Cat and mouse – As scammers step up their game, crypto security must keep pace

0

Leading blockchain security firm Chainalysis recently released the first look at its 2022 Crypto Crime Reports, and while there are some signs of progress, it makes for sober reading. In absolute terms, 2021 was the worst year yet for crypto-based crime, with the total value received by illicit addresses reaching an all-time high of over $14 billion.

After a difficult year, Odey Asset Management ends 2021 in style

For much of the last decade, Crispin Odey waited for inflation to show up. The fund manager was positioned to take advantage of the rising prices of its flagship hedge fund, the Odey European fund, and tried to warn its investors of inflation risks through its Read more

Seen from another angle, the scenario could be read as more positive. In 2021, cryptocurrency adoption rates have skyrocketed, while the rate of increase in crypto crime has not kept pace. This means that in relative terms, the percentage of all crypto transactions involved in crime has actually decreased compared to previous years.

However, there are two important caveats to assuming that Part Two represents undiluted good news. First, Chainalysis warns that 2021 data is still coming in, so it’s possible the numbers could go up further. Second, the increase in crypto crime, even as a relatively smaller part of the industry as a whole, is bad news and the detail of the Chainalysis report reveals that scammers are finding new and innovative ways to exploit the system in order to that even the most experienced users can find themselves falling prey to the latest exploit.

DeFi Hazards

So what is changing? Figures show that a few years ago, centralized exchanges were the main targets of hackers. While the amount of funds taken from exchanges remained similar over the years 2019 to 2021, DeFi thefts increased by 1,330%, representing a massive attack vector for the crypto space.

One of the largest and most audacious examples of a DeFi heist occurred in August 2021, when hackers exploited a vulnerability in the smart contracts underlying Poly Network. The move was very technically sophisticated – techies might want to digest a great yarn from Ethereum researcher Kelvin Fichter who breaks down the methodology. Ultimately, this allowed attackers to steal funds in over a dozen different tokens and direct them to three wallet addresses on different blockchains.

Poly Network later announced that the hackers returned the stolen funds, saying they only hacked the protocol to expose the underlying vulnerabilities. However, analysts highlighted an attempted transfer to one of Curve’s liquidity pools that was rejected, indicating that the hackers may have found themselves unable to launder such a large amount of stolen funds.

Cashing in on the on-screen hype

Of course, DeFi is not the only vulnerable area. As general levels of euphoria rose in 2021, token scams have once again become more prevalent – ​​in some cases reminiscent of the bad old days of 2017 of ICO scammers. Squid Coin was an example.

The project saw the light of day at the end of October, taking advantage of both the hype surrounding the Netflix show Squid Games and the current boom in play-to-earn games in the crypto industry. But this was all just an elaborate rug draw. After pumping over 75,000% in a single week, the token crashed in less than a second, leaving investors with a worthless bag.

How can crypto users avoid getting on the wrong side of a scam like this? Obviously, the state of mind is part of it. It’s all too easy to get caught up in the euphoria of a bull market and believe that every token is going to the moon. And the age-old adage of “not your keys, not your crypto” seems to be pretty well known by now – even most newcomers know to avoid anyone asking for their private keys.

But as an industry, crypto needs to make sure it stays one step ahead of scammers and fraudsters. The industry is at a critical inflection point in adoption and regulation, and crypto crime will be an important consideration for regulators when determining the scope of any legal framework and its subsequent enforcement.

Balance between identity, security and privacy

One of the challenges we face is the binary choice between centralized crypto exchanges and their KYC processes and the pseudonymization of decentralized blockchain wallets. Neither is ideal. Centralized solutions leave a paper trail of asset identity and ownership that can be viewed and leveraged by anyone. In contrast, decentralized solutions are pseudonymous, which offers no way to indisputably tie a user to their assets, as private keys can be compromised.

Avarta aims to address the authentication and identification challenges that exist in the crypto space. It tackles the problem by introducing facial recognition into the blockchain wallet authentication process. Its flagship product is a biometrically secure multi-chain blockchain wallet, allowing users to consolidate all their cryptographic keys into a single wallet that requires no passwords or private keys. Ultimately, your face acts as a single sign-on for all platforms and the entire Web3 ecosystem.

Avarta’s solution has an additional benefit. By creating a unique and secure identity tied to an individual’s assets and transaction history, someone can finally use their blockchain assets as a way to prove their creditworthiness.

Improving security through privacy

Manta Network takes a different approach, using privacy-preserving technologies to give users greater assurance that they cannot be traced back to their assets and thus become a target for hackers. It uses zero-knowledge proofs to allow users to transact confidentially, something it has previously showcased in partnership with Acala, a DeFi protocol.

When a user moves their funds within the Manta Network, a zero-knowledge equivalent is created 1:1, so that when the user withdraws them, no one can trace it back to previous transactions that took place outside the Manta Network .

With the cryptocurrency industry growing at a rapid pace, it is positive that projects are tackling security challenges from multiple angles. As the Web3 ecosystem grows and develops, it will contain more value, and inevitably it will also continue to attract hackers and scammers. However, the ethos of cryptocurrency is committed to empowering users to take control of their own money. So, the most important piece of advice to users remains: don’t get carried away by the hype of new projects and tokens and always, always do plenty of research.

Updated

Share.

Comments are closed.