This has been a banner year for hackers targeting the industry. Last week, a couple of hacks totaling hundreds of millions in losses and thousands of affected users rattled an already shaken market.
On Monday, Nomad, a crypto bridge was the latest victim of hackers, which walked away with close to $190 million. A crypto bridge connects blockchains and allows users to swap from one cryptocurrency to another. It works like an FX service, so if you have Bitcoin but want to spend it like Ethereum, you can do that using a bridge.
The Nomad hack started with an upgrade to the code. One part of the code was marked as valid whenever users decided to initiate a transfer, which allowed the hackers to withdraw more assets than were deposited onto the platform. Once other attackers caught on to what was happening, they deployed armies of bots to carry out copycat attacks. The attack was known as a “free-for-all,” because the hacker’s original code allowed anyone to copy it and steal the crypto for themselves.
A few months ago, Ronin, another bridge was hacked for more than $600 million in crypto. Harmony, another bridge, was drained of $100 million in a similar attack.
About $2 billion in cryptocurrency has been stolen from cross-chain bridges like Nomad in 13 separate hacks in 2022, according to crypto analytics firm Chainalysis. As the market grows, we are going to see more headlines and a lot more types of attacks.
Given the huge amounts stolen from these crypto bridges, it’s apparent that their security standards are not adequate. This clearly highlights a fundamental flaw with crypto bridges and the need for native ecosystems which are not prone to exploits.
Two days after the Nomad hack, Solana wallets were hacked. Over 8,000 wallets were compromised and $5.2 million worth of SOL, SPL, and other Solana-based tokens were stolen. The hack affected wallets such as Slope and Phantom — hot wallets, which are always connected to the internet to provide users an easy way to send, store and receive crypto.
These hacks just reinforce the idea that crypto is still the wild west.
Cryptocurrency’s security —or lack thereof— will likely continue to be a more pressing issue in the years ahead.
Everything from exchanges to cryptocurrencies themselves is made of software, and software can be hacked. Crypto.com lost $30 million earlier this year, KuCoin lost $281 million last year and BitFinex lost $3.6 billion in 2016. These are just a few off the top of my head. It’s crazy how everything lines up: coins are valuable, easy to liquidate, and anonymous.
Last year $14 billion was stolen, a 79% rise from 2020, marking an all-time high for cryptocurrency-based crime. According to blockchain analytics firm Chainalysis, which cited the explosion in mainstream cryptocurrency adoption as a main catalyst.
Market players range from large, established exchanges like Coinbase to the latest DeFi project someone started in their living room. Regardless of size, security is paramount. Rapid growth combined with a mostly unregulated environment poses a challenge for standardizing security across the industry.
But in March, the SEC outlined new cryptocurrency accounting standards that would protect crypto assets held by companies for users against hacking losses.
Cryptocurrency regulation can be a controversial topic, but we need to build a safer system and regulation may very well be the route we need to take. If everything fails, you want some way to get things back to normal. Instead of losing money to hacks or CEOs who die with their passwords, you would have a system you could trust.
by Ilias Louis Hatzis is the founder and CEO of Kryptonio wallet.
Subscribe by email to join the other Fintech leaders who read our research daily to stay ahead of the curve. Check out our advisory services (how we pay for this free original research
