Cryptocurrencies have grown tremendously over the years. As more users joined, the number of hackers increased. This year, cryptocurrency hacking cost more than $2 billion in stolen funds. These thefts are especially common among crypto bridges, bringing in $1.4 billion in 2022 alone.
The largest single hack in March of this year was $615 million from the Ronin Bridge, which connects the Ronin network’s popular Axie Infinity game to Ethereum. Earlier this year, major cryptocurrency exchange Crypto was also hacked by the millions, forcing the network to hold withdrawals for more than 14 hours.
Hackers have caused investors to lose not only their savings but also their faith in cryptocurrencies, forcing potential investors to withdraw from the sector. This article explains how cryptocurrencies are being hacked these days, why it’s important to stay vigilant, and some proven ways to avoid being hacked.
Are blockchains secure?
The blockchain trilemma of choosing two out of three properties (decentralization, security and/or scalability) is fundamental to the functioning of blockchains. To compensate for this, the architecture of modern cryptocurrencies, decentralized applications (DApps), and NFTs have important built-in security features. Once blocks of data are added to the blockchain database, they are immutable and cannot be reversed or hacked. Despite this structure, hackers have made millions every year from mistakes in bridges, protocols, and personal security. When hackers exploit marginal vulnerabilities in the system and abuse existing smart contracts, users can effectively combat it by protecting themselves with secure crypto wallets.
So are blockchains secure? The short answer is yes. The blockchain itself is protected by cryptographic techniques and consensus mechanisms of the network participants. However, losses continue to occur due to the above-mentioned information security shortcomings.
The role of miners in keeping the blockchain secure
Cryptocurrency miners play an important role in protecting proof-of-work (PoW) blockchains from hostile takeovers, spam, and attempts to centralize the network. In return, miners are rewarded for contributing their resources.
At first glance, miners package transactions from their mempools into candidate blocks. Then each miner uses a calculator to solve the hash algorithm (for Bitcoin, SHA-256 or Secure Hashing Algorithm 256-bit). Once the hash is resolved and verified, it is added to the blockchain and the miner receives a reward.
51% attack effect
Naturally, blockchains are open to attack by the very miners who secure the network. With a 51% attack, a group could potentially take over the blockchain if it owned more than 50% of PoW’s cryptocurrency. The 51% attack works by bypassing the existing network and adopting established security protocols. When attackers control the majority of the hash rate, they can make changes to the blockchain and allow transactions, such as double-spend, with majority consent.
Bitcoin transactions, for example, require six confirmations from the network to process. An unprocessed transaction can be reversed in a 51% attack where miners gain control of the coins through unconfirmed transactions. They can then transfer the coins to an address of their choice. The 51% severity of an attack would depend on what the attackers ultimately decided to do.
Can someone steal my cryptocurrency?
Yes, your cryptocurrency can be stolen if you don’t take the necessary steps to protect your coins. Hackers can either steal them outright or use tricks to trick you into handing them over. If your private keys aren’t secure, a hacker can gain access to your wallet (see Wallet hacks below). This can’t happen if you store your coins offline in a cold wallet like Ledger, one of the best hardware wallets out there.
Types of cryptographic hacks
Blockchain security has improved over the years, but as we see more adoption, crypto hackers will increase. Here are three of the most common crypto hacks.
A blockchain bridge allows you to send resources from one blockchain to another. Users send money in a single asset to a bridge where the money is committed to a contract. The user is then provided with a wrapped token, which mimics the properties and functionality of the target token once it reaches the target blockchain network.
Bridges have come under fire in recent years because they often have a central repository where resources are locked down and used to support packaged resources. Whether owned by a centralized entity or tied to a smart contract, current bridge projects have yet to solve the challenges of blockchain bridges.
Some bridges are brittle due to their poor design. For example, Horizon Bridge was hacked for $100 million after attackers compromised two of its five accounts and authorized a withdrawal of funds from Harmony to Ethereum.
Wormhole, one of the largest chain bridges, was breached for $320 million. A hacker managed to target Wrapped Ethereum (WETH) Solana without placing the necessary collateral in Ethereum. Fortunately, Jump Trading stepped in to offer the same amount of ETH, saving the protocol and users from heavy losses.
Digital wallets or crypto wallets are insecure storage platforms that contain private keys to manage your cryptocurrencies. Keys are required to use your cryptocurrency vault. You have full control over them and keeping them safe is your main duty.
Wallets are divided into hot and cold wallets. Cold wallets, such as Trezor and Ledger hardware wallets, are the safest storage option as they are not connected to the internet. It is intact except during the brief connection times of network events.
A hot wallet is connected to the internet and is therefore more vulnerable to attack. While most users prefer hot wallets for convenience, hackers can communicate directly with a hot wallet using malware, phishing, and other hacking strategies. Recently, more than 8,000 hot wallets were hacked and funds drained without users’ knowledge. The attack took place on the Phantom, Slope and Trust wallets and were worth $5 million in genuine Solana tokens. According to a tweet from Solana Status, the engineers discovered that the flaw was not in Solana, but in the software of several hot wallets.
These are usually third-party applications that may have security holes that allow hackers to access your private keys. In the case of MetaMask, there are bogus sites that can trick you into entering your seed phrase, then the scammers convert the money immediately.
A cryptocurrency exchange is a platform where users buy and sell digital assets using fiat money. The exchanges provide users with custodial wallets and other services, including managing user accounts and their private keys. Since only a few private keys contain large amounts of money, wallets become targets for hackers.
Earlier this year, one of the largest cryptocurrency exchanges, Crypto.com, suffered a $35 million hack that affected more than 400 users. The exchange initially discovered that a small number of users had unauthorized crypto payments in their accounts. This became a large amount as withdrawals were accepted without using 2FA (two factor authentication). Crypto suspended withdrawals for 14 hours and fully compensated its users.
After Solana’s wallet was breached that same week, a hacker stole $4.8 million in cryptocurrencies from the exchange (whose homepage reads “The World’s Most Secure Digital Asset Exchange” – so yes, it can happen everywhere). Unfortunately, it was not quick enough to block the withdrawals and the money was transferred from the exchange wallet to an unknown address believed to belong to the hacker.