Developing blockchain solutions since before it was cool and I'm in Auckland, NZ
Despite Bitcoin still struggling to recover its all-time high of December 2017, the crypto market nevertheless still attracts plenty of newcomers. Not just new investors buying their first digital currency on Coinbase, but also new ICOs, exchanges, and wallets continue to appear on a regular basis.
As the industry grows and more users and innovators enter the space hackers and scammers come out of the woodwork to prey on vulnerabilities. Cybersecurity company Carbon Black reported that around $1.1bn of cryptocurrency was stolen during the first five months of 2018.
In the unregulated world of cryptocurrency, responsibility lies with the individual to make sure that their own crypto funds are secure and ICO investments are sound. So, what are the hackers and scammers up to? And what can the individual investor do to protect their funds?
The first stop for newbie crypto investors is often one of the bigger exchanges to buy their first Bitcoin or Ether. From there, many will simply leave their funds on the exchange, causing hardcore crypto enthusiasts to howl in protest. This is because, among other risks, crypto exchanges may be vulnerable to hacks.
One of the most famous was Mt Gox back in 2014, where hackers stole $473m of Bitcoin. The exchange was later forced to close. Other high-profile exchange hacks include YouBit in 2017 and Coincheck in 2018. Two hacks on YouBit resulted in the exchange losing around 17% of its deposits and subsequently going bankrupt. Hackers in the Coincheck incident made off with a staggering $500m worth of NEM tokens.
Rather than keeping funds on an exchange, many investors prefer to use a digital wallet instead. However, wallets can also be prone to attacks.
Shopin is an award-winning blockchain-based shopping profile that has recently been through a token sale. In June 2018, the company reported that one of its partners had been hacked, with around $10m of its cryptocurrencies stolen. The partner was running a syndicate and had been storing the syndicate investment funds in hot storage using MyEtherWallet.
Shopin subsequently issued a token swap, granting all legitimate token holders a new token and so rendering the stolen ones useless. Although the company technically held no legal responsibility for the theft and weren't at fault for the hack, the CEO gave an interview in which he explained the seriousness with which they viewed the case and new steps they are taking to improve security.
The company has now partnered with QRYPTOS, one of Asia’s most secure exchanges, in a move to increase security and prevent further attacks. In this case, the company acted from a position of extreme responsibility, leading the way for ICOs to ensure their tokens are traded as securely as possible.
The token swap and subsequent additional security measures put in place by Shopin are important steps in providing assurance to investors. Just because a blockchain project is decentralized, it shouldn’t mean nobody is willing to take responsibility if things go wrong.
Even if wallets are secure against hackers, scammers may also use phishing to gain private keys and steal funds. In May 2018, the email system of block.one, the private company behind the EOS launch, was breached. Email addresses of investors were subsequently targeted in a phishing attack, where they were asked to “register” their EOS tokens. It was one unfortunate victim of the attack who raised the alarm to the EOS community via Reddit after he had lost more than $61,000 to the fraudsters.
ICO scams are now becoming so commonplace that the US SEC took a creative step to warn would-be investors by setting up its own fake ICO page in May this year. This came immediately after Vietnamese outfit Modern Tech raised $660m from the sale of its Pincoin token and promptly disappeared with the lot.
This “exit scam” is one of the most common risks of ICO investing. Investopedia states that in 2018, around 80% of ICOs are scams with only 8% ultimately trading on exchanges.
For the average crypto investor, all of this can be disheartening. HODLing on for dear life during the current prolonged bear run, only for the value of crypto to suddenly rally — then a hacker makes off with everything before you’ve even finished browsing Lambos? There must be some safer options.
As long as the private key is kept safe and sound, cold storage wallets remain a solid recommendation for protecting crypto funds against theft. The blockchain community is also hard at work coming up with solutions that will foil the hackers. One way of doing this is through crowdsourcing knowledge of hacks and attacks. After all, the EOS phishing scam was flagged by a community member.
Crowdsourcing is the precise model of Sentinel Protocol, a threat intelligence program that is aiming to increase protection against fraud and phishing attacks. The protocol operates through three channels. It protects individuals through the use of products including its newly-launched Chrome plugin. The plugin scans ICO URLs and wallet addresses to check that they are legitimately owned by the token-seller.
Sentinel will also partner with wallet providers and exchanges that will use its protocol to provide additional security layers against hackers. Finally, security professionals, ethical hackers, and developers can earn financial rewards for contributing their expertise to the ecosystem.
The Protocol is being developed by the Uppsala Foundation, a team of security experts and ethical hackers, headed up by CEO Patrick Kim. Back in 2016, Kim himself was the victim of a hack attack on his Ethereum Mist wallet, where the hacker managed to steal 7,218 Ether that Kim had mined himself.
Although he quickly reported the issue to the development team, who applied patches to prevent future incidences, Kim was unable to recover his losses. He decided to channel his efforts into creating the Uppsala Foundation and Sentinel, with the vision of “making the crypto world a better place without the need to worry about hacks, scams, or frauds.”
Cryptocurrency remains unregulated, and many in the community would like it to stay that way. Therefore, it’s important that community members are educated and aware of the risks of crypto investments. Responsible ICOs together with new solutions against hacks and malicious attacks will also serve to create a safer climate for future investors.