The total cryptocurrency stolen by attackers shrunk in 2023, but do the stats tell the full tale? Morgan Williams, Product Lead at blockchain protection firm Coincover, explains why crypto providers must keep their security watertight and how 2024 will bring a new host of risks and threats.
According to the most recent Chainalysis Crypto Crime report, the total funds stolen by crypto hacks and scams fell by 29.2% and 54.3% respectively in 2023 from 2022.
Hacks and scams have consistently troubled crypto advocates, creating fear and uncertainty about the underlying technology. The decline in these activities is a positive sign indicating that security is improving. However, there is still a long way to go in making customers feel as though their funds are as safe as they are in fiat institutions.
As crypto firms look ahead to the rest of 2024 and beyond, it is vital that they remain vigilant to the evolving risk landscape and ensure the right tools are in place to strengthen their security posture.
A false sense of security remains a risky business
On the surface, the drop in funds stolen is welcome news. Less crypto is making its way into the pockets of bad actors and fewer businesses are suffering disruption.
However, this doesn’t reflect the true picture. Chainalysis cites that the figures are lower-bound estimates based on inflows to illicit addresses identified as of January 2024. It predicts that a year from now the sum will “almost certainly be higher” as more illicit addresses are identified and historic activity is incorporated into the estimated total.
Even though the total funds lost to hacks decreased, the number of attacks in fact spiked last year. Immunefi’s 2023 Crypto Losses report found that the number of single hacking incidents increased 89.8% year-on-year, demonstrating that bad actors continue to find new, sophisticated ways to extract funds.
Renewed focus on user experience
When it comes to security, the user experience for customers can be unsophisticated. Wallet holders still rely on a 24-word recovery phrase to access their accounts and go through complicated and time-consuming processes to retrieve pins and passwords should they lose access.
The launch of ‘smart accounts’ on the Ethereum blockchain last year represents a significant breakthrough in simplifying the user experience. Unlike traditional wallets, smart accounts enable users to group multiple transactions into batches. They can be controlled by programmable smart contracts rather than private keys, allowing for more enhanced usability.
Smart contracts also provide better security functionality, with features such as two-factor authentication and the ability for cryptographic keys to be stored on standard smartphone security modules.
These security protocols are closer to traditional banking experiences and will be vital in improving user experience and encouraging adoption.
New technology will bring new threats
As technology evolves, so do the tactics employed by hackers and scammers. Artificial intelligence (AI) became more mainstream last year and will become a growing security concern to crypto firms and investors.
Attackers may use AI to generate new and complex types of phishing schemes and other cyber dangers that can evade conventional protection measures. It also has the potential to increase the effectiveness and volume of traditional threats such as spear phishing, ransomware attacks and brute force attacks.
Security teams at crypto firms need to be aware of these risks and put sophisticated measures in place to enhance their resilience against AI-based threats.
Safety through standards
Confidence in the industry is still one of the biggest challenges facing crypto; it’s estimated that almost one in five consumers are wary of the crypto market.
By standardising security techniques and methodologies, end-users will be able to make educated decisions more easily about which products and companies to use.
The SOC2 certification is a widely adopted standard that crypto firms can use to build trust. It is a Systems and Organisation Controls report, issued by an external auditor, which checks if a firm meets AICPA’s Trust Principles of security, availability, integrity of processing, confidentiality and privacy. Getting this certification means a firm has strong security controls, reducing the risk of hacks and breaches.
As crypto firms come under pressure to meet the same standards as traditional finance, opting for this certification should be the initial step for firms looking to demonstrate best-in-class security practices.
Get your house in order
Even though crypto is still relatively new, it’s estimated that the total number of crypto users could reach 900 million in 2024, up from 575 million in 2023. Trust is the foundation for the adoption of any emerging technology, and as newcomers enter the crypto market, it’s crucial that they can trust providers and exchanges to keep their funds safe and secure.
Crypto firms need to be proactive in putting preventative measures and technology in place to stay ahead of these threats. By doing this, they not only reduce the risk for investors but also build long-term confidence in the market.
