Whilst the ever-present volatility issue of crypto’s market continues to be a discerning factor for potential investors, security measures have also become a reason why people have yet to adopt crypto and blockchain technology.
Ryan Lewis, Head of Custody Operations at blockchain security firm Coincover, writes for Payment Expert on how blockchain is not only one of the most secure forms of technology, but its security issue actually derives from the people handling it themselves.
A staggering $336m in crypto was lost to hacks and scams during the first quarter of 2024. Only a few weeks ago we saw the latest high-profile case. As reported by Business Insider, a crypto trader lost $70m in an address-poisoning scam – when victims are tricked into sending funds to fraudulent accounts.
Recurring stories like this continuously plant the idea that cryptocurrencies are particularly vulnerable to hacks, which couldn’t be further from the truth.
The discourse around hacking often skims over a very fundamental fact: these problems do not stem from flaws with crypto’s underlying technology but from humans interacting with it. To prevent damaging hacks, crypto firms need to focus on how to mitigate the risks of human engagement with crypto, which can be achieved through protective technology.
Consequences of hacking
There’s no denying that hacking and fraud are significant threats across the blockchain industry. Although the latest research suggests that losses from hacking decreased in 2023 compared to 2022, hackers still walked away with $1.7bn.
Instances of hacking are a double-edged blow to crypto firms, who not only suffer the financial loss but often see a huge outflow of users when the news goes public.
However, hacks also have wider ramifications beyond the parties affected. Each hack instils fresh fear that damages crypto’s reputation and discourages further adoption of the technology. As found by our research in September, security concerns are the second largest barrier to investment, behind only volatility.
The unfortunate reality is that the crypto industry is still met with a healthy amount of scepticism from many consumers who associate it with illicit activity – whether that’s fraud, hacking or money laundering. However unfair, it is a reputation that hampers wider adoption.
Inaccurate assumptions
While it’s true that cyber criminals continue to have successes in cryptocurrencies, it’s important to remind people that these problems are not due to inherent flaws in the technology itself, rather a result of human behaviours.
Losses occur when people interact with blockchain infrastructure. Whether it’s a sophisticated social engineering scam or a simple case of stolen private key material, these are driven by human error or maliciousness.
Similarly, the source of security weaknesses is usually caused by blockchain-adjacent applications and software, such as cross-chain bridges. Or in the case of Mixin Network’s $200m incident last year, the attackers managed to infiltrate their cloud.
Blockchains are exceptionally secure by design. The only way to hack them that is currently known is a 51% hack whereby the hackers have to take control of the network’s supply, which is no small accomplishment. Either way, they are extremely secure and no more susceptible to malicious attacks than the banking infrastructure that underpins fiat currencies.
Crypto risks in context
The losses that are often highlighted in crypto also represent a double standard. Fraud and theft are equally large problems in traditional finance, if not more so.
It is very difficult to compare losses directly due to the physical nature of some fiat theft, but recent research from the Global Anti-Scam Alliance and ScamAdviser has shown that global losses to scams exceeded $1trn in 2023.
Customers in traditional banking are often duped into sending their money to fraudsters, which is a problem that companies like Visa and Mastercard have gone to vast efforts to prevent over the years.
With this in mind, it’s important to consider the crypto industry’s security challenges in context. In the same way that digital banking has opened up doors for fraudsters, new technologies always come with new risks. In fact, new technology is often exploited by experimental criminals, as seen recently with the use of AI to impersonate people for malicious intentions.
Ultimately, crypto hacks will only grow in sophistication as the tactics of hackers evolve. There has been a notable growth of social engineering, whereby fraudsters convince victims they’re someone they’re not to trick them out of their money. But as new blockchain-based applications and technology emerges, such as Web3 and smart contracts, new risks will inevitably present themselves.
Mapping and preventing risks
With the successful launch of the first Bitcoin ETF and the proceeding bull market, 2024 is on track to see big growth in users. The number of users is predicted to reach around a billion by 2028.
But as the industry grows, it must be a priority to address security concerns. We can never fully eliminate the threat of hacks and theft. Cyber criminals will continue to exist, they will continue to find weaknesses in blockchain-adjacent services, and people will continue to fall into their traps. For blockchain companies, the goal must be to identify the vulnerabilities where humans interact with blockchains and introduce systems that limit the risk of loss.
By protecting customers and themselves, crypto firms can help to dispel the myth that cryptocurrencies have inherent security flaws, building confidence in the technology and helping to turn sceptics into users.