DeFi exploits and smarter phishing scams to haunt crypto this year: Cybersecurity experts

Token bridge exploits and “sophisticated” crypto phishing scams will continue to pepper the crypto space in 2023, according to blockchain security experts.

2022 was the biggest year for crypto hacking activity in terms of money lost, with blockchain analysis firm Chainalysis reporting in October

2022 that hackers had already grossed over $3 billion dollars across 125 hacks.

Speaking to AIBC News, crypto exchange Kraken’s Chief Security Officer, Nick Perococo, noted that other end of year reports have suggested that the figure could have gone as high as “$3.7 billion.”

DeFi, the hacker’s choice

Perococo noted that DeFi token bridges – protocols connecting two blockchains so users can swap one cryptocurrency for another – was a major target for hackers in 2022.

Michael Lewellen, Head of Solutions Architecture at Open Zeppelin said that DeFi bridges are easier for hackers to exploit as they are “technically complex” and involve multiple layer-1 protocols.

Lewellen added that they have more avenues to exploit than a standard smart contract or cryptocurrency wallet, making them a “vulnerable, weak point.”

They usually also large pool of funds for them to pilfer as cross-chain bridges need to maintain access to a large reserve of funds to underwrite the assets they wrap and transfer, he explained.

Smarter scams

Meanwhile, Christopher Goers, co-founder of privacy protocol Anoma, warned that phishing scams will get “more sophisticated” and difficult to recognise, primarily as a result of more surveillance and better text generation technology.

Phishing scams, where the attacker deceives the victim into sharing private keys or approving transactions that end up draining their wallets, was the main cause of NFT related security incidents 2022, accounting for 39% of all incidents, according to a report by Blockchain security firm SlowMist.

The report specifically noted that hackers have taken advantage of the “varying levels” of security awareness in Web3 to target certain individuals and projects.

These hackers typically use phishing techniques to gain access to official social media accounts for crypto projects or impersonating staff in order to post phishing links to their followers.

It was also noted in the report that new techniques have made it even easier for hackers. In one example, the hacker need only trick the victim into clicking a malicious bookmark link which would execute a JavaScript code allowing the attacker to gain control of their account.

Staying alert

Lewellen believes the nature of crypto attacks in 2023 “will likely” stay very similar to 2022.

He said that while new exploits may arise, it is more likely to be derivative of “what already exists.”

However, Perococo said that unfortunately, consumer education is “not accelerating fast enough” to keep them ahead of scammers and exploiters.

Goers stated that investors should be mindful of the fact that there is “no such thing as risk-free yield.”

“This is a bad meme from fallacious economics, and you should steer clear of any whiff of it.”

Kraken’s Perococo said that individuals can reduce their chances of being a victim to hackers by reinforcing their wallets with authenticators, adding that two factor authentication and multi-factor authentication provide “accessible, yet strong” ways for investors to “take their security to the next level.”

Perococo added that it’s important to always trade on “reputable exchanges,” as well as remember that phishing scams and fake airdrops are widely reported in the crypto ecosystem, so if an opportunity seems too good to be true, it probably is.

Bright side of hacks

Although it can be daunting at the thought of hackers stealing your crypto, Goers believe that hackers are an important asset to the longevity of cryptocurrency and blockchain. He noted:

“Hackers are doing a public service by identifying insecure protocols and creating incentives to develop secure ones. They should be rewarded, not prosecuted.”

Lewellen believes it is “safe to say” that the increasing number of attacks will lead to legislation requiring crypto firms to have clearly defined practices around the transparent storage and securing of all customer funds.

He hopes that any new regulations “differentiate” between centralized operators and decentralized protocols so that any consumer protections don’t “come at the cost” of open-source innovation.