In 2020, the crypto industry was no stranger to cyber-attacks and cybersecurity breaches. Hackers made off with millions after hitting the KuCoin exchange in September.
A range of DeFi (decentralized finance) platforms — Balancer, Opyn, Akropolis, and others — also received more than their fair share of drama throughout the year.
By 2021, a range of cybersecurity specialists and crypto industry personalities predict that 2021 will also experience a healthy (or unhealthy) number of cyber-attacks. And while the increase in institutional investment may rise in exchanges, further enhancing their security standards and measures, we’re likely to see an increase in attacks against DeFi platforms, smart contracts, and individual users.
2021: A new target emerged – DeFi
The first prediction for 2021 is that, while attacks on exchanges will either remain stable or decline (at least with established exchanges), attacks on DeFi platforms and protocols — particularly new ones — will rise. This is the view of John Jeffries, Chief Financial Analyst at crypto/blockchain security intelligence company CipherTrace.
As reported, according to the company, losses from cryptocurrency thefts, hacks, and fraud declined to USD 1.8bn for the first ten months of the year compared with last year, but crime in the DeFi sector rose. In 2020, DeFi hacks make up 21% of the 2020 hack and theft volume. In the second half of 2020, DeFi took up 50% of all thefts and hacks (USD 47.7m or 14% of hacked volume).
He stated that,
“The hype around DeFi is reminiscent of the ICO craze of 2017 in the sense that many DeFi protocol creators are launching too quickly, neglecting to perform necessary smart contract security audits.”
Jeffries said that DeFi’s problems would mostly worsen in the short-to-medium term since, unlike the brief ICO boom, decentralized finance is touted as a significant innovation and is estimated to grow significantly in the coming years.
He added,
“DeFi is experiencing the growing pains of expanding too quickly and there simply are not enough qualified smart contract authors and auditors creating quality assurance problems.”
2020: Going back to the present on what experts asserted
At the end of 2019, experts predicted that 2020 would continue to witness a steady number of attacks on exchanges without necessarily seeing an increase.
This has mostly been borne out by reality, with not only KuCoin suffering a pretty high-profile breach, but also Cashaa, Eterbase, 2gether, and Altsbit, which was forced to shut down as a result of its February hack. Most of these exchanges may be reasonably small, but they show that hackers still have exchanges in their sights, even if the most prominent platforms have perhaps learned how to protect themselves better.
Experts also predicted a noticeable increase in 51% attacks. It would be a stretch to say that this forecast was mostly accurate because even though the likes of Ethereum Classic (ETC), Bitcoin Gold (BTG), and Grin (GRIN) suffered 51% attacks this year, there wasn’t a significant uptick in exploits compared to previous years.
Related to the growth in attacks on DeFi platforms is a likely growth in smart contracts targeting, which DeFi platforms generally use.
“As smart contracts become even more popular there is a very good chance that hacks will continue to exist, and with more contracts, there will be more hacks,” said Mathieu Hardy, Chief Product Officer at trading platform Osom.finance.
“Developing smart contracts is more akin to developing hardware than software and it will take a while for the software industry to adapt to a new way of working.”
Pavol’ Stick’ Rusnák, Co-founder and Chief Technology Officer of SatoshiLabs, the Trezor hardware wallet maker, also said it’s inevitable that hacks on smart contracts and new DeFi platforms will rise in 2021, particularly with new start-ups rushing to capitalize on the DeFi boom.
He stressed,
“It’s impossible to write a secure smart contract or decentralized exchange if your team has only a handful of people. And still, we see more and more people pouring their money into systems that have not received peer review and security scrutiny.”
Conversely, Mathieu Hardy added that we should likely see a gradual decline in attacks on exchanges, enormously as competition increases to attract the influx of new institutional and retail money.
He stated that,
“When it comes to exchanges, we do expect market pressure (people will choose better exchanges) as well as better regulations (we see a lot more pushes worldwide to have exchanges regulated more like traditional payment institutions) to change the landscape sooner than later. We are ourselves regulated and, when it comes to security, have ourselves adopted the practices most of the useful rules that apply to payments institutions.”
The main gap – Users
The cryptoasset market is on the up, enabling exchanges and other platforms to invest more in security in 2021. Simultaneously, the increase in cryptoasset prices will provide (potential) hackers with greater motivation to attempt hacks, scams, and thefts.
John Jefferies cited that,
“Crypto price rises this year will clearly attract more bad actors to target cryptocurrencies, holders, and exchanges, but the institutionalization and regulation is rapidly improving crypto cybersecurity,”
The result of these parallel developments — improved security and greater incentive to steal — will be that individual users and holders will increasingly become cybercriminals’ targets.
Mathieu Hardy stated that,
“The biggest security challenge, as in most mature industries, will be designing systems that are safe enough that they can keep users from hurting themselves. Because like today in ‘financial hacking’ most of it is done through social engineering and getting you to install crappy software,”
This assessment is shared by Jefferies, who also suggested that users “will continue to be the biggest security challenge,” primarily as a result of phishing scams, which will again try to target administrators of platforms.
Jefferies also warned of the ongoing prevalence of investment scams, which will be fed by the continued growth of the DeFi sector.
He added that,
“Investment scams continue to be the most prevalent crypto crime in which bad actors take advantage of users’ FOMO [fear of missing out] and desire to ‘get rich quick’ to entice them into participating in fraudulent investment platforms.”
Regulatory uncertainty
This whole picture will be complicated by the regulatory uncertainties surrounding DeFi, which may ultimately increase hacks under reducing accountability.
John Jefferies mentioned that,
“DeFi presents a regulatory challenge, as there are many unanswered questions about whether DeFi protocols will be treated the same as CeFi (centralized finance) platforms and who should be held responsible when there is a lack of compliance, negligence, hack, or a protocol is used to launder stolen funds.”
Even with the risks 2021 will bring, it’s likely that at least a portion of the crypto community will begin to become more aware of the issues surrounding security.
This should begin to take matters more into their own hands by not storing significant amounts of their crypto wealth on exchanges and moving it to a hardware wallet.
No Comment