If Blockchains Are So Secure, Why Is Everyone Getting Hacked?
If Blockchains Are So Secure, Why Is Everyone Getting Hacked?
If you keep up with cryptocurrency news, you have certainly heard about the cyber theft running rampant in the industry. According to CNBC, the total amount of stolen cryptocurrencies in just the first half of 2018 was $1.1 billion. With blockchains being touted as these amazing, impenetrable networks, you may be wondering how it is possible for so much crypto to get swiped.
The simple answer is that the majority of thefts have nothing to do with vulnerabilities in the blockchains themselves, but can instead be attributed to human error. With the traditional banking system, we rely heavily on the tools employed by our banks and governments to keep our money secure and often times, we can’t even see that these security systems are there.
With cryptocurrencies, you act as your own bank. You are solely responsible for the safety and security of your funds and without proper education on the subject, it can be quite easy to lose your digital coins. To make matters worse, cryptocurrency holders do not have legislative support to cover their losses in the case of a hack, so there is often no hope of recovering stolen funds.
Here is a full explanation of the most popular types of cyber theft and how you can avoid falling victim to one.
Wallet Vulnerabilities
One of the first steps to keeping cryptocurrencies safe is finding the right wallet to store them in. There are two main types of wallets: hot wallets and cold wallets. Hot wallets are digital purses that are connected to the internet. By nature, hot wallets are not secure as they are open to incoming network connections. The safety of funds in a hot wallet is only as good as the security habits of the individual or third-party controlling the wallet.
A common form of hot wallet is an exchange wallet. To allow ceaseless trading between users across the globe, exchange wallets need to remain connected to the internet at all times. This susceptibility, combined with the volume of funds they hold makes exchange wallets a prime target for hackers.
Cold wallets are digital purses that are not connected to the internet, making them a much safer option. The most common form of cold wallet is a paper wallet. A paper wallet is a printed piece of paper that holds the private keys to a certain wallet address, usually in the form of a QR code. Until that private key is scanned and brought online, it remains completely shut off from all incoming network connections and therefore cannot be stolen.
Most crypto holders have both hot wallets and cold wallets. They keep small amounts of funds in the hot wallets to use for daily transactions, similar to a checking account, and they keep large sums in cold wallets for long-term storage, similar to a savings account.
It is important to note that exchange wallets are not the only form of hot wallet, and even desktop software wallets such as Exodus are able to be compromised. With desktop software wallets, the user is in control of their own private keys, but the wallet still lives on a computer and remains susceptible to any malware or virus that is downloaded and installed onto the host.
Phishing and Scams
The most prevalent