Blockchain’s promise of transforming numerous industries is inevitable. It will enhance some and disrupt others. The technology, which is the backbone of most cryptocurrencies, is expected to disrupt the global financial system due to decentralization, the elimination of the middleman (banks), the cutting of fees taken by these middlemen, the borderless potential, and the ownership of those assets directed between peers. Despite the benefits, however, crypto hacks remain a problem that can’t be ignored.
Thanks to this innovation, cryptocurrencies have become a major candidate that could pose a significant challenge to the current backing system.
Cryptocurrencies are stored on a decentralized, open and transparent ledger. Ownership is determined by private passphrases acting as a digital signature, which in some cases, are as long as 50 characters.
The personal ownership and responsibility of securing one’s funds, however, has introduced opportunities for cybercriminals to steal from individuals who haven’t taken the proper measures to ensure the safety of their holdings. Strategies such as phishing, hacking cloud-based notes, and/or breaching text files storing the private key on the victim’s device still pose a significant risk to anyone holding digital assets.
Even though cryptocurrencies do introduce far more advantages than current banking system, they often lack the luxury of employing a central authority to help in retrieving stolen assets.
Vulnerabilities on exchanges account for the vast majority of hacks. This is because exchanges retain ownership of assets on hot wallets, or online wallets.
We have seen numerous hacks on exchanges, leading to the loss of $781 million dollars so far in 2018. Even exchanges which have made notable efforts to improve their security have fallen victim to attacks.
Bitfinex, for example, attempted to safely store private keys on cold wallets, however cybercriminals still managed to breach the system, resulting in significant losses for some customers.
One major issue with losing a private key stored on a cold wallet is that there is no recourse. There is no central authority to blame and, in most cases, no way to recover the funds due to the complexity of the crypto-market’s borderless nature.
Hacking a cold wallet can occur in multiple ways, such as, compromising the device that stores the private key file or impersonating online wallet services such as myetherwallet.com. The use of social engineering often plays a major role in obtaining a users’ private data. In addition to phishing schemes or other social hacks, malicious actors may use man in the middle attacks or supply chain attacks to gain access to a victim’s funds.
Buying a hardware wallet that may have been used before is a prime example of a man in the middle attack. This means the private key is known by someone else. To prevent this, it is important to ensure that a cold wallet has never been used by purchasing directly from a manufacturer and generating a fresh key before transferring funds to the device.
Taking the necessary precautions greatly reduce the chance of losing crypto through hacks, but it’s still not impossible.
Users could still fall victim to supply chain attacks, or instances in which bad actors installed foreign hardware within the device. While no such attack has occurred yet on cold wallets, the famous China chip breach highlights the possibility. This has been confirmed by Ledger in a vulnerability test, revealing the possibility to compromise a device in a which could result in the loss of funds.
There are many strategies that could be enacted to ensure the safeguarding of a wallet either stored on a device or on an offline hardware wallet such as Ledger, however, there needs to be ways to track and retrieve stolen assets if something happens.
Some have suggested that increased oversight on centralized exchanges to prevent hacks, facilitate the tracking, freezing, and retrieval of stolen assets could be a solution. The recent capture of a British hacker by the help of the state of Delaware is a prime example of how a governmental role in the crypto space could help retrieve funds.
Additionally, the development and use of decentralized exchanges could greatly reduce risk for individuals.
Another solution would be for hardware wallet manufacturers to take advantage of the power of blockchain to enhance their security to safeguard from the possibility of supply chain attacks, man in the middle attacks, and insider attacks.