Regardless of its fluctuating value, digital currency seems here to stay. The advent of Web3, the rise of blockchain technology and the predicted explosive adoption of the metaverse will place added importance on cryptocurrencies, as they will be used by businesses and some governments, in addition to individual users to buy, sell and trade in online marketplaces.
At a very high level, these cryptocurrencies (i.e.“crypto”) are digital representations of actual money called “coins” or “tokens.” A process called ‘mining’ creates new units of cryptocurrency and also verifies cryptocurrency transactions on a blockchain, which is a secure ledger of transactions that ensures the currency hasn’t been tampered with, stolen or spent.
As crypto lives in the digital world, the trust and confidence provided by an immutable blockchain ledger is one of the key reasons the currency is valued and used in transactions. While Bitcoin and Ether are some of the more widely known names of crypto, there are a host of other currencies on the market.
Cryptocurrency is increasingly being added to businesses’ balance sheets because it helps to reach new customers, and it provides a way to avoid many fees, like credit card processing, among others. As with any financial asset, the question of how to secure it is moving to the forefront of the CFO’s mind. But, as cryptocurrencies have proven to be an attractive target for cybercriminals and state-sponsored groups, the CFO will need to partner closely with the CISO to ensure this new form of digital currency is protected from unauthorized transfers.
Digital currencies are under attack
The more crypto on the market, and the higher the financial value, the greater the attack surface. Until recently, blockchain was positioned as “unhackable,” however, this is far from the truth. Blockchains are attractive to hackers for the very same reason they feel so secure to users: fraudulent transactions can’t be reversed, as they can be in the traditional financial system. And hackers have found success in attacking the unique vulnerabilities of blockchains and exploiting their security weaknesses to steal cryptocurrency.
In one instance, a company called Beanstalk Farms was exploited, and over $80 million in crypto was stolen. The attack took advantage of the project’s protocol governance mechanism which permitted the attacker to pull out the virtual funds. This not only resulted in a massive loss for the company, but also hurt the overall value of the company’s BEAN token.
Last year, cybercriminals pulled off a massive crypto theft by exploiting a vulnerability in Poly Network, which ties together multiple blockchains or multiple forms of crypto with APIs. As a result of this exploit, these criminals stole an astounding $600 million in blockchain, though they famously returned half of the funds.
In both of these instances, the decentralized finance (DeFi) platforms were targeted. This is no coincidence. In fact, the FBI notes that 97% of the $1.3 billion in cryptocurrency that was stolen from January 2022 to March 2022 was from DeFi platforms.
DeFis pride themselves on eliminating intermediaries and allowing people, merchants and businesses to conduct financial transactions through emerging technology. They accomplish this through peer-to-peer financial networks that use security protocols, connectivity, software and hardware advancements.
Recently it has also come to light that cybercriminals are developing fake cryptocurrency websites. These websites, which often capitalize on the name recognition of popular brands like Coinbase, fool victims into providing information that enables these criminals to steal from individual’s crypto wallets. This follows a broader trend in which phishing is typically relied upon as a way to steal crypto from unsuspecting victims.
Needless to say, individual cryptocurrency wallets and DeFi platforms need to be secured properly. Not doing so put the cryptocurrencies that are stored, traded and managed on these platforms at serious risk.
While securing digital currency is a complex issue with multiple variables, especially as it pertains to social engineering attacks, there is one area that should be considered as well: APIs. HitBTC, a crypto exchange that allows users to buy and sell their crypto, has minced no words in stating that APIs allow them to automate much of their transactions and ensure their crypto exchange can operate 24/7. In terms of business/consumer enablement, this is a goldmine, however, if these APIs aren’t properly secured, HitBTC could go the way of Beanstalk Farms and Poly Network.
While crypto’s volatility often gets the headlines, those who choose to add crypto to their balance sheet – including businesses – must consider the risks. All it takes is one small foothold, or one person to click a malicious link, for an attacker to breach any defense.
What it all boils down to is that to best protect against the various tactics utilized by cybercriminals to steal crypto, knowing is often half the battle. Greater awareness of these issues is usually the best first step to take before implementing a security strategy. After all, cryptocurrency has the potential to transform our banking industry and give rise to the increased use of DeFis. It is imperative, however, that attention is paid to how our crypto is under siege or run the risk of falling victim to digital heists.