To support the press of MIT Technology Review, please review become a subscriber.
DeFi — an idea similar to smart contracts — is all about transparency and open source as an ideology. Unfortunately, in practice, that too often means rickety multimillion-dollar projects are organized along with tape and gum.
“There are a number of things that make DeFi more vulnerable to hacking,” Grauer explains. “The code is open. Anyone can skim through it looking for errors. This is a big problem that we’ve seen that doesn’t happen with centralized exchanges.”
Bug bounty programs — in which companies pay hackers to find and report security vulnerabilities — are a tool in the industry’s arsenal. There is also a small industry of crypto audit firms that will join and stamp your project with approval. However, a quick glance at the worst crypto hacks of all time shows that an audit is not a silver bullet — and there is often little or no accountability for auditors or projects. when there are hacks. The wormhole was audited by security firm Neodyme just a few months before the theft.
Many organized hacks. North Korea has long used hackers steal money to fund a regime largely cut off from the world’s traditional economy. In particular, cryptocurrencies are a goldmine for Pyongyang. The country’s hackers have stolen billions of dollars in recent years.
However, most hackers targeting cryptocurrencies do not fund a rogue state. Instead, the already strong cybercrime ecosystem simply snaps at weak targets.
For the budding cybercriminal boss, the more challenging challenge is to successfully launder all the stolen money and turn it from crypto into something useful – cash or in your case, for example. North Korea is a weapon. This is where law enforcement comes in. Over the past few years, police around the world have invested heavily in blockchain analytics tools to track and in some cases, even recover stolen funds.
The proof is the recent Ronin hack. Two weeks after the theft, a crypto wallet containing the stolen coins was added to the US sanctions list because the FBI was able to connect the wallet to North Korea. That would make it more difficult to use the bonus — but certainly not impossible. And while new tracing tools have begun to shed light on some of the hacks, law enforcement’s ability to recover and return investors’ funds remains limited.
Christopher Janczewski, who was previously a principal case representative at the IRS specializing in crypto cases, said: speak MIT Technology Review.
For now, at least, big risk remains part of the crypto game.
