A $620 million hack? Just another day in crypto

Consider becoming a subscriber to support MIT Technology Review journalism

DeFi – an idea akin to smart contracts – is all about transparency and open source code as an ideology. Unfortunately, in practice that all too often means rickety multimillion-dollar projects kept up with tape and chewing gum.

“There are a few things that make DeFi more vulnerable to hacking,” Grauer explains. “The code has been opened. Anyone can go over it looking for bugs. This is a big problem we’ve seen that doesn’t happen with centralized exchanges.”

Bug bounty programs, where companies pay hackers to find and report security vulnerabilities, are a tool in the industry’s arsenal. There is also a cottage industry of crypto audit firms that will invade and give your project a seal of approval. However, a cursory look at the worst crypto hacks of all time shows that an audit is not a panacea – and there is often little to no accountability for the auditor or the projects when hacks occur. Wormhole had been checked by security firm Neodyme just a few months before the theft.

Many of these hacks are organized. North Korea has long used hackers to steal money to fund a regime largely cut off from the traditional global economy. Cryptocurrency in particular has been a gold mine for Pyongyang. The country’s hackers have stolen billions in recent years.

However, most hackers targeting cryptocurrency do not fund rogue. Instead, the already robust cybercriminal ecosystem simply takes opportunistic shots at weak targets.

For the burgeoning hub of cybercrime, the more difficult challenge is laundering all the stolen money and turning code into something useful, say cash, or in North Korea’s case, weapons. This is where law enforcement comes in. In recent years, police around the world have invested heavily in blockchain analytics tools to track down and, in some cases, even recover stolen funds.

The proof is the recent Ronin hack. Two weeks after the robbery, the crypto wallet containing the stolen currency was added to a US sanctions list because the FBI was able to connect the wallet to North Korea. That makes it more difficult to use the premium, but certainly not impossible. And while new tracking tools are starting to shed light on some hacks, law enforcement’s ability to recover and return funds to investors is still limited.

“The money laundering is more sophisticated than the hacks themselves,” Christopher Janczewski, formerly a chief agent at the IRS who specializes in cryptocurrency matters, told MIT Technology Review.

In any case, for the time being, the major risk remains part of the crypto game.


Leave a Reply

Your email address will not be published.

Back to top