Blockchain Crimes: Issues and Solving Strategies
The great innovation of the crypto world and Bitcoin was in creating a totally decentralised exchange system, hence the complex and articulated De Fi (Decentralised Finance) market.
The crypto market was immediately noted for its high volatility, which led investors to move in speculative terms within a world that was increasingly difficult to understand. The rapid growth of the crypto market has leaded blockchain to have increasingly clear dynamics to the public, so much so that it is a market that has always attracted both large and small investors and is becoming less and less ‘decentralised’.
Indeed, the aspect that has made the crypto market very attractive is that it is perceived as something detached from the global macroeconomic situation. However, recent aspects of the economy, such as the Russian-Ukrainian conflict or the Federal Reserve’s raising of interest rates, seem to have also affected blockchain ecosystems.
So far, the crypto market’s characteristic has been subject to periods of high growth followed by dramatic downturns. The latest example was the big drop in Bitcoin’s price in mid-2022 from its peak of $69,000 in November 2021; of course, the recent failure of FTX exchange in November 2022 and the resulting shock have had the strongest impact on the entire crypto world.
DeFi and CeFi Considerations
The fall of FTX was not only upsetting because of the sudden bankruptcy, which more than ever made people think about the necessity of more stringent regulations in the sector, but also revolutionised the concept of trust in centralised cryptocurrency counterparties.
What happened was evidence of a strong lack of transparency and supposed fraud that made $10 million like simply disappear.
A comparison with decentralised protocols is unavoidable: smart contracts and the specific structure of the blockchain guarantee transparency and ensure immunity from mismanagement by insiders; although there are risks, those are related to external attacks and not to the internal security of the system. Automation, code verification and on-chain analysis in DeFi allow for better risk management and there are no unexplained flaws in the system, which can happen in human-managed systems.
Unfortunately, there have also been repercussions on decentralised protocols following the events; for example, the Solana ecosystem was strongly affected, but this was due to its centralised custody and not to the underlying blockchain technology. In particular, Sam Bankman-Fried, the founder of FTX and the crypto hedge fund Alameda Research, was one of the first investors in Solana. After these companies began their rapid fall due to a liquidity crisis, however, investors became concerned that Alameda would sell off its stake of more than $1 billion in SOL to seek funds. In turn, this led to a massive sell-off in SOL that sent the token plummeting.
Hacking in the De Fi Space
In a Decentralized Finance world, cryptocurrency-backed transactions are executed automatically and blockchain-based smart contracts allow people to trade directly with each other without the oversight of big banks (or any banks). The openness that makes DeFi so powerful, brings with it several downsides; the easier accessibility, the chance for anonymity and the relative immaturity of the underlying technology have allowed hackers to steal users’ funds, while the deep pools of liquidity have allowed criminals to launder proceeds of crime such as ransomware and fraud.
In 2021, for instance, more than $10 billion was lost to DeFi scams. Frauds and scams are not uncommon even in regulated markets, such as stock markets, and unregulated environments like the cryptocurrency space can only increase the risk of such exit scams and rug pulls.
Blockchain features make the money easier to steal, the volumes are always larger and it’s becoming easier to hide tracks; this combination creates dangerous incentives to steal that are only going to grow from here. Despite the constant evolution and maturation of blockchain technology and the crypto market, 167 attacks on Decentralized Finance protocols, 123 security attacks, and 74 fraudulent schemes over the last 11 years (January 2011-October 2022) have so far resulted in the stealing of approximately USD $14.5+ billion worth of cryptocurrency assets in total. Focusing on this last year, 2022, the total value of stolen funds surged to almost $3B, that’s nearly double the $1.5B hackers took in 2021 and nearly 12 times the 2020 total. A pick of hacking was verified in the month of March, but then the month of October has been particularly significant reaching a record of about $760M in exploits in October.
As shown by this ranking, Solana has been the second most hacked blockchain during 2022.
Beyond illegal hacks, there are various types of fraudulent schemes that bad actors have used to gain value from unsuspecting victims, including, for example, exit scams and Ponzi schemes.
The total number of cases of illegal activity in the first half of 2022 has already reached 154, with most cases, 80, being connected to the hacking of DeFi projects.
The danger of hacking is complex to deal with, and for this purpose, new companies have been born with the aim of protecting against these crimes, and others have come up with alternative solutions to work around the problem, such as the so-called Bug Bounty.
Bug bounty programs constitute an important Web3 Security Revolution, they offer monetary rewards to ethical hackers for successfully discovering and reporting a vulnerability or bug to the application’s developer, this allows companies to leverage the hacker community to improve their systems’ security posture over time.
Hacken is a cybersecurity auditor who provides cybersecurity services to clients belonging to the blockchain, DeFi, and NFT ecosystems from Europe, Asia, and North America.
The business structure developed aims to build security infrastructure for the blockchain and crypto industry, ensure protection from major cyber risks, and create awareness of the dangers of web3 assets. In doing this, Hacken proposes many services:
- Smart contract audit: identification of vulnerabilities to remove them, problem analysis and code optimisation to prevent hacks and increase audience trust.
- Blockchain control audit: securitization of the entire architecture and optimization of protocols functioning.
- Penetration Testing: testing services for simulations of real attacks.
- dApp audit: decentralized apps run on peer-to-peer networks and use code-based smart contracts, they are open-source and based on blockchains where all data are stored. dApp audit helps projects create and maintain secure integrations with blockchains and protect assets.
- Bug Bounty
- Proof of Reserves: kind of audit conducted which aims to ensure that on-chain holding of cryptocurrencies by exchanges matches up with users’ balances. This could be an effective way to build trust in the market and verify transparency.
Elliptic provides blockchain analytics for cryptoasset compliance, to detect and prevent financial crime. The crypto economy is a new front that can no longer be ignored and gives rise to huge digital monetary operations, so the core mission is to secure transactions and investments. The kind of customers elliptic refers to mainly are crypto businesses, financial institutions, and governments.
In DeFi context, blockchains have become easily interconnected, decentralized exchanges (DEXs) and cross-chain bridges have removed many of the barriers to the free flow of capital and this creates an occasion for hackers and abusers to launder money or commit frauds. Elliptic aims to identify these illicit users by applying multi-asset screening and cross-asset tracing.
2022 has been a decisive year for the definition of a new series of blockchain analytics to interface with an ever-increasing exposure to risks. Holistic Screening is Elliptic’s response to the rapidly changing state of crypto crime; traditional blockchain analytics solutions are no more able to investigate transactions across different blockchains and so can not view the activities of the same entity across separate chains holistically, but this is actually a very important point. Going into detail, Elliptic implements several inspection activities:
- Multi-asset screening: the screen of wallets across all assets that they have ever contained for incoming and outgoing exposure to risk.
- Cross-asset tracing: the tracking of transactions involving the exchange of crypto assets on the same blockchain.
- Cross-chain tracing: the tracking of transactions across different blockchains.
In DeFi context, oracles are middlewares that provide blockchains access to off-chain data and services: blockchains are by nature disconnected from the outside world, but most high-quality financial market data is generated out of these environments (“off-chain”), oracles are therefore essential to instantly obtain the current or historical price of various cryptocurrencies (or real-world assets) that determine the actions undertaken inside the chains. Unsafe price oracles can cause losses, so to protect billions of dollars, it is essential they are verified.
Chainlink Labs is a provider of trusted open-source blockchain oracle solutions that connect smart contracts to a wide range of off-chain data sources and calculations, such as asset prices, web APIs, IoT devices, and payment systems. The service is offered to any blockchain.