In 2020, the cryptocurrency industry has experienced several cyber-attacks and cybersecurity breaches. Hackers made off with millions after hitting the KuCoin exchange in September, while a range of DeFi (decentralized finance) platforms — Balancer, Opyn, Akropolis, and others — also received more than their fair share of drama throughout 2020. A range of cybersecurity experts predict that 2021 will also witness a healthy (or unhealthy) number of attacks especially in DeFi sector.
While the growth in institutional investment may result in exchanges further improving their security standards and measures, we will possibly see an increase in attacks against DeFi platforms, smart contracts, and individual users in 2021.
2020: what experts said
At the end of 2019, experts estimated that 2020 would continue to see a steady number of attacks on exchanges, although without necessarily facing an increase.
This has largely been borne out by reality, with not only KuCoin suffering a pretty high-profile breach, but also Cashaa, Eterbase, 2gether, and Altsbit, which had to shut down as a result of its February hack. Most of these platforms may be fairly small, but they show that hackers still have exchanges in their sights, even if the biggest ones have perhaps learned how to protect themselves better.
Experts also predicted a significant increase in 51% attacks. It would be a stretch to say that this forecast was quite accurate because even though the likes of Ethereum Classic (ETC), Bitcoin Gold (BTG), and Grin (GRIN) suffered 51% attacks this year, there wasn’t really a significant uptick in exploits in comparison to previous years.
2021: A new target for attacks: DeFi
The first prediction for 2021 is that, while attacks on exchanges will either remain stable or reduce (at least with established exchanges), attacks on DeFi platforms and protocols — especially new ones — will increase. This is the view of John Jeffries, Chief Financial Analyst at crypto/blockchain security intelligence company CipherTrace.
According to the company, losses from cryptocurrency thefts, hacks, and fraud declined to USD 1.8bn for the first 10 months of the year in comparison to last year, but crime in the DeFi sector increased. So far, in 2020, DeFi hacks make up 21% of 2020 hack and theft volume. In the last six months of 2020 DeFi took up 50% of all thefts and hacks (USD 47.7m or 14% of hacked volume).
“The hype around DeFi is reminiscent of the ICO craze of 2017 in the sense that many DeFi protocol creators are launching too quickly, neglecting to perform necessary smart contract security audits,” he told Cryptonews.com.
Jeffries believes that DeFi’s problems will mostly get worse in the short-to-medium term, since unlike the brief ICO boom, DeFi is touted as a major innovation and is estimated to grow notably in the coming years.
“DeFi is experiencing the growing pains of expanding too quickly and there simply are not enough qualified smart contract authors and auditors creating quality assurance problems,” he said.
Related to the growth in attacks on DeFi platforms is a likely growth in the targeting of smart contracts, which DeFi platforms normally use.
“As smart contracts become even more popular there is a very good chance that hacks will continue to exist, and with more contracts, there will be more hacks,” said Mathieu Hardy, Chief Product Officer at trading platform Osom.finance. “Developing smart contracts is more akin to developing hardware than software and it will take a while for the software industry to adapt to a new way of working.”
Pavol ‘Stick’ Rusnák, Co-founder and Chief Technology Officer of SatoshiLabs, the maker of the Trezor hardware wallet, also said it’s inevitable that hacks on smart contracts and new DeFi platforms will increase in 2021, especially with new start-ups rushing to capitalize on the DeFi boom.
“It’s impossible to write a secure smart contract or decentralized exchange if your team has only a handful of people. And still, we see more and more people pouring their money into systems that have not received peer review and security scrutiny,” he stressed.
Conversely, Mathieu Hardy said that we should likely see a gradual decline in attacks on exchanges, particularly as competition rises to attract the influx of new institutional and retail money.
“When it comes to exchanges, we do expect market pressure (people will choose better exchanges) as well as better regulations (we see a lot more pushes worldwide to have exchanges regulated more like traditional payment institutions) to change the landscape sooner than later. We are ourselves regulated and, when it comes to security, have ourselves adopted the practices most of the useful rules that apply to payments institutions,” he stated.
The main point of failure – users
The cryptoasset market is on the up, something which will enable exchanges and other platforms to invest more in security in 2021 to prevent attacks. But simultaneously, the increase in cryptoasset prices will provide (potential) hackers with greater motivation to attempt hacks, scams and thefts.
“Crypto price rises this year will clearly attract more bad actors to target cryptocurrencies, holders, and exchanges, but the institutionalization and regulation is rapidly improving crypto cybersecurity,” said John Jefferies.
The result of these developments — improved security and more efforts to steal — will be that individual users and owners will increasingly become the targets of cybercriminals.
“The biggest security challenge, as in most mature industries, will be designing systems that are safe enough that they can keep users from hurting themselves. Because like today in ‘financial hacking’ most of it is done through social engineering and getting you to install crappy software,” said Mathieu Hardy.
This assessment is shared by Jefferies, who also suggested that users “will continue to be the biggest security challenge,” largely as a result of phishing scams, which will target administrators of platforms too.
Jefferies also warned of the ongoing prevalence of investment scams, which will be fed by the growth of the DeFi sector.
“Investment scams continue to be the most prevalent crypto crime in which bad actors take advantage of users’ FOMO [fear of missing out] and desire to ‘get rich quick’ to entice them into participating in fraudulent investment platforms,” he said.
This whole picture will be complicated by the regulatory uncertainties surrounding DeFi sector, which may ultimately rise hacks by virtue of reducing accountability.
“DeFi presents a regulatory challenge, as there are many unanswered questions about whether DeFi protocols will be treated the same as CeFi (centralized finance) platforms and who should be held responsible when there is a lack of compliance, negligence, hack, or a protocol is used to launder stolen funds,” said John Jefferies.
Even with the risks 2021 will bring, it’s likely that at least a portion of the crypto community will start to become more cautious about the security, and will literally start to take matters more into their own hands by not storing massive amounts of their crypto wealth on exchanges and moving it to a hardware wallet.