Since crypto has grown in popularity, there have been many notable hacks that targeted the industry’s exchanges, wallets, and users. Even if crypto security has come a long way, will 2020 be the year when all users will be worry-free of hackers and attacks?
Cryptography is considered the fundamental basis of informational security, but it does not mean that all aspects regarding crypto are secure at all times. Crypto exchanges, in particular, have been regularly preyed by hackers, and even some cryptos experienced the rare 51% attack.
A Recap of 2019
Security experts rightfully forecasted that 2019 would see an increase in crypto-mining malware focused on Internet-of-Things (IoT) devices.
Raj Samani, McAfee’s Chief Scientist, explained how the cases of cryptojacking will also become more frequent because of increase in numbers of IoT devices in homes and businesses and their lack of strong security.
These speculations came to be true, as in the Threats Report released by McAfee in August showed a 29% increase in crypto-jacking from Q4 2018 to Q1 2019, but this wasn’t all due to the rise of IoT-targeted attacks.
While there was a drop in hacks and data thefts in Q3, the crypto industry lost in 2019 a whopping $4.4 billion, according to CipherTrace’s Cryptocurrency Anti-Money Laundering Report.
It is expected that hackers will also focus more on stealing personal info and data, so they can directly hack user accounts and withdraw the funds into their own wallets.
“While hackers usually try to steal people’s money, they also frequently target or abuse sensitive personal information, as we saw with the BitMEX email leaks and the exploit of Coinmama, [a crypto trading platform] in early 2019,” said Charles Phan, Chief Technology Officer of Interdax cryptocurrency derivatives exchange.
He went on to say that attackers are constantly working to thwart the crypto security implementations of its targets, as it was noticed in May, when Binance lost $40 million in a hack.
“I suspect that exchanges will continue getting hacked as they have been for the last 8 years,” expects Bitcoin developer, Jimmy Song. Phan predicts that more crypto platforms, such as wallets, will be hacked this year.
Has Crypto Security Progressed?
Security has come a long way in the crypto industry over the past two years. Both exchange and wallet providers have improved their protection mechanisms by using procedures such as hardware- or software-based multisignature wallets, address whitelisting, encryption of operating environments, consolidation of operating procedures, wallet management systems based on multiparty computation protocols or hardware security modules, and many other methods.
After hacks, the addresses in which the stolen funds are siphoned are blacklisted by the community, which would stop hackers from trying to cash out the crypto.
But the technology that secures the platform and funds is not the only aspect which needs improvement. There should also be a change in enterprise-grade operational risk management and to improve the required verification procedures on individuals that can access customer assets on such platforms. This would mean segregating the roles between entities in order to avoid conflicts of interest and to conform to other basic business practices.
Hackers Will Also Evolve
While crypto security will come with new improvements in 2020, hackers will also try to find new methods of breaching the accounts of exchanges, wallets, and other crypto-related accounts.
“One major problem for many cryptocurrency exchanges is the absence of HTTP Security Headers, where data for the top 100 exchanges shows that just 11% have adequate security in this area,” stated Charles Phan, alluding to a security report released by CER. “We’d expect hackers to take advantage of this.”
It was also revealed that out of the top 100 cryptocurrency exchanges, only 40 have DNSSEC (Domain Name System Security Extension) implementation, while the rest of 60 lack proper records for their domains, which means they are susceptible to DNS (Domain Name Server) cache infection attacks.
2020 might also bring more sophisticated phishing scams and malware attacks.
“Phishing attacks are likely to become more sophisticated as criminals move away from using emails as their payload of choice to other methods such as the use of SMS messaging and social media to fool their victims,” Phan explained.
A 51% attack is when a single entity or group manages to get control of over half the hash rate of a blockchain. When you control more than half of the hash rate, you also control the confirmation of new transactions, and you can reverse transactions that have been completed, which would enable double spending of coins.
While these are rare cases, there have been several 51% attacks on cryptos, such as Verge, Vertcoin, ZenCash, Ethereum Classic, and the recent Bitcoin Gold case, where there were two double-spend attacks in less than 6 hours.
51% attacks can be easily conducted on coins with low hash rates or low network computing power, compared with their total amount of existing hash rate.
Jimmy Song projects that there will be an increase in these types of attacks next year, although hackers might fail to redirect fiat currencies to their bank accounts.
“The halving of BCH and BSV should make it very affordable to attack,” stated Song. “The question is how will an attacker benefit?”
“Usually this requires some financial gain, but the only way anyone has done that is through double-spending on exchanges. I suppose more of that could happen, but it’s not very popular since exchanges just up the number of confirmations.”- he concludes.
In terms of crypto security, Bitcoin will continue to stay safe from 51% attacks.
“Bitcoin has a lot of game theory going for it. It’s just very difficult to profit off of trying to attack Bitcoin. Altcoins, on the other hand, have a lot of problems. Most of them are centralized, though, so that ends up being the way to combat hacks,”- remarked Song.
Charles Phan points out that while the security of Bitcoin is resilient to cyberattacks, the systems and platforms that run on top of its blockchain are not, and their weak points will most likely be exploited in the coming years.
“The problem with Bitcoin is not the protocol itself, which has proven to be secure, but rather the businesses that are operating on top of the Bitcoin network,” said Phan.
“A chain is only as strong as its weakest link and the weakest link in the cryptocurrency system are custodians. If their security isn’t up to scratch, their customers may lose out.”
As the number of attacks on exchanges and wallets will increase, this might lead to a purge in the crypto industry, where only the most secure will remain. This, as a result, will improve the overall sturdiness of the ecosystem.
“The ones that don’t do security well just go bankrupt. That’s the way of the world and the ones that survive are much better at security, so I suspect that over time, there will be fewer hacks,” – remarked Song.
In 2020, we will see more security procedures being implemented by exchanges, funds, projects, and foundations from the ecosystem to protect the funds of their customers.
Of course, as crypto grows even more and sees adoption, it is almost certain that more cybercriminals will try to secure some of these digital assets in an illicit manner.
Featured image: blokt.com