When the first cryptocurrency was created in 2009, one of its selling points involved its heightened security protocols. Some supporters were even saying that crypto’s protocol could not be hacked and it would be impossible to breach its safeguards.
12 years later, it’s clear that crypto, like everything else online, is susceptible to hacking. Intertops online Games users and other observers have been tracking the exchanges as the crypto’s vulnerable points but recently it’s become clear that the peer-to-peer crypto platforms are the weak link.
In August Poly Network, a DeFi site, saw $610 million disappear through DeFi, the decentralized finance platform said that all of the funds had been returned – Poly Network subsequently offered the hacker, “Mr. White Hat,” a job as “chief security advisor.”
But the success of Mr. White Hat pointed out some of crypto’s vulnerabilities, especially pertaining to DeFi sites where users borrow, lend, and save while taking advantage of DeFi technology which offers cheaper and more efficient access to financial services.
DeFi Sites
DeFi sites are decentralized blockchain-based forms of finance. Instead of relying on brokerages, exchanges, and banks to offer traditional financial services, they utilize smart contracts on blockchains.
There have been concerns about the security of Defi sites for years. Critics say that there are exploited flaws in DeFi contracts that occur when the value of tokens within the pool is calculated. Private keys are frequently leaked or stolen and access controls are often missing or implemented in a way that gives an attacker the means by which to bypass them.
DeFi sites are vulnerable to front-running attacks in which the attacker finds transactions that are open to exploitation. Defi sites have proven open to an attack vector known as the “51% attack” in which the hacker acquires the majority of the blockchain’s computational power, makes their own version of the blockchain that grows faster than the legitimate one, replaces it under the longest chain rule and rewrites the contents of the distributed ledger as they wish.
DeFi users can also be victimized by the owners and developers of the protocol itself. These “rug pull” schemes involve someone from inside the company draining value from the protocol and then disappearing, leaving the victims with no recourse.
Exploiting Bugs
The Poly Network heist has heightened awareness of how DeFi sites are to attackers. While centralized exchanges – the exchange center that facilitates crypto transfers — were once the main targets of cyber currency attacks – their ability to bolster security has made DeFi the new frontier for cyberhackers. The attacks come as funds pour into DeFi.
According to analysts, the new DeFi sites are most at risk of such hacking attacks. Their code isn’t always as secure as that of older sites and, said Rune Christensen, former head of DeFi application Maker, “There is a widening security and risk gap between old, battle-tested DeFi protocols and new, untested DeFi protocols.
Government Oversight
Governments and financial watchdogs that are looking for ways to regulate the currently-unregulated crypto sector are getting ready to step in as it seems increasingly clear that DeFi cannot police itself.
Gary Gensler, chair of the U.S. Securities and Exchange Commission (SEC), wants to start taking a tough stand on DeFi.
In an August 3rd speech at a national security conference hosted by the Aspen Institute Gensler served notice that he will use every type of authority available to him – including requesting additional authority through Congress – to prevent transactions, products, and platforms from falling between regulatory cracks.” Gensler accused the crypto asset class of being “rife with fraud, scams, and abuse in certain applications” and continued “right now, we just don’t have enough investor protection in crypto. Frankly, at this time, it’s more like the Wild West….if we don’t address these issues, I worry a lot of people will be hurt.”
The U.S. Commodity Futures Trading Commission is also signaling plans to increase oversight over crypto. Commissioner Dan Berkovitz has referred to DeFi as a “Hobbesian marketplace” and suggested that unlicensed DeFi platforms could be violating commodities trading laws.
Many analysts, including those who have been friendly to crypto and some who work within the industry itself, see oversight as inevitable. Tim Swanson of blockchain firm Clearmatics admitted, “The unfortunate situation is that (Poly Network) was seen as just an average Tuesday in the DeFi world…..The industry likes to congratulate itself by claiming it resides on transparent systems, but it has repeatedly shown it is incapable of policing itself.”
North Korea
North Korea is widely believed to be the largest source of cryptocurrency theft and hacking and the efforts are, experts say, state-sponsored. The Democratic People’s Republic of Korea has been escalating its operations which center on stealing and laundering cryptocurrencies. The efforts are allowing the North Korean government to bypass the economic sanctions that many countries have placed on them.
A United Nations 2019 report estimated that hacks, ransomware attacks, and outright theft netted Pyongyang up to $2 billion which they then convert into crypto and cash out through overseas operatives. Madeleine Kennedy, senior director of communications at crypto forensics firm Chainalysis believes that the lower estimate is likely understated. “We are confident they have stolen upwards of $1.5B in cryptocurrency. It seems likely that DPRK invests in this activity because these have been highly successful campaigns.”
The U.S. Department of Homeland Security believes that a new DPRK-sponsored hacking group, BeagleBoyz, has been behind several high-profile cyberattacks, stealing almost $2 billion since 2015 by targeting banking infrastructures such as the SWIFT system and ATMs. They use the DDoS botnet infrastructure – DeltaCharlie – to target DDoS botnets, remote access tools (RATs), keyloggers, and wiper malware via Adobe and Microsoft Windows software.
It’s believed that there are several hacking groups but the attack vectors are similar. “Initial access to targeted financial organizations is gained using spear-phishing — either via emails with a malicious document masquerading as a job offer or via personal message on social media from a person pretending to be a recruiter,” explained Anastasiya Tikhonova, head of APT Research at Group-IB, a cybersecurity company. “Once activated the malicious file downloads the NetLoader.”
An additional upcoming threat is JS-sniffers — a malicious code that steals payment data from small online stores and exposes the personal data of everyone engaged in the transaction.
No one knows exactly how much has been stolen from crypto exchanges, it’s not an exaggeration to say that it totals billions of dollars. Not all of these attacks have been traced back to the DPRK but several have. The U.S. Department of Justice issued a statement in August 2020 that indicated that North Korean hackers had been using a Chinese money-laundering ring to launder $250 million via various digital wallets by converting traceable cryptocurrencies into privacy coins like Zcash or Monero.
There are many questions regarding the current hacking activities but one thing is clear – the hacking groups are expanding and their operations are branching out as their methods prove to be successful. It’s to be expected that in the coming years, they will continue to expand their capabilities.