The state of cybersecurity in blockchain & crypto 2022
Blockchain cybersecurity can be the decider between a company’s success or failure. The loss of vital information or funds due to an attack can bring a project to a standstill and force it to shut down if the right steps are not taken to protect data. Cybersecurity in blockchain helps prevent data breaches, detect threats and ransomware, and helps you manage risk.
In this article, we’ll dive into the latest crypto crimes, evaluate the trend of cybercrime in recent years, and give some tips on how to secure your funds. After reading, you should have no doubts about the importance of ensuring that a project has been properly audited before interacting with it.
Conclusions from Chainalysis on crypto crime
Chainalysis is a blockchain data platform that provides investigative, regulatory compliance, and market analysis software. The company recently released its Crypto Crime Report 2022; and while there were some expected figures, such as large sums of money stolen, there were also some unexpected findings.
Compared to 2021’s figures, the volume of cryptocurrency transactions associated with illegal activities in 2020 came to 0.62%, falling from 2.1% in 2019, but in 2021 cryptocurrencies fraud amounted to $14 billion, up from $7.9 billion (a 79% rise) the year before — how can this be? It’s simple; the volume of stolen funds as a share of overall cryptocurrency transactions has never been lower. This is because legitimate cryptocurrency usage is growing faster than ever before. According to The Wall Street Journal’s data, total transaction volume across all cryptocurrencies rose to $15.8 trillion in 2021, up 567% from 2020. The level of criminal activity has not risen at the same pace as overall use.
Crypto hacks — short overview
Cryptocurrency exchanges, wallets, and blockchain ledgers are a huge target for hackers, having made millions of dollars over the past few years. Let’s take a look at some of the biggest hacks and data breaches in the crypto space during the last year.
This year, many funds were stolen with hackers exploiting bridges between chains. On June 23, hackers stole about $100 million from the Horizon cryptocurrency bridge after discovering a key vulnerability in the digital asset ecosystem.
The attack on Horizon, which offers cross-chain transfers between Ethereum and BNB Chain, is the third major bridge breach this year. In February, hackers stole over $300 million from the Wormhole bridge and another $620 million from the Ronin Bridge a month later. Chainalysis estimates more than $1 billion had been stolen from bridges before the Horizon hack.
According to data analyzed by the Atlas VPN team, since January 1, 2022, cybercriminals have managed to steal $1.97 billion from hacks of 175 crypto projects.
Why is cybersecurity important?
Any new industry develops unevenly, and the cryptosphere is no exception. Cybersecurity has become its main problem: blockchains and smart contracts are not completely protected from external threats as they are rushed to market. Mistakes in development can cost a huge amount, as we have seen above.
Cybersecurity protects hardware devices, software, networks, and data from cybercriminals. Cybersecurity can be defined as electronic information security to protect against unauthorized access to personal or company data, and can be divided into various categories:
- Information security is the protection of data integrity both during storage and transmission.
- Network security is protecting a network of hardware devices from intruders by preventing and responding to attacks and malware using software or IT services.
- Application security is making applications more secure by ensuring that the underlying software doesn’t contain unauthorized code that could manipulate or steal data. This is mainly done during the development phase and includes methods to protect already deployed applications.
- Operational security includes handling and protecting data assets, including user permissions, network access, and how and where data is stored.
The criminal misuse of cryptocurrencies creates huge obstacles to its further adoption, increases the likelihood of governments imposing restrictions, and robs innocent people worldwide.
How to counter threats?
Cryptocurrency users should be aware of the risks and can take steps to protect their investments from falling into the wrong hands. Here are five top tips to help keep your money safe:
Know the basics of cybersecurity: many cybercriminals use phishing emails to access user accounts. Identifying dangerous emails and avoiding potential malicious links is a serious step towards denying cybercriminals access to your crypto wallets.
Attention to password protection. To prevent cybercriminals from engaging in cryptojacking, combine effective password management with two-factor authentication to prevent unauthorized access.
Careful monitoring to avoid cryptojacking — This practice involves taking over a computer or mobile device remotely to exploit its capacity to mine cryptocurrency. Cryptojacking happens in the background and can go unnoticed for a long time. Continuous monitoring is the best and easiest way to quickly determine if cybercriminals have infiltrated your system.
Follow The Cryptocurrency Security Standard: The CCSS sets out a set of open source requirements to standardize the methods and methodologies used by cryptocurrency systems around the world. The process includes 10 aspects of security, including wallet creation, key storage, key usage, and data sanitization policy, evaluating them according to three levels.
Content Destruction and Reconstruction (CDR). Companies using cryptocurrencies can implement file cleaning to eliminate the possibility of malicious code running in the background. CDR ensures that the file is free of malware by scanning and rebuilding it.
Audits as the first line of defence for DeFi security
Every day more and more people are showing interest in financial innovations, gamified with the advent of DeFi. Sadly, scammers are finding more and more ways to take advantage of newcomers’ low knowledge levels as they enter this innovative new space.
Going back to the Chainalysis Crypto Crime Report 2022, looking at annual changes in stolen cryptocurrency, the majority falls on the DeFi sector. Popular Dapps are getting the message, going through one or more external (as well as internal) audits to help secure their projects and act as a trust trigger to users who are wary of where they put their funds.
The purpose of an audit is to check the smart contract code security. Despite being integral to smart contract development, many developers release their code without auditing; thus, the risk of interacting with them increases significantly. Auditing smart contracts is rapidly becoming commonplace; and although the approaches of audit companies may differ slightly, a typical audit looks like this:
1. Determining the scope of the audit. Smart contract specifications are determined by the purpose of the project and the overall architecture. The specification helps the audit team understand the project’s goals when writing and using code.
2. Offering a quote depending on the amount of work.
3. Verifying the validity of the code using automatic and manual checks.
4. Creating a draft report with errors and providing it to the project team for their correction, along with other recommendations.
5. Publication of the final report, taking into account all the actions the development team took in response to the first round of reporting.
After receiving the report, it is common for the DeFi project team to post the results for the community to explore.
PembRock Finance — Why we made audits a key priority of our project
Before engaging in a project, it is necessary to study as much information about the project as possible. Having a smart contract audit from a trusted company serves as an important part of a project’s credentials. Although it may require technical knowledge in some places, you can get a basic understanding of how willing a project is to implement changes based on a thorough audit.
For PembRock, the first yield farming protocol built on the NEAR blockchain by INС4 developers, the audit of smart contracts was one of the mandatory roadmap milestones before launch. For the audit, we turned to BlockSec, which has a solid track record conducting audits for NEAR blockchain projects. BlockSec provides a smart contract audit service that supports multi chains, with a commitment to improve blockchain security, supervision, and governance. Another one will be delivered soon by Certik — an audit leader with hundreds of verified smart contracts.
Cybersecurity in Blockchain and Crypto 2022
DeFi is one of the most exciting areas of the broad crypto ecosystem, offering huge financial opportunities for large investors and crypto users alike. The DeFi sector will reach its full potential and become more widely adopted when fraud and theft are minimized, with audits providing the clearest way yet to prevent cryptocurrency theft.