The biggest cryptocurrency hack we’ve seen…and what it's teaching us.
Recently, a group of hackers stole $600 million worth of cryptocurrency from the Poly Network platform, making this hack one of the biggest hacks and threats to the foundation of cryptocurrency. This hack is shaking investors to their cores and will have reverberating effects down the road. The crypto giants realize this fact and have acted swiftly by black-listing the crypto wallets and accounts associated with the hack.
The hack took place today, Tuesday, 10 August 2021. The group stole 2,858 ether (~$267 million), 6,610 Binance coins (~252 million), and$85 million worth of SDC tokens. For more information, please refer to the article below:
This is devastating for many reasons and comes at the worst time when ether is FINALLY over $3,000 per token and talks of the much-anticipated Proof of Stake (PoS) model are reaching all-time high. This news got investors licking their chops, but now…investors are questioning their excitement. This hack proved what so many of us that hold .10 cents worth of cybersecurity cred already knew…bad guys always ruin a good thing and cryptocurrency had some security flaws.
Security … let’s think about that again.
First off, the blockchain is solid; no issues there; it’s the wallets that the weak link. Online wallets require accounts that are protected by usernames, passwords, two-factor authentication (2FA), persistent cookies, etc…which can be exploited in the same manner as your Facebook account.
Anonymity…try again.
Many rave that privacy is essential, and cryptocurrency provides a level of anonymity. You’ll understand how much this is a joke if you peel back the onion by just a couple of layers. Crypto wallets are associated with your name, email address, home address, phone number, and most of them now require you to scan in a copy of some form of government-issued ID.
These hackers may have wallets not associated with the big online crypto wallets, but the activities of crypto addresses are constantly being stored in databases and tracked. The OSINT platform Maltego even has transforms that can track the activities of crypto-wallets. Because cryptocurrency is becoming more mainstream, it’s become easier to find who owns what wallets. A private security firm has already digitally fingerprinted and ID’d some of the IPs and email addresses associated with the hack. Furthermore, that money is going to be hard to spend because of the blockchain. Great in the long run, but this points out an idea that I wrote about before in a previous article, that cryptocurrency really isn’t free and open and decentralized.
Decentralized…yea…ok.
If this were indeed an open and free system with the blockchain being the only trusted agent, we wouldn’t see public statements made by billionaires, private firms jumping to find the hackers’ identities, and fear from investors. Crypto was supposed to eliminate the big heavy hitters in finance, shut out the corrupt banks, and be a platform for all. This hack has unveiled a lot. The two biggest takeaways are:
- There are powerful central figures invested in the success of crypto.
- Cryptocurrency is no longer for the dark web hacker/online drug dealer… it’s mainstream and it’s harder to hide.
Conclusion…What now?
These hackers’ wallets are burned. And the transfer of these coins to other wallets will only burn them as well, and this is because we’re starting to see the modern form of digital finance that’s just as centralized and powerful as banks. These hackers have f*cked up because influential investors need to “sell” the notion that cryptocurrency is safe and the modern finance platform. They will invest the time, money, and effort in selling that narrative, rendering big crypto hacks not worth the strokes on the keyboard.
Here are a few cyber-security tips regarding crypto wallets. Try diversifying your wallets, meaning, don’t have all of your tokens in one place. This will help mitigate your losses if a hack occurs. Also, only do business with reputable organizations. Do your research!!!! This is not only good cyber-security practices but investment practices as well.
