Cryptocurrency hacking has become a significant threat

“This post is taken from the excellent Chainalysis 2024 Crypto Crime Report. In recent years, cryptocurrency hacking has become a significant threat, leading to the theft of billions of dollars from crypto platforms and exposing vulnerabilities across the ecosystem. The attack vectors targeting DeFi are sophisticated and diverse. Therefore, it is important to classify them to understand how hacks occur and how protocols could reduce the likelihood of them in the future. On-chain attack vectors do not arise from vulnerabilities inherent in the blockchains themselves, but rather from vulnerabilities in the on-chain components of a DeFi protocol, such as their smart contracts. These are not a concern for centralized services, as centralized services do not function as decentralized apps with publicly visible code like DeFi protocols do.

The classification of attacks is summarized below:

• Protocol exploitation: When an attacker exploits vulnerabilities in a blockchain component of a protocol, such as those related to validation nodes, the protocol virtual machine, or the mining layer.
• Inner-chain attack: When an attacker working inside a protocol, such as a rogue developer, uses privileged keys or other private information to directly steal funds.
• Off-chain phishing occurs when an attacker tricks users into signing permissions, often by substituting a legitimate protocol, allowing the attacker to spend tokens on the users’ behalf.
• Phishing can also occur when attackers trick users into directly sending funds to malicious smart contracts.
• Off-chain contagion – When an attacker exploits one protocol due to vulnerabilities created by a hack in another protocol. The contagion also includes hacks closely related to hacks of other protocols.
• Compromised server on-chain: When an attacker compromises a server owned by a protocol, they disrupt the protocol’s standard workflow or gain knowledge to further exploit the protocol in the future.
• Off-chain wallet hack: When an attacker exploits a protocol that provides custody/wallet services and subsequently gains information about how the wallet works.
• Off-chain price manipulation hack: When an attacker exploits a smart contract vulnerability or uses a faulty oracle that does not reflect accurate asset prices, facilitating manipulation of the price of a digital token.
• On-chain smart contract exploitation – When an attacker exploits a vulnerability in the code of a smart contract, which typically grants direct access to a protocol’s various control mechanisms and token transfers.
• Private key compromised on-chain: When an attacker gains access to a user’s private key, which can occur, for example, through a data leak or a fault in off-chain software.
• Off-chain governance attacks – When an attacker manipulates a blockchain project with a decentralized governance structure by gaining enough influence or voting rights to implement a malicious proposal.
• On-chain third-party compromise: When an attacker gains access to an off-chain third-party program used by a protocol, which provides information that can later be used for an exploit.

Off-chain attack vectors arise from vulnerabilities external to the blockchain. An example would be off-chain storage of private keys in a faulty cloud storage solution, which applies to both DeFi protocols and centralized services. In March 2023, Euler Finance, a lending and borrowing protocol on Ethereum, suffered a flash lending attack, which caused losses of approximately $197 million. There were 33 hacks in July 2023, the most of any month, including $73.5 million stolen from Curve Finance. Similarly, several large exploits occurred on both DeFi and CeFi platforms during September and November 2023. On-chain attack vectors do not arise from vulnerabilities inherent in the blockchains themselves, but rather from vulnerabilities in the on-chain components of a DeFi protocol, such as their smart contracts. Hacking remains a significant threat. Protecting your digital assets from hacker attacks is of utmost importance, especially in the current scenario where cyber threats continue to increase.

Measures to protect your digital assets include:

• 1. Use strong passwords: Create strong, unique passwords for all your accounts and avoid using the same password for multiple accounts. Use a combination of uppercase and lowercase letters, numbers and symbols.
• 2. Two-factor authentication: Enable two-factor authentication for all your accounts where possible. This adds an extra layer of security to your accounts.
• 3. Keep your software updated: Keep all your software, including antivirus and antimalware software, updated to ensure it has the latest security patches.
• 4. Use a hardware wallet: Consider using a hardware wallet to store your digital assets offline. This will ensure that your assets are safe even if your computer or mobile device is hacked.
• 5. Be careful of phishing emails: Be careful of phishing emails that appear to come from legitimate sources. Do not click on any links or download attachments from such emails.
• 6. Use Trustworthy Exchanges: Use only trustworthy exchanges to buy, sell, and store digital assets. Research the exchange carefully before using it.
• 7. Back up your data: Back up your data regularly to ensure you maintain access to your digital assets in the event of a hack or hardware failure.”

Dr. Jane Thomason is a globally recognized author, thought leader, influencer and investor in the Web3, Metaverse, HealthTech and Tech for Sustainability sectors. She is at the forefront of understanding and navigating the evolving landscape of emerging technologies.

Dr. Jane is president of Kasei Digital Assets, a stock listed on the Aquis Exchange in London. Through this role, she actively contributes to shaping the future of the industry and investing in innovative companies developing decentralized technologies.

Fuente