Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes
- "DeFi is still a giant virtual laboratory of experiments where moving fast and breaking things in the world of finance is still the rule."
- "Too many people don't value security" or are willing to throw significant amounts of money in untested DeFi platforms.
- "It’s very risky to hold a leveraged position during such [exchange] outages as such positions can be liquidated fast."
- "One of the biggest areas of security remains that of private key management."
Security is integral to crypto. This is perhaps unsurprising for something based heavily in cryptography, but with cryptoassets now surpassing a total market capitalization of USD 2trn, security has to be a key issue for every exchange, wallet, platform, user, and investor in the industry.
However, all too often this doesn’t quite appear to be the case, what with the number of decentralized finance (DeFi), crypto exchange hacks, and ransomware exploits we’ve witnessed this year. Sadly, industry players speaking with Cryptonews.com predict that things will get worse before they get better, with DeFi, centralized exchanges, cryptoassetss, and users themselves all facing challenges next year.
At the same time, as the market matures and as new tools appear, the security offered by many platforms might see an improvement by the end of 2022.
Fast-moving DeFi problems
Pretty much every commenter we spoke with says that DeFi security issues will continue to be a trend well into 2022.
“Not to sound too dramatic but DeFi is still a giant virtual laboratory of experiments where moving fast and breaking things in the world of finance is still the rule. The level of complexity of new DeFi services built-in ‘Lego’ mode allows more room for either malicious attacks or human error,” Ouriel Ohayon, Co-founder and CEO of mobile-based crypto wallet ZenGo.
DeFi has numerous internal characteristics and quirks that make it ripe for security problems or vulnerabilities, and these are likely to remain in place in 2022.
“One of the potential problems with decentralized finance, in terms of cyber-attacks, stems from the fact that, by definition, it’s unregulated in the way that traditional financial institutions are. The fact that there are organizations with little experience or knowledge of dealing with cyber-security issues compounds the problem,” said David Emm, the principal security researcher with Kaspersky’s Global Research and Analysis Team.
Emm explains that such inexperience and underregulation leave scope for cybercriminals to exploit the situation. “For this reason, we will continue to see attacks on the sector,” he added.
Commenters are divided on whether the DeFi security situation will get better or worse next year. For Trezor and SatoshiLabs Brand Ambassador Josef Tětek, DeFi apps will remain prone to bugs and exploits of various kinds.
“This is due to the tendency of DeFi developers to move fast and attract as much capital as possible, both of the invested and value-locked kind. Plus we have witnessed bugs being found even in long-running apps such as Compound -- the complex smart contract architecture simply offers too large of an attack surface,” he told Cryptonews.com.
Likewise, CipherBlade’s Paul Sibenik isn’t particularly hopeful that crypto will see an improvement when it comes to DeFi’s security problems.
“We don't expect it to improve, if anything the contrary. Too many people don't value security or are willing to throw significant amounts of money in DeFi platforms that don't have an extensive battle-tested track record particularly with regard to security,” he told Cryptonews.com.
At the other end of the spectrum, some industry figures are hopeful that 2022 will witness a gradual improvement, with DeFi vulnerabilities becoming less of a theme.
“The good news is that more tools to vet the security of those projects but also to help investors protect themselves from their own mistakes are coming to the market,” said Ouriel Ohayon.
Similarly, Chris Harding, the compliance officer at Civic, tells Cryptonews.com that while the growth of DeFi will attract bad actors, it will also provide platforms in the sector with expanded resources for strengthening their systems.
“As [hackers] grow more shrewd with their approaches, so do the DeFi project teams! Teams are learning every day and the community is collaborating on how to better protect against bad actors,” he said.
Harding also suspects that the involvement of regulators may have the positive effect of improving security within DeFi, in the sense of compelling platforms to introduce better protections for users.
“We’ve recently seen the FATF guidelines on [virtual asset service providers] published, so as the US and other countries determine how to implement those guidelines into law, we will see many players start devoting a lot of time and energy to legal and compliance matters,” he added.
Exchanges to continue experience outages and technical issues
More than a few crypto exchanges experienced hacks in 2021, while another common security issue (at least as far as protecting the value of your holdings goes) were the outages and service disruptions that even the biggest platforms -- such as Binance and Coinbase -- experienced on numerous occasions this year.
“The outages at major exchanges attest to the near-exponential growth in trading volume we've seen over the course of 2021, which will only continue to expand in 2022. This rapid growth in transaction volume should be seen as a major point of validation for the crypto industry, though the dramatic transaction spikes present operational challenges for exchanges and other [decentralized applications],” said Matt Cutler, CEO & Co-Founder of blockchain data provider Blocknative.
