Cat And Mouse – As Scammers Step Up Their Game, Crypto Security Must Keep Pace

Published on

Leading blockchain security firm Chainalysis recently released the first glimpse of its 2022 Crypto Crime Reports, and although there are some signs of progress, it makes for sober reading. In absolute terms, 2021 was the worst year to date for crypto-based crime, with the total value received by illicit addresses reaching an all-time high above $14 billion.

Get The Full Henry Singleton Series in PDF

Get the entire 4-part series on Henry Singleton in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues

Q4 2021 hedge fund letters, conferences and more

Looking at it from another angle, the scenario could be read as more positive. In 2021, cryptocurrency adoption rates soared, while the rate at which crypto crime increased did not keep pace. This means that in relative terms, the percentage of all crypto transactions involved in crime actually went down compared to previous years.

However, there are two powerful caveats to assuming that the second part represents undiluted good news. Firstly, Chainalysis cautions that data from 2021 is still coming in, so it’s possible that the numbers could still increase. Secondly, rising crypto crime, even as a relatively smaller part of the sector as a whole, is bad news and the detail of the Chainalysis report reveals that scammers are finding new and innovative ways to exploit the system so that even the most experienced users can find themselves falling prey to the latest exploit.

DeFi Dangers

So what’s changing? The numbers show that a few years ago, centralized exchanges were the main targets for hackers. While the amount of funds taken from exchanges has remained similar over the years 2019 to 2021, DeFi thefts have increased by 1,330%, representing a massive attack vector for the crypto space.

One of the biggest and most audacious examples of a DeFi heist came in August 2021, when hackers exploited a vulnerability in the smart contracts underlying Poly Network. The move was highly technically sophisticated – technophiles may wish to digest an excellent thread from Ethereum researcher Kelvin Fichter which breaks down the methodology. Ultimately, it allowed the attackers to steal funds in more than a dozen different tokens and direct them to three wallet addresses across different blockchains.

Poly Network later announced that the hackers had returned the stolen funds, stating that they only hacked the protocol to expose the underlying vulnerabilities. However, analysts highlighted an attempted transfer to one of Curve’s liquidity pools that had been rejected, indicating that perhaps the hackers had found themselves unable to launder such a large amount of stolen funds.

Cashing In On Screen Hype

Of course, DeFi isn’t the only vulnerable area. As the general levels of euphoria increased in 2021, token scams became more prevalent once again – in some cases reminiscent of the 2017 bad old days of ICO shysters. Squid Coin was one such example.

The project emerged in late October, cashing in on both the hype surrounding the Netflix show Squid Games and the current boom for play-to-earn games in the crypto sector. But it was all an elaborate rug pull. After pumping over 75,000% in a single week, the token crashed to zero in under a second, leaving investors with a worthless bag.

How can crypto users avoid ending up on the wrong end of a scam like this? Obviously, mindset is a huge part of it. It’s all too easy to get caught up in the euphoria of a bull market and believe every token is going to the moon. And the age-old adage of “not your keys, not your crypto” seems to be well-known enough by now – even most newcomers know they should steer clear of anyone asking for their private keys.

But as an industry, crypto needs to ensure it’s staying ahead of the scammers and fraudsters. The industry is at a critical inflection point in adoption and regulation, and crypto crime will be a significant consideration for regulators when determining the extent of any legal frameworks and subsequent enforcement.

Balancing Identity, Security, And Privacy

One challenge we face is the binary choice between centralized crypto exchanges and their KYC processes and the pseudonymity of decentralized blockchain wallets. Neither is ideal. Centralized solutions leave a paper trail of identity and asset ownership that could be accessed and exploited by anyone. In contrast, decentralized solutions are pseudonymous, which doesn’t offer any way to indisputably tie a user to their assets because private keys can become compromised.

Avarta aims to address the authentication and identification challenges that exist within the crypto space. It tackles the issue by introducing facial recognition into the blockchain wallet authentication process. Its flagship product is a biometrically-secured multi-chain blockchain wallet, allowing users to consolidate all their cryptographic keys into one wallet that doesn’t require any passwords or private keys. Ultimately, your face acts as a single sign-on for all platforms and the entire Web3 ecosystem.

Avarta’s solution comes with an additional benefit. By creating a unique and secure identity linked to an individual’s assets and transaction history, someone can finally use their blockchain assets as a way to prove creditworthiness.

Enhancing Security Through Privacy

Manta Network takes a different approach, using privacy-preserving technologies to give users greater assurance that they can’t be traced back to their assets and thus become a target for hackers. It uses zero-knowledge proofs to allow users to transact with privacy, which it has already showcased in partnership with Acala, a DeFi protocol.

When a user moves their funds into the Manta Network, a zero-knowledge equivalent is minted 1:1, such that when the user moves them back out, nobody can trace it back to any previous transactions that took place outside of the Manta Network.

With the cryptocurrency sector expanding at a rapid pace, it’s positive news that projects are tackling the security challenges from multiple angles. As the Web3 ecosystem grows and expands, it will contain more value, and inevitably it will also continue to attract hackers and scammers. However, the cryptocurrency ethos is committed to empowering users to take control of their own money. So the most important advice to users remains thus: don’t get caught up in the hype of new projects and tokens and always, always, do plenty of research.