Why are hacks so common in cryptocurrencies?

Hacks or hacks remain a major scourge of the cryptocurrency industry, while blockchain is expected to be a secure technology.

50, 150, 500 million dollars… These dizzying figures are not the capital letters of the latest Web3 nuggets. This is the amount of some of the most notorious hacks in the blockchain and cryptocurrency ecosystem. Among the best known hacks are those of the Mt Gox exchange in 2014 (740,000 bitcoins) and The DAO in 2016 (60 million dollars).

Since then, the market has grown significantly, hacks can run into the hundreds of millions. One of the latest is that of Ronin Network, for about 600 million dollars! A question then arises: why are these hacks so frequent, when blockchain technology should be the safest in the world?

A determining factor: human error

Data theft, the most common hacking

At the risk of repeating themselves, major hacks resort to classic techniques that can be seen everywhere on the Internet. Phishing, identity theft or user naivety are the most frequent.

A wallet’s private key protects it from outside intrusion … as long as you protect its key. However, by giving your private key unknowingly to a hacker or by storing it in the wrong place, it can be extremely easy to empty a wallet. This technique does not require any technical knowledge and is very simple to perform.

In this case, neither the protocol nor the technology is at fault and the blockchain remains as secure as ever. However, security doesn’t stop us from being vigilant with the data we need to protect. It is precisely for this reason that private key storage services are emerging.

Fraud, complement to human error

It can happen that our private key is stolen without us having much to do with it. In this case, it is not the user that is in question, but the protocol and even the wallet. When it’s the wallet, presumably maximum security, that gets hit, it’s tempting to blame the technology for hacking. Again, this is human error.

For example, if you are using a MetaMask, you may have downloaded a pirated version without knowing it. So, your famous private key was not stored on a piece of paper, but via a file on your computer. It is also possible that you have unknowingly participated in a scam and that the cryptocurrencies you have transmitted are in the hands of a hacker.

The scam is therefore still due to human error. For this you must always monitor the URL addresses of the websites you visit, you must not answer a stranger on Discord or Telegram by offering you “technical support” and do not fall into the trap of dizzying returns.

Again, the technology is not in question. but sometimes there is a human error in the protocol itself, and this is the most concerning.

Worrying factor: the lack of security of some protocols

Hackers exploit security vulnerabilities

Of course, this is also a human error. But this exists from the protocol design and is exploited by a hacker. The security flaw is the scourge of young protocols, who want to get started too quickly by neglecting certain aspects of security.

Of course, these hacks require very good computer knowledge, starting with a perfect understanding of the source code. Hackers can then spot flaws, sometimes related to sending addresses, blocking transfers, or even storing cryptocurrencies for centralized protocols. Hackers then find a backdoor into the network due to the lack of protection. Sometimes it can be an upstream human error, such as a weak administrator password.

By meddling in the protocol, it is possible to modify it at will and transfer a large sum, before the attack is identified and the fault closed. In general, these types of attacks only last a few minutes or even seconds. But that’s enough to compromise a network.

It is difficult to defend against this type of attack, because we do not have control of the protocol in question. Our advice therefore remains the same: keep your cryptocurrencies as soon as possible and avoid protocols that seem dubious to you.

The blockchain, a technology that remains secure

The distinction may seem subtle and complex for a novice to identify. However, a security breach is not synonymous with a flaw in blockchain technology. For example, in the case of bitcoin thefts in the Mt Gox case, the problem stemmed from a security breach on the Mt Gox platform. Here, as in all Bitcoin-related hacks, the origin came from human neglect of a Bitcoin-related platform or protocol. But the Bitcoin blockchain was never the problem. Since its existence, it has never been criticized and remains considered the safest and most secure blockchain, particularly thanks to the Proof of Work consensus.

For the other protocols, which in particular use proof of stake (Proof of Stake, PoS), the distinction is even more subtle. The security breach can directly affect the protocol, and hacking can compromise the entire network. But even in this case the technology is not in question. Indeed, this is a negligence when creating the protocol. PoS blockchains are not protected by computing power like Bitcoin, but by validators that immobilize the tokens of the blockchain in question. It is technically easier to violate these protocols, which therefore need to be more vigilant regarding security.

For example, in the Ronin Network case mentioned above, there were only 9 validators. Which is clearly not enough. The cause is therefore not the Ethereum architecture, used by Ronin, but the security of the Ronin protocol itself. In other words, the security of a technology depends on its use. The more human intervention there is, the more this security can be compromised. This is why Bitcoin is the safest protocol, as it requires minimal human intervention.

Leave a Comment