As with Web2, cyber-criminals are around and looking to exploit Web3 for their own financial gain.
This article was published as part of our membership with the CoinTelegraph Innovation Circle. We have uploaded it onto our blog for your reference.
Cryptocurrency, blockchain, Web3 and DeFi are buzzwords that everyone can recognize in 2022. The industry has been taking the world by storm. Technological advancements and the openness and transparency of the industry have seen many tech-savvy enthusiasts and innovators fully embrace the technology and collaborate to enable mass adoption.
Decentralization is “cutting out the middleman.” The benefits are being embraced by more than 56 countries in the world. The global population is noticing.
Unfortunately, the other major talking points within this industry are hacks and scams. As with Web2, cyber-criminals are around and looking to exploit Web3 for their own financial gain. This article is going to cover three major hacks within the industry, what happened and why.
Highlighting these events, which are only a tiny portion of the total that have happened over time, provides us with the best insight to prevent a recurrence. It also highlights the need for protection in Web3, whether that be keeping your digital assets offline on a hardware wallet/ledger or purchasing cover protection.
Mt. Gox (2011 and 2014)
Often recognized as the first major cryptocurrency hack. Mt. Gox was a Japanese crypto exchange launched in 2010. By 2011, it was one of the biggest global exchanges and even handled more than 70% of all BTC (Bitcoin) transactions. However, it was at this time that the first exploit took place. $8.75 million of Bitcoin was stolen from the exchange in 2011. The first attack was seen as a lesson and Mt Gox saw this as an opportunity to improve their security and code to prevent another attack from happening.
Despite this, in 2014, a more explosive attack took place. Fraudsters managed to siphon $615 million worth of Bitcoin from the exchange. They managed to do this by creating fake bitcoins and flooding the exchange with them.
Investigations since have also found that Mt Gox’s private key was stolen and decrypted back in 2011 when that first attack took place.
The resulting attacks left Mt Gox in financial ruin and lawsuits have been ongoing since to try and recover as much money for users as possible.
Binance (2019)
Binance has done a phenomenal job at bringing Web2 users to the front of Web3. Their user-friendly interface has helped make them one of the most well-known exchanges in the crypto industry and, on a individual level, is the one business that seems recognized away from the industry too.
The world’s largest cryptocurrency exchange boasts a portfolio of 394 different tokens and 1,668 active markets at the time of writing this. Due to the scale and enormity of their name and reputation, Binance’s exploit of 2019 made it onto our list.
In May 2019, hackers managed to exploit a Binance hot wallet and withdraw $40 million worth of Bitcoin. Fraudsters managed to gain access to the Binance security system, obtaining various elements of data, including APIs and two-factor logins. All the stolen bitcoins were linked to just one specific wallet. Since the exploit, Binance has set up an protection fund to try and cover the losses of its users.
CoinBene (2019)
The third attack to make it onto our list is CoinBene. Considered in 2019 as one of the top 10 cryptocurrency exchanges, the Singapore-based organization was unique in its failure to accept liability or even that an exploit took place in the first place.
CoinBene was active in 192 countries in the world and fraudsters managed to steal approximately $105 million in a variety of different tokens and currencies. This event took place in the March 2019 and as a result, CoinBene refused to reveal the details and instead suggested they were closing down for various maintenance activities.
Since then, investigators have deduced that the exchange was actually exploited. Criminals took the money away from CoinBene and started trading on other major exchanges. As a result, none of the lost coins have been recovered.
These are just three of the hundreds of major attacks that have taken place within the industry. In fact, in 2021, we entered the biggest year of crypto cybercrime. It is believed that last year, $14 billion was stolen from the industry, and very little, if any, has been recovered by their rightful owners.
It is not time to sit back and allow this to happen. It is time to be aware, be stringent with the protection of assets and investigate alternative options of protection such as cover solutions. The best place to start is by browsing which solution is right for you.
The most common cover offering available right now is smart contract vulnerability. Depending on the terms and conditions of the provider, this cover would usually protect you against any attacks on the smart contract of the protocol that you keep your assets in. From a providers perspective, we know that the entire blockchain industry is new and we would advise all readers to be extra vigilant.
Things will change and a large-scale financial loss was felt across the industry during the recent UST depeg event and Luna (LUNA) collapse. Cover protocols are working together to provide more stability and payouts will be coming for those who purchased their premiums. While Web3 is still yet to be mass-adopted globally, anyone who has digital assets should be thinking about security and being in control of their own assets. Failure to do so could be catastrophic for the user.
This industry is going to expand further over the coming weeks, months and years. The more that we can do as an industry to prevent future exploits from occurring, the faster we will see mass adoption of cryptocurrencies, blockchain technology and Web3.