The crypto industry’s rapid growth has attracted increasing occurrences of cyberattacks, with one of the most notable being the case of Singapore-based Crypto.com which had more than US$31 million stolen.
The cyber threats faced by crypto firms not only come from cybercriminals acting alone but also state-sponsored hackers, according to a joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S Treasury Department. These agencies have warned cryptocurrency businesses to watch out for attacks from North Korean state-sponsored hackers. With crypto being where the money is – online games, stablecoins, and crypto wallets – everything is fair game for hackers who exploit their weak spots and are trying to hit the jackpot.
Consequences of cyber attacks
Cyber incidents, such as the one suffered by Axie Infinity, underscore the mounting challenge to implement security-by-design in web3. The growing list of breaches stem in part from errors in writing web3 code, which are undermining one of the greatest promises of blockchain – enhanced security. As a result, the technology’s progress towards mainstream acceptance has been held back.
DeFi, which aims to provide an alternative to traditional financial systems, has become an attractive target for cyberattacks, thanks to the billions of dollars locked up in the various applications which are also largely run autonomously. Such high profile cyber incidents also cause venture capitalists to hesitate before investing in these platforms, as they highlight the underlying security weaknesses in blockchain services, especially with blockchain bridges. These recurring strings of cyber incidents within the crypto industry serve as a wake-up call for investors and web3 companies alike. Prioritising capital investments toward securing their highly complex systems will be imperative, not only in guarding against cybercriminals, but also in providing peace of mind to both users and investors in the platforms.
As new technologies continue to emerge, companies’ cybersecurity needs will only increase. Blockchain, cryptocurrencies, AI and privacy-preserving technologies have since disrupted the financial crime threat landscape, facilitating new criminal methods as a result. In the dark web, which is utilised to facilitate cybercrimes like ransomware and scams, bitcoin remains a major payment instrument. Furthermore, Fast Layer 2 payment, anonymous-enhanced wallets and coins, and DeFi can also serve as criminal tools, thanks to the pseudo-anonymity they confer upon their users. Last but not least, organisations need to be vigilant and protect their information from cyber fraud, as fines and legal trouble are the result when sensitive material like personal and financial information are stolen and corrupted.
To secure crypto firms against cyberattacks, it will be crucial to put in place adequate protections and train employees in proper cyber hygiene. However, in spite of the most advanced cybersecurity measures, a cyberattack can still occur as long as an opportunity presents itself to hackers.
Defending against cyberattacks
The first layer of defence is always a robust operational security process through security-by-design, an approach that seeks to minimise system vulnerabilities and reduce the attack surface through designing and building security in every phase of the systems development lifecycle. In this regard, a third party’s perspective may identify vulnerabilities that might have been missed by internal cybersecurity teams. We assume that the system may be always under attack and design it so that it quickly recovers and keeps its most sensitive data secure, with proper verification and testing done before deployment rather than as an afterthought to incidents that have already occurred.
The second layer of defence will constitute the company’s capacity to trace and retrieve stolen proceeds or private keys from the dark web, as well as its ability to identify and apprehend perpetrators. In the aftermath of a cyberattack, it is critical that companies respond by understanding how the cyberattack occurred, how quickly hackers are able to access crucial and sensitive datasets as well as how easily accessible bank accounts are. The speed in which crypto firms can recover from a cyberattack will also depend on the company’s recovery and resilience strategy.
The current trend of increasing globalisation and transaction fragmentation has raised questions as to how an information position can be sustained and how emergent technologies and solutions can be utilised to better secure financial systems. When it comes to financial crime, virtual asset intelligence — which comprises anti-money laundering red flag indicators, collective transaction monitoring, blockchain data analytics, dark web intelligence, smart analytics and AI — can be employed to extract strategic insights and operational perspectives from large, distributed data sets in an efficient manner. Dark web intelligence, such as cryptocurrency and IP addresses, as well as in-depth analysis on the relationship between cyberattacks and financial crimes like ransomware attacks, will also be key in delivering better-informed virtual asset intelligence positions for crypto companies.
A good intelligence position will be essential in gaining a better understanding of cybercriminals’ modus operandi, and this will require threat intelligence feeds through dark web monitoring, as well as crypto asset analytics, which will form the key inputs for companies’ prevention and protection regimes as well as their recovery and resilience strategies to avoid recurrence of such hacking incidents.
Recovery and resilience strategies
High profile cyber incidents, such as the ones experienced by Axie Infinity, Crypto.com and numerous others have already impaired investor and venture capitalists’ confidence in the space. These incidents can also be devastating for companies, as revealed by the comment from DeFi Beanstalk’s developer that its funds for the project had been wiped out.
For companies to regain investors’ and consumers’ trust, as well as to continue driving technological innovation in areas such as web3 and DeFi, they must not only increase investment in cybersecurity measures but also put in place effective recovery and resilience strategies. While a robust cybersecurity regime may deter most hacking attempts, hackers are opportunistic in taking advantage of any vulnerability that is uncovered. As such, a strong recovery and resilience strategy will ensure that crypto and DeFi firms are able to rebound from hacking incidents with minimal disruptions to their operations, mitigating losses for their investors and users.