Crypto Security in 2021: More Threats Against DeFi and Individual Users
Attacks on exchanges are estimated to either remain stable or decline. Attacks on DeFi are likely to rise. Individual users will increasingly become the targets of cybercriminals. This whole picture will be complicated by the regulatory uncertainties.
In 2020, the crypto industry was no stranger to cyber-attacks and cybersecurity breaches. Hackers made off with millions after hitting the KuCoin exchange in September, while a range of DeFi (decentralized finance) platforms — Balancer, Opyn, Akropolis, and others — also received more than their fair share of drama throughout the year.
As for next year, a range of cybersecurity experts and crypto industry figures speaking to Cryptonews.com predict that 2021 will also witness a healthy (or unhealthy) number of cyber-attacks. And while the growth in institutional investment may result in exchanges further improving their security standards and measures, we’re likely to see an increase in attacks against DeFi platforms, smart contracts, and individual users.
2020: what experts said
At the end of 2019, experts predicted that 2020 would continue to witness a steady number of attacks on exchanges, although without necessarily seeing an increase.
This has largely been borne out by reality, with not only KuCoin suffering a pretty high-profile breach, but also Cashaa, Eterbase, 2gether, and Altsbit, which was forced to shut down as a result of its February hack. Most of these exchanges may be fairly small, but they show that hackers still have exchanges in their sights, even if the biggest platforms have perhaps learned how to protect themselves better.
Experts also predicted a noticeable increase in 51% attacks. It would be a stretch to say that this forecast was mostly accurate because even though the likes of Ethereum Classic (ETC), Bitcoin Gold (BTG), and Grin (GRIN) suffered 51% attacks this year, there wasn’t really a significant uptick in exploits compared to previous years.
2021: A new target emerged - DeFi
The first prediction for 2021 is that, while attacks on exchanges will either remain stable or decline (at least with established exchanges), attacks on DeFi platforms and protocols — particularly new ones — will rise. This is the view of John Jeffries, Chief Financial Analyst at crypto/blockchain security intelligence company CipherTrace.
As reported, according to the company, losses from cryptocurrency thefts, hacks, and fraud declined to USD 1.8bn for the first 10 months of the year compared with last year, but crime in the DeFi sector rose. So far, in 2020, DeFi hacks make up 21% of 2020 hack and theft volume. In the second half of 2020 DeFi took up 50% of all thefts and hacks (USD 47.7m or 14% of hacked volume).
“The hype around DeFi is reminiscent of the ICO craze of 2017 in the sense that many DeFi protocol creators are launching too quickly, neglecting to perform necessary smart contract security audits,” he told Cryptonews.com.
Jeffries said that DeFi’s problems will mostly get worse in the short-to-medium term, since unlike the brief ICO boom, decentralized finance is touted as a major innovation and is estimated to grow significantly in the coming years.
“DeFi is experiencing the growing pains of expanding too quickly and there simply are not enough qualified smart contract authors and auditors creating quality assurance problems,” he added.
Related to the growth in attacks on DeFi platforms is a likely growth in the targeting of smart contracts, which DeFi platforms generally use.
“As smart contracts become even more popular there is a very good chance that hacks will continue to exist, and with more contracts, there will be more hacks,” said Mathieu Hardy, Chief Product Officer at trading platform Osom.finance. “Developing smart contracts is more akin to developing hardware than software and it will take a while for the software industry to adapt to a new way of working.”
Pavol ‘Stick’ Rusnák, Co-founder and Chief Technology Officer of SatoshiLabs, the maker of the Trezor hardware wallet, also said it’s inevitable that hacks on smart contracts and new DeFi platforms will rise in 2021, particularly with new start-ups rushing to capitalize on the DeFi boom.
“It’s impossible to write a secure smart contract or decentralized exchange if your team has only a handful of people. And still, we see more and more people pouring their money into systems that have not received peer review and security scrutiny,” he stressed.
Conversely, Mathieu Hardy added that we should likely see a gradual decline in attacks on exchanges, particularly as competition increases to attract the influx of new institutional and retail money.
“When it comes to exchanges, we do expect market pressure (people will choose better exchanges) as well as better regulations (we see a lot more pushes worldwide to have exchanges regulated more like traditional payment institutions) to change the landscape sooner than later. We are ourselves regulated and, when it comes to security, have ourselves adopted the practices most of the useful rules that apply to payments institutions,” he said.
The main point of failure - users
The cryptoasset market is on the up, something which will enable exchanges and other platforms to invest more in security in 2021. But at the same time, the increase in cryptoasset prices will provide (potential) hackers with greater motivation to attempt hacks, scams and thefts.
“Crypto price rises this year will clearly attract more bad actors to target cryptocurrencies, holders, and exchanges, but the institutionalization and regulation is rapidly improving crypto cybersecurity,” said John Jefferies.
The result of these parallel developments — improved security and greater incentive to steal — will be that individual users and holders will increasingly become the targets of cybercriminals.
“The biggest security challenge, as in most mature industries, will be designing systems that are safe enough that they can keep users from hurting themselves. Because like today in ‘financial hacking’ most of it is done through social engineering and getting you to install crappy software,” said Mathieu Hardy.
This assessment is shared by Jefferies, who also suggested that users “will continue to be the biggest security challenge,” largely as a result of phishing scams, which will also try to target administrators of platforms.
Jefferies also warned of the ongoing prevalence of investment scams, something which will be fed by the continued growth of the DeFi sector.
“Investment scams continue to be the most prevalent crypto crime in which bad actors take advantage of users' FOMO [fear of missing out] and desire to ‘get rich quick’ to entice them into participating in fraudulent investment platforms,” he said.
This whole picture will be complicated by the regulatory uncertainties surrounding DeFi, which may ultimately increase hacks by virtue of reducing accountability.
“DeFi presents a regulatory challenge, as there are many unanswered questions about whether DeFi protocols will be treated the same as CeFi (centralized finance) platforms and who should be held responsible when there is a lack of compliance, negligence, hack, or a protocol is used to launder stolen funds,” said John Jefferies.
Even with the risks 2021 will bring, it’s likely that at least a portion of the crypto community will begin to become more aware of the issues surrounding security, and will literally begin to take matters more into their own hands by not storing significant amounts of their crypto wealth on exchanges and moving it to a hardware wallet.
Crypto in 2021: Institutions Prefer Bitcoin, Retail Open to Altcoins
Crypto Regulation in 2021: The Piecemeal Approach & New Winds
Crypto Adoption in 2021: Bitcoin Rules, Ethereum Grows & Faces Rivals
A Bitcoin Multisig Primer: How Does it Work & What You Need To Know
Your Bitcoin Brainwallet Can Be Swept Even Without Reading Your Mind
Police in Latvia Thwart Brutal Crypto Theft and Murder Plot