen. The company revealed that they stored all funds on a hot wallet (a crypto wallet connected to the internet) which was heavy negligence on their part.
Following this breach, the Financial Services Association of Japan instructed all crypto exchanges to report on their security defense mechanisms.
Will crypto hacks stop?
Amidst the anticipation of a major global recession, crypto theft only seems to be on the rise. For the majority of us, this is a cause for extreme concern.
While mishaps are a natural feature of life, when it comes to our money, mishaps are a sensitive matter.
The reason so much crypto theft is currently occurring is mostly due to the fact that the technology is still new and in the process of being developed into something more robust. What we can expect out of this is a lot of error (and a lot of trial too). For these reasons, it is often advised to use crypto with absolute caution.
With more security protocols popping up and being able to learn from previous attacks, we can expect to see the occurrence of theft reduce.
In the meantime, it is also beneficial for the reasons for the theft’s occurrence to be addressed. Wealth inequality is a driving factor of theft and may be a common theme amongst cybercriminals. To mitigate the risk of crypto theft even further we can put in the effort to fill the wealth gap. Blockchain’s first step in this was by creating a way for everyone to have access to money. How can we all improve on this?
Crypto hacks may not stop entirely, but they can definitely be reduced.
Learn how to better secure your crypto assets here.