How Can Cryptocurrency Prevent Hacking? Is It Even Possible?
Similar to what we see in more established businesses, security must be a part of a crypto company’s budget from the start.
Following the $615 million theft of the well-known blockchain game Axie Infinity, cryptocurrency was once again in the news for being a risky, hackable sector. There is no question that the developing DeFi industry should prioritize security, just like any other industry. To put things in perspective, though, is crucial. Heists and hacks are not just a crypto phenomenon. They are extremely prevalent in many other businesses.
— The Trading Block (@TradingBlockCo) March 30, 2022
Compared to the banking sector, DeFi, which began in earnest about three years ago, is still relatively young. The “mature” banking sector was, and still is, vulnerable to significant thefts and breaches.
Several examples spring to mind: Between 2015 and 2017, there was a constant stream of hacks on the SWIFT system. These hacking attempts included one on the Bangladesh Central Bank for about $1 billion, another on the Union Bank of India for $170 million, and one on Bancomext Mexico for $110 million. These prominent instances, which each got significant international media coverage, resulted in the majority of the money being recovered.
In addition to these heists, data hacks continue to be common, especially at large banks and businesses where robust cybersecurity procedures ought to be in place. For instance, JP Morgan, a bank that invested $250 million in cybersecurity in 2014, experienced a massive hack that year that resulted in stock manipulation.
The FBI’s 2021 Internet Crime Report, published at the end of March, indicated that American victims reported $6.9 billion in damages to the FBI last year due to cybercrime and internet fraud. Less than 4% (32,400) of the 847,376 complaints received were about cryptocurrencies, despite the common perception that cryptocurrencies are an oddity in terms of security.
However, the crypto industry shouldn’t exploit these examples as a justification to savor its success. We can take steps to at least lessen the security threats. It’s crucial to realize that the majority of cryptocurrency hacks target Layer-2 protocols rather than Layer-1 blockchains. These hacks result from two types of mistakes: a coding flaw (as was the case with the $600 million Polynetwork hacks) or social engineering (as seen with SkyMavis). According to Web2, these are not hacks affecting the entire internet’s infrastructure but rather one specific website, like Facebook.
The cryptocurrency sector can better protect these assets in a number of ways. One of the items with the fastest time to market is crypto protocols. In some circumstances, an idea may become a working product in as little as three months. Although this innovation is moving quickly, there are obvious risks involved, especially when fledgling businesses manage hundreds of millions of dollars in user money without any operational or risk-monitoring frameworks. Therefore, it is crucial that the sector equips itself with the right tools.
The industry can use several different strategies to stop these hacks from happening.
Similar to what we see in more established businesses, security must be a part of a crypto company’s budget from the start. According to NTSEC, 6 to 14 percent of the total IT budget is presently allocated to cybersecurity in non-crypto companies. We would anticipate that this sum is considerably higher given the characteristics of cryptocurrencies and the extent of client funds.
Many people in the cryptocurrency sector are aware of these hazards. Decentralized insurance protocols that leverage risk-sharing pools or structures akin to credit default swaps to protect against risks, from a wallet and smart contract breaches to hacks of centralized exchanges, have emerged as a result of the growth in hacks. People, organizations, and the protocols should start considering how they can use or work with such protocols.
More specifically, protocols should use testing, testing, and more testing to prevent code problems. At least two auditors should perform code audits for protocols. Businesses can also use their communities by setting up bug bounty hunts, where a protocol urges highly trained community members or hackers to find security vulnerabilities while rewarding them proportionately. Protocols could also be used with bug-hunting businesses like Immunefi.
Unlike more traditional enterprises, protocols should and can have a real-time picture of their risk. This entails enhancing their controls with instrumentation so that a larger proportion of their systems and processes are engaged in real-time network monitoring. In the case that monitoring is often evaluated at a single point rather than continuously, this is a level above most sectors. This should be the case when a protocol controls hundreds of millions of users’ dollars.
Employee awareness-raising and training are essential for protecting against social engineering and phishing. The crypto sector should make the completion of basic cybersecurity training mandatory. This should involve regular online modules and reminders that teach about data privacy and different types of social engineering. Remember: Human mistake accounts for 95% of hacks.
Cryptocurrency investments have attracted a lot of money, and protocols must be aware that they are vulnerable to assault. On CryptoTwitter, a statement goes, “It is not IF, it is WHEN a protocol will be hacked.” Therefore, founders must not only anticipate attacks and organize accordingly but also presume that some of them will be successful. They must therefore prepare for the required healing side as well.
Cryptocurrency may be new, but it is expanding at a never-before-seen rate, with total money invested in DeFi increasing by over 1,200% in 2021 and topping $240 billion. We must continue to take security issues lightly. Security must now be a priority for protocols, both financially and strategically. Otherwise, the entire sector would suffer severe reputational, financial, and regulatory harm that could seriously impede its growth if not completely eliminated.