This article comes from the WeChat public account Laoyapi (id: laoyapi).

This article comes from the WeChat public account Laoyapi (id: laoyapi).

Hacking attacks on cryptocurrency companies have exploded since January, raising questions about the security of blockchain and web3 technologies.

When the controversial cryptocurrency exchange Crypto.com (yes, the one with NBA star LeBron James) discovered it had been hacked on Jan. 17, the alert didn't come from its monitoring tools.

An inside source reports that the company has become aware of an intrusion into its systems by actor, investor and cryptocurrency enthusiast Ben Baller.

In a since-deleted tweet, Baller said his account was compromised and he lost nearly $14,000 worth of ethereum, the second most popular digital currency. He also claimed that he had enabled two-factor authentication. All in all, I just want to express a sentence, this mistake does not lie with him.

Three days after the hack, the Singapore-based company acknowledged in a blog post that more than $35 million worth of cryptocurrency had been stolen by hackers."On its website, however, Crypto.com touts the fact that:"。

SAFETY FIRST, ALWAYS

Currently, the company declined to comment.

The setback for Crypto.com reflects the dismay of a nascent industry that sees itself insulated from cybersecurity concerns because of its founding principles: open source, transparency, and decentralization.

Wormhole and Qubit issued bounties to hackers.

secondary title

Bugs and Vulnerabilities"Cyber ​​risk is a risk that investors in crypto assets can no longer ignore."Everyone is talking about it. It has indeed become a pain point, and even a bottleneck preventing mainstream companies from embracing it,

Ronghui Gu, an assistant professor at Columbia University and co-founder of blockchain security firm CertiK, said in an interview.

He noted that in 2020, the value of financial losses related to software vulnerabilities in the blockchain industry was $500 million, a figure that tripled in 2021. "And that number may increase again this year," Gu warned.

The industry agrees on one point, blockchains, especially the more established ones (Bitcoin and Ethereum), have never been hacked.

"Bitcoin has been around since 2009. Also, it's never been hacked. I think you could say it's one of the most securely designed computer systems ever. It's completely open, transparent and unencrypted." Dr. Owen Vaughan, director of research at nChain, Europe's leading data integrity and blockchain development company, said, "It contains very valuable assets. A super large honeypot, but it has never been hacked. So it has never been hacked. It was designed to be very, very safe from the start."

Without being able to hack into the blockchain itself, hackers would target the wallets where users store their crypto assets on exchanges. In order to understand this process, the old yuppie will give you an example, such as a car is a blockchain. If you lose your keys at a restaurant or elsewhere and later find that the belongings left in them were stolen, it's not that your car is badly secured. Such hacks occur on cryptocurrency exchanges because they contain a large number of assets controlled by private keys.

“Decentralization is a world-scale computer that no one can stop. That’s both good and bad,” Gu said.

secondary title

Bridges between blockchains are very fragile

Hackers exploited a weakness to attack Qubit and Wormhole by developing an infrastructure to allow different blockchains to talk to each other. It was this bridge connecting the Solana system to Ethereum that the hackers targeted in the Wormhole case.

The way bridges work is that assets are locked on one blockchain and copied to another. You basically have this composited or wrapped version, or cloned version. It is impossible for this asset to be used twice at the same time. So you need to effectively ensure that there is a one-to-one computation on each blockchain.

"Bridging attacks happen a lot because people can forge, or just fake amounts to join in, so that's what happened with this Wormhole bridge. So it's not really a problem with the Solana blockchain." CEO of Skale Labs, an ethereum scaling project Jack O'Holelan said.

Hackers are also taking advantage of new financial instruments that are being created, for example, flash loans are a new type of loan where you don’t need any collateral and you pay back the loan almost instantly.

"They can manipulate it to their advantage. That's one of the biggest flaws. Since we're talking about China today, China has the most processing power miners. They also have a very powerful one in terms of 5G and in terms of equipment. block infrastructure. So, collectively, they have the capacity to handle more than any other country in the world,” Sternhell argued.

secondary title

NFT prices are easily manipulated

In the NFT world, where artwork is typically created and then traded on the blockchain, scams abound. One in particular stands out: fake trading, as it manipulates prices by inflating asset values ​​and playing with FOMO (fear of missing out), one of the mantras of the crypto space.

Sham trading is when a seller paints a misleading picture of an asset's value and liquidity in terms of the situation between the two parties in the transaction. In the case of NFT fake trading, the aim is to make one's NFT appear to be more valuable than it actually is by "selling" it to a new wallet that the original owner also controls.

"In theory, this is relatively easy for NFTs, as many NFT trading platforms allow users to simply connect their wallets to the platform and trade without identifying themselves."If I see an NFT on the blockchain being sold for $10 or $1000, maybe I sold it to myself, how do I know someone actually forked the money? And how do I know what its value is? How do I know the market is not being manipulated?

Blockchain analysis firm Chainalysis said the popularity of NFTs skyrocketed last year, with at least $44.2 billion worth of cryptocurrency being sent to ERC-721 and ERC-1155 contracts, two ethers associated with NFT marketplaces and collectibles. Fang smart contracts, up from $106 million in 2020.

secondary title

Privacy and Accountability

To identify NFT scams, law enforcement used the same methods used to track money laundering. They try to follow a pattern of behavior, each time asking the question what is the utility of one NFT or another.

“One key word that we missed was utility,” said Bill Callahan, a law enforcement veteran who now works at the Blockchain Intelligence Group. With businesses like that, we're always playing catch-up because the bad guys get the upper hand. Money launderers beat us because they have ideas, they have money, and they know no borders. "

One thing that is paradoxical in the world of encryption and web3, the flip side of hacks and scams is that at the heart of these new technologies happens to be the anonymity and privacy granted to participants.

For example, it was revealed at the end of January that the chief financial officer of popular DeFi project Wonderland was an ex-convict.

There are many web3 and blockchain projects that are anonymous. It all started with Satoshi Nakamoto, the man who developed Bitcoin. Their identities remain unknown to this day.

The most common argument in the community in favor of pseudonymity is that it must be the ground rule to develop a decentralized internet and financial services by taking back power and control from Silicon Valley and Wall Street to provide users with privacy. Because, defenders say, the requirement to reveal or demonstrate a person's identity is where centralized systems have an advantage. This is what allows them to exclude large populations. Therefore, privacy must be available to everyone in the new model.

O'Holleran disagrees.