Industry observers anticipate that exchange outages and hiccups will continue being a trend in 2022, and as with DeFi problems, may only see incremental improvement at best.
“I believe exchanges will keep on suffering outages in the times of strong price rallies, simply because spikes in demand can outpace every expectation. It’s very risky to hold a leveraged position during such outages as such positions can be liquidated fast,” said Josef Tětek.
That said, as the industry continues to grow and mature (and as regulation enters the fray), at least some people think exchange issues will improve gradually over the course of next year.
“Each outage is a necessary step towards a stronger set of processes and infrastructure. We think this cycle is inevitable and even required so that the industry grows towards a more stable state,” said Ouriel Ohayon. (Learn more: Crypto Exchanges Scale, But Outages Likely To Remain A Fact Of Life)
One thing that might improve the problem, at least to some extent, are decentralized exchanges (DEXes), at least according to Futureswap CEO and co-founder Derek Alia.
“DEXes are antifragile against these network outages because you have hundreds of thousands of people incentivized to run the nodes of the network to keep the system up, which is far more resilient than keeping it in one or two large network hubs distributed in a handful of places. This is one reason why you’re seeing crypto applications with almost zero downtime,” he told Cryptonews.com.
Platform teething problems
Related to exchange disruptions are the kinds of outages we saw afflict nascent platforms such as Solana (SOL) and Arbitrum this year. This is likely to be another prominent trend in 2022, particularly as new networks emerge and develop.
“Investors continue to show a willingness to throw obscene amounts of money into relatively new and/or not sufficiently battle-tested projects when they think the price will go up,” said Paul Sibenik.
This is a view shared to a large extent by Josef Tětek, who also says that the market’s overzealous pursuit for the ‘next big thing’ leads to the launch or release of platform’s which aren’t especially robust.
“New crypto projects usually adopt the ‘move fast and break things’ mentality, which inevitably leads to, well, things breaking down sooner or later. While this approach is fine for tech startups, it’s reckless for monetary technologies,” he said.
As reckless as it may be, the money up for grabs -- and its explosive growth -- leads many firms to rush to market with undercooked protocols, and this is expected to only worsen (at least for a period) as crypto encounters more mainstream acceptance in 2022.
“Investing in the hottest coins that are competing with each other, especially ETH competitors like SOL, ADA, DOT, etc. carries an additional risk if they face pressure to provide the most features or the fastest transaction speed without giving first priority to stability. So they face a higher chance of encountering a security issue or a technical glitch as long as speed is the focus,” argued Dave Bitcoin, a crypto expert who runs the walletrecoveryservices.com website.
Ransomware and other security issues
“It's hard to guess whether things will significantly improve or get worse within a year, so I imagine we'll continue to see occasional security lapses and technical glitches in 2022 as the crypto market continues to see a lot of interest & activity,” says Dave Bitcoin.
There are two other security issues that will continue to be a problem in 2022, particularly as larger numbers of inexperienced newbies enter their toes into crypto for the first time.
“One of the biggest areas of security remains that of private key management and account takeover of password-based systems,” said Ouriel Ohayon.
“We have seen thousands of Coinbase accounts taken over by a faulty [two-factor authentication] system, on a daily basis investors lose (stupidly) their funds by giving away their private key or seed [phrase] to a phishing attack and in those cases, even hardware wallets cannot protect you, smart contracts maliciously (or not) coded can have abusive permissions that can drain your wallets, even with certain NFT formats,” he added.
The fact is that the average layperson isn’t a cryptographic security expert, so may find it hard to adapt to the unforgivingness of cryptocurrency security. This has always been an issue with crypto to some degree, but with greater numbers of investors flooding into the market, 2022 will potentially see it get worse.
Another familiar security issue that may get worse is ransomware, which David Emms says could get worse even as action is taken to prevent it.
“An emerging (and worrying) trend that relates to cryptocurrency is the payment of ransoms. Ransomware is a problem that taxes the minds not only of organizations, but of governments,” he said.
Emms explains that it’s possible 2022 might find governments seeking to introduce regulation related to ransomware, to try to make it harder for ransomware gangs to operate. “The US already operates a block-list of sanctioned companies that US organizations are not allowed to pay,” he noted.
However, given that crypto is still a very new, rapidly evolving, and highly complex space, it’s possible that it will still take some time for truly robust and comprehensive legislation to be introduced that deals with all of the sector’s security issues. As such, expect 2022 to bring a myriad of security challenges, issues, and, hopefully, solutions.
- How Global Economy Might Affect Bitcoin, Ethereum, and Crypto in 2022
- Crypto Exchanges in 2022: More Services, More Compliance, and Competition