A $620 million hack? Just another day in crypto

ByMabel R. Acton

Apr 18, 2022 #3rd Wave Of Technology, #Active Mind Technology Steve Suda, #Adia Technology Limited, #Anxiety Caused By Technology, #Aum Technology Job Openings, #Best Books On Licensing Technology, #Best Us Companies Drivetrain Technology, #Boulder Creek Ca Technology Companies, #Bounce Box Technology, #Bridgerland Applied Technology College Cafeteria, #Cisco Technology News, #Comcast Comcast Technology Internship Program, #Complete Automated Technology, #Defence Technology News, #Definition Information Technology System, #Digital Technology, #Digital Technology Pdf, #Director, #Dxc Technology Malaysia Sdn Bhd, #Emerging Technology In Healthcare 2019, #Energy Efficient Home Technology, #Environmental Technology 2019, #Esl Information Technology Vocabulary, #Farming Technology Replacing People, #I.T. Information Technology, #Information Technology Residency Programs, #Issue With Holographic Counterfeiting Technology, #La Crosse Technology 9625 Manual, #La Crosse Technology C89201 Manual, #Lane Dedection Technology, #Long Quotes About Technology, #Micron Technology San Francisco, #Modern Steel Mill Technology, #Nc Lateral Entry Technology, #New Technology Replaces Wifi, #Russian Technology City, #Shenzhen Nearbyexpress Technology Development, #Stackoverflow Resume With Technology Interests, #State Agency For Technology, #Teacher Comfort With Technology Survey, #Technology Companies In Southwest Florida, #Technology Credit Union Address, #Technology In Mercedes Glc, #Technology Material Grant For College, #Technology Meibomian Lid, #Technology Production And Cost, #Treehouse Education Technology, #Western Technology Center Sayre Ok, #What Is Jet Intellagence Technology, #Why Women In Technology, #Will Technology Take Away Libraries

To support MIT Technology Review’s journalism, please consider becoming a subscriber.

DeFi—an idea similar to smart contracts—is all about transparency and open-source code as an ideology. Unfortunately, in practice that too often means rickety multimillion-dollar projects held together with tape and gum.

“There are a few things that make DeFi more vulnerable to hacking,” Grauer explains. “The code is open. Anyone can go over it looking for bugs. This is a major problem we’ve seen that does not happen to centralized exchanges.”

Bug bounty programs—in which companies pay hackers to find and report security vulnerabilities—are one tool in the industry’s arsenal. There’s also a cottage industry of crypto audit firms that will swoop in and give your project a seal of approval. However, a cursory glance at the worst crypto hacks of all time shows that an audit is no silver bullet—and there is often little to no accountability for either the auditor or the projects when hacks happen. Wormhole had been audited by the security firm Neodyme just a few months before the theft.  

Many of these hacks are organized. North Korea has long used hackers to steal money to fund a regime that is largely cut off from the world’s traditional economy. Cryptocurrency in particular has been a goldmine for Pyongyang. The country’s hackers have stolen billions in recent years.

Most hackers targeting cryptocurrency are not funding a rogue state, though. Instead, the already robust cybercriminal ecosystem is simply taking opportunistic shots at weak targets.

For the budding cybercrime kingpin, the more difficult challenge is successfully laundering all the stolen money and turning it from code into something useful—cash, for example, or in North Korea’s case, weapons. This is where law enforcement comes in. Over the last few years, police around the world have been investing heavily in blockchain analysis tools to track and, in some cases, even recover stolen funds. 

The proof is the recent Ronin hack. Two weeks after the heist, the crypto wallet holding the stolen currency was added to a US sanctions list because the FBI was able to connect the wallet to North Korea. That will make it harder to make use of the bounty—but certainly not impossible. And while new tracing tools have started to shed light on some hacks, law enforcement’s ability to recover and return funds to investors is still limited.

“The laundering is more sophisticated than the hacks themselves,” Christopher Janczewski, who was formerly lead case agent at the IRS specializing in cryptocurrency cases, told MIT Technology Review. 

For now, at least, the big risk remains part of the crypto game.