Why Crypto Hackers Always End Up Getting Caught Out

Published on

Since the earliest days of crypto, hackers have been one of the biggest threats to the space. As the markets have grown, cryptocurrency security has become one of the most significant sources of unease for investors. Following several high-profile thefts on exchanges like Bitfinex and Mt.Gox, the popular wisdom in the crypto space was that you should store funds on a non-custodial wallet. But even they aren’t necessarily safe. If white hat hackers can penetrate a hardware wallet to restore lost crypto, then you can bet that a black-hat hacker would be ready to exploit the same weaknesses.

Get The Full Series in PDF

Get the entire 10-part series on Charlie Munger in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues.

Q4 2021 hedge fund letters, conferences and more

In some cases, the funds are quickly restored, like the recent Wormhole bridge attack. Project operators have been quick to figure out that a generous bug bounty will often prove more attractive than sitting on illicit funds, which is the ideal outcome from a user’s perspective. However, if the authorities get involved, victims of theft can find themselves waiting months or even years to restore their stolen crypto. After the DoJ recently arrested two people in relation to laundering the funds stolen from Bitfinex, it seems those affected could face a legal wrangle to recover their losses.

Catch Me If You Can

As renowned conman Frank Abagnale, subject of the movie “Catch Me If You Can” pointed out: “the internet is a wonderful thing, but it opens the door to many crimes, so you have to stay ahead of it.” Any cybersecurity specialist will tell you that it’s a game of cat and mouse. Each time security becomes tighter; hackers will find new ways to exploit the weaknesses. New technologies like DeFi simply introduce new attack vectors, and the cycle starts all over again.

However, transactions based on blockchain are different from any other kind of online transaction. Blockchains are immutable; records cannot be changed or manipulated after the fact. Furthermore, they’re available for anyone to view via a simple blockchain explorer. These features have given rise to a new field of blockchain forensics, pioneered by firms like Chainalysis, which develop analytical tools and works with crypto operators, law enforcement, and independent investigators to fight cryptocurrency crime.

Most recently, the firm was credited by investigative journalist Laura Shin, who has published a book that claims to have identified the mysterious individual behind the 2016 DAO hack, who stole $60 million worth of ETH from a smart contract. Shin named Toby Hoenisch, an Austrian programmer and project founder who was living in Singapore at the time of the heist. She states that she was able to use a “powerful and previously secret” forensics tool developed by the firm to draw her conclusion. Such confidence can only come from someone who has the immutable, indisputable power of blockchain evidence at their disposal.

Flaws in the System

How much should private investors worry about hacks?

According to Kurt Nielsen, President and Co-Founder at Partisia Blockchain, social weaknesses are more significant than blockchain security. He elaborates:

“A well-designed blockchain provides much better cybersecurity thanks to its decentralized consensus and encryption. However, hackers gaining access to your private keys through social engineering attacks like phishing are likely to be a bigger threat than someone “hacking” your blockchain wallet itself. That said, smart contracts are written in code by humans, which introduces vulnerabilities to the system, of which private investors may not be aware.”

It’s a good point. Unfortunately, the DeFi space has turned into a haven for attackers, as some developers have been happy to launch poorly written smart contracts that are crying out to be hacked, like the “really stupid” MonoX hack that resulted in losses of $31 million. However, in some cases, DeFi hackers seem out to do little more than making a point. After the $600 million Poly Network hack in August last year, one of the biggest in DeFi history, hackers inexplicably decided to return the funds without giving a reason.

But many hacks remain unsolved or leave crypto users without hope that their funds will ever be returned. The 2018 attack on South Korean exchange Bithumb resulted in losses of $30 million, and according to blockchain analytics firm Elliptic, it is likely to be tied to North Korean cybercrime syndicate the Lazarus Group. The same group has been linked to a 2018 heist on South Korean Coinrail, which resulted in losses of $40 million. However, both of those pale into comparison alongside the 2018 Coincheck hit, also thought to be initiated by Lazarus. This time, they lifted a cool $534 million in NEM tokens.

However, even if the hacks end up unsolved, many of the larger exchanges have insurance coverage or self-managed pools that can cover customer losses. For example, after 6,000 Coinbase (NASDAQ:COIN) customers were targeted in a sophisticated phishing campaign last year, the exchange reimbursed those affected.

Avoiding Detection

Can hackers really elude detection? Well, according to Ian Huang, founder and CEO of ParallelChain Lab:

“There are two concepts involved here: anonymity and traceability. They often get mixed together, which feeds a false perception that crypto is anonymous and/or untraceable by design. In fact, crypto transactions "can” be anonymous in a way that it is possible to make your on-chain identity untraceable to your real-world identity by avoiding all KYC’d platforms.”

But he elaborates that “In a practical sense, it’s all but impossible. Unless the hackers don't do anything with the stolen assets (which does not make much sense), they would eventually attempt to use the assets, and every transaction that they make with the stolen assets increases the chance of getting caught.”

As such, it’s possible to identify that it was Lazarus Group behind the attacks, even if it’s all but impossible to recover the funds once they vanish into North Korea.

How to Protect Your Funds?

In general, hackers can never assume their crypto transactions won’t be traced. Blockchain’s immutability means that, as we’ve seen recently with Laura Shin’s work and the Bitfinex arrests, the most surprising reveals can happen even years later.

The question for users is, how best to keep funds safe – centralized exchanges or non-custodial private wallets? According to Aleksandras Gaska, Founder and Operations Lead at BlockWallet:

“Non-custodial wallets and exchanges have been around for a while, but mainstream users are still hesitant about switching over. Although there are clear benefits to non-custodial ownership of assets, it poses additional friction to users when they interact with Web3 or make transactions. This is why we built BlockWallet, to solve the trade-offs. Anyone can use features like our privacy pools to achieve a high-level of on-chain privacy, instead of trusting their data and assets to a custodian.”

What’s yet to come? Given that blockchain technology is still developing and cybersecurity is a cat and mouse game, it seems likely that hacks will be a feature of the space for some time to come. However, as crypto security improves, hackers – even the long-retired ones – can’t assume they won’t get found out at some point.