Crypto 2020: Security Trends Next Year and Beyond
“The weakest link in the cryptocurrency system are custodians.” "The ones that don't do security well just go bankrupt.”
Cryptography is the cornerstone of informational security, but not everything is entirely secure in the world of cryptocurrency. Crypto-exchanges are still subject to fairly regular attacks and hacks, while even cryptocurrencies are confronted with the rare 51% attack.
How will this picture change in 2020 and the coming decade? Well, as crypto grows further and enjoys greater adoption, it's almost inevitable that attempts by cybercriminals to take a piece of the pie for themselves will grow in parallel.
And as a variety of experts tell Cryptonews.com, it is likely that (attempted) attacks against exchanges will increase in 2020, and that the mining reward halving of Bitcoin Cash (BCH) and Bitcoin SV (BSV) may make these altcoins more susceptible to 51% attacks.
Looking back at 2019
How accurate were Cryptonews.com’s security predictions for last year? Well, the main prediction experts made concerned the growth in crypto-mining malware targeting Internet-of-Things (IoT devices).
Here, McAfee’s Chief Scientist, Raj Samani, suggested that such instances would grow given the rising numbers of IoT devices in homes and businesses, and given their unsecured nature.
And he was largely right, at least insofar as McAfee’s own Threats Report from August revealed a 29% increase in crypto-jacking between Q4 2018 and Q1 2019 alone, although this wasn’t solely the result of an increase in IoT-targeted attacks.
Exchange attacks and data thefts
"I suspect that exchanges will continue getting hacked as they have been for the last 8 years," predicts Bitcoin developer Jimmy Song, speaking with Cryptonews.com.
Other commentators are more forthright about predicting an actual increase in hacks and attacks next year. Charles Phan, Chief Technology Officer of cryptocurrency derivatives exchange Interdax, expects that this will also include "crypto-related platforms," such as wallets.
While thefts and frauds fell in Q3, annual total so far in 2019 stands at USD 4.4 billion, cryptocurrency intelligence and blockchain security company CipherTrace said in its Q3 2019 Cryptocurrency Anti-Money Laundering Report.
But hackers won't only be focusing on the direct theft of the public's cryptocurrency holdings. They'll also be trying to steal personal info and data in order to hack user accounts, which then allows cybercriminals to transfer personal holdings to their own wallets.
"While hackers usually try to steal people’s money, they also frequently target or abuse sensitive personal information, as we saw with the BitMEX email leaks and the exploit of Coinmama, [a crypto trading platform] in early 2019," Phan says.
He adds that hackers are consistently using more sophisticated methods to try to stay one step ahead of their targets, as witnessed by the USD 40 million Binance hack from May.
Old problems, new methods
Increasingly, 2020 and the coming years will see hackers focusing on new ways of violating the cybersecurity of exchanges and other platforms.
"One major problem for many cryptocurrency exchanges is the absence of HTTP Security Headers, where data for the top 100 exchanges shows that just 11% have adequate security in this area," says Charles Phan, referring to a report published this year by crypto research firm CER. "We’d expect hackers to take advantage of this."
Also, Phan points to the fact that only 40 of the top 100 cryptocurrency exchanges have implemented DNSSEC (Domain Name System Security Extension), while the other 60 do not have appropriate records for their domains, meaning they are exposed to DNS (Domain Name Server) cache poisoning attacks. This could also lead to an increase in related attacks from next year.
Things don't stop there, because 2020 will likely bring a rise in phishing scams and malware attacks.
"Phishing attacks are likely to become more sophisticated as criminals move away from using emails as their payload of choice to other methods such as the use of SMS messaging and social media to fool their victims," Phan says.
Cryptocurrencies and 51% attacks
51% attacks are the stuff of crypto nightmares. However, as the infamous 51% attacks on Verge, Vertcoin, Ethereum Classic, and Bitcoin Gold indicate, they are possible, particularly in the case of coins with low hashrates, or network’s computing power, relative to their total amount of available hashrate.
Jimmy Song accepts that we could see an uptick in these attacks next year, although they may not always be successful in directing fiat currencies to the banks of hackers.
"The halving of BCH and BSV should make it very affordable to attack," Song says. "The question is how will an attacker benefit?”
“Usually this requires some financial gain, but the only way anyone has done that is through double-spending on exchanges. I suppose more of that could happen, but it's not very popular since exchanges just up the number of confirmations."
Bitcoin and the future
Looking further into the future, Song – a 'Bitcoin maximalist' – believes that Bitcoin itself will remain robust to hypothetical threats.
"Bitcoin has a lot of game theory going for it. It's just very difficult to profit off of trying to attack Bitcoin,” he says. “Altcoins, on the other hand, have a lot of problems. Most of them are centralized, though, so that ends up being the way to combat hacks."
That said, while Charles Phan agrees that Bitcoin itself is well-protected against cyberattacks, many of the systems and platforms that rest on top of it aren't, and will remain a weak point in the coming years.
"The problem with Bitcoin is not the protocol itself, which has proven to be secure, but rather the businesses that are operating on top of the Bitcoin network," he says.
"A chain is only as strong as its weakest link and the weakest link in the cryptocurrency system are custodians. If their security isn’t up to scratch, their customers may lose out."
Still, an increase in cyberattacks against exchanges and wallets may result in the most inadequate being weeded out of the crypto ecosystem, with only the fittest surviving, thereby increasing overall robustness.
"The ones that don't do security well just go bankrupt," Jimmy Song observes. "That's the way of the world and the ones that survive are much better at security, so I suspect that over time, there will be fewer hacks."