Cryptocurrency, the next generation of money. Adored by luminaries from Elon Musk to Snoop Dogg. Now the official currency of El Salvador, and a funding source for Ukrainian resistance to the Russian invasion.
But is crypto really all that it seems?
Cryptocurrency has tremendous potential to address a host of the world’s financial issues: from limited access to financial resources, to ineffective and costly payment and transfer services. But, despite years of promise, it has yet to live up to this potential. And a key reason it still struggles to gain wider acceptance is security concerns.
When Bitcoin and its underlying blockchain first launched, the belief was that it was essentially unhackable. Of course, if something sounds too good to be true, it probably is. Indeed, bitcoin blockchain security further validated this mantra. For follow-on cryptocurrencies—such as Ethereum— the situation was even worse, and cryptocurrency investors have lost millions of dollars to cyber attacks.
Nonetheless, cryptocurrency investment continues to accelerate rapidly. Promises of sky-high returns are fueling a mania around crypto investment. And while there are substantial opportunities for profit in crypto, they come with similarly substantial risks. So before jumping on the crypto train, you should carefully consider the risks and the security (or lack thereof) of your investment.
Attacks on Cryptocurrencies
Several high-profile cyber attacks on cryptocurrency blockchains have occurred over the years. Although the first major attack is now more than a decade old, its repercussions still affect the crypto space.
At one point, Mt. Gox, a Japanese crypto exchange, controlled more than 70% of global bitcoin trades. Unfortunately, unknown to the company or its customers, hackers in the background were busy siphoning funds for years. Between 2011 and 2014, attackers stole 840,000 BTC, worth more than $450 million (today, worth tens of billions). By February 2014, Mt. Gox was in bankruptcy, and its clients permanently lost their coins.
Other cryptocurrencies also suffered severe attacks. In 2016, Ethereum (ETH) decided in a controversial move to implement a “hard fork” and split into two branches to correct the effects of an attack that siphoned $60 million from an organisation called the DAO (decentralised autonomous organisation). In late 2021, the Bitmart exchange lost $200 million to an attack. And to kick off 2020, another major exchange, Crypto.com, announced an attack had drained it of $15 million. And there appears no end in sight in terms of future attacks.
What Makes Cryptocurrencies So Vulnerable?
If blockchains are supposed to be so secure, why are these attacks successful? There are many reasons hackers have hit the jackpot in the crypto space, some related to the underlying technology itself and some related to external factors.
Weak Smart Contracts
Cryptocurrency markets rely heavily on what are known as smart contracts, which are essentially code that causes automatic transaction execution when certain conditions are met. As with any code, they frequently have weak spots, which can go undetected and allow hackers to divert cryptocurrencies for their own use.
Because of the decentralised nature of blockchains, many people with a wide range of programming experience are creating smart contracts. This alone is a reason for concern. But it is also well known that fully securing smart contracts is difficult even for experienced programmers and security professionals.
Because cryptocurrency blockchains rely on consensus mechanisms (proof-of-work and proof-of-stake) for validating transactions, they are vulnerable to what are known as 51% attacks.
Essentially, attackers (typically large groups or nation-states) obtain control over the computational power or available currency for a blockchain and can then create new transactions and alter others.
Bitcoin has a proof-of-work consensus mechanism, where transaction approval requires solving complex mathematical equations to mine bitcoin. Attackers must control at least 51% of the total processing power at a given time to succeed, which requires enormous amounts of equipment and energy. For this reason, it is unlikely any malicious actor other than a hostile government could pull off a 51% attack against Bitcoin.
Other blockchains are another matter entirely. Ethereum, for example, has suffered a successful 51% attack. Although the amount stolen wasn’t much over $1 million, the danger of a more wide-ranging attack for smaller cryptocurrency blockchains exists.
Investors themselves are a prime vulnerability in the crypto space. Because cryptocurrency is a new and unregulated area, scams are widespread. And because there is little information other than social media’s cryptocurrency communities to help identify and publicise scams, it is easy for investors to get caught holding the bag.
Crypto investors should always recall the “too good to be true” mantra and rigorously investigate any potential investment before committing their funds. The crypto space is rife with offers for wild returns, sometimes more than 100,000% per year. Yet few are anything more than modified Ponzi schemes or “pump-and-dump” schemes.
Fortunately, people who have fallen for scams are more than willing to share their experiences online. So, before investing in the next get-rich-quick scheme, just type “is [investment name] a scam?” into your search bar and see what comes up.
Investors of all kinds still regularly fall for phishing scams, providing account and other sensitive information to unknown people who contact them via email or social media. For example, while a valuable source of information on crypto investments, Telegram also has a huge number of scammers masquerading as official cryptocurrency platform representatives.
Many new crypto investors also fail to understand the basics of buying and selling cryptocurrencies or the associated fees involved. As a result, they can frequently lose much of their investment solely to the process.
Consumers can also unwittingly become cryptocurrency miners without obtaining any benefit. Phishing scams allow hackers to inject cryptojacking malware into unsuspecting users’ computers. The malware then turns the user’s machine into a cryptomining rig, consuming 90% or more of the computer’s resources and racking up the consumer’s electric bill.
Lack of Regulation
Cryptocurrencies have begun to move from their Wild, Wild West reputation to some semblance of legitimacy as larger institutions and governments have endorsed and started trading in them. But crypto markets remain largely unregulated, unlike traditional financial institutions. As a result, there are very few protections for investors who fall prey to an attack and very few mechanisms for attempting to recover lost funds.
So far, it appears we may see substantial progress in 2022 in terms of regulation and wider adoption of cryptocurrencies. In March, President Biden issued an executive order for several agencies to assess ways to protect crypto investors, as well as methods to counter crypto’s use for illicit purposes like money laundering. Although progress may be difficult given the current political environment, this was an important first step.
Do crypto vulnerabilities mean that cryptocurrency investment is substantially less safe than traditional banking and investments? Not at all.
Hackers have been accessing traditional financial institutions since before cryptocurrencies even existed. But the lack of regulation and consumer protection coupled with an investor pool that’s easy to exploit means it’s not the proper type of investment for everyone. Investors should think carefully before committing their money, and only those with an appetite for high risk should take the plunge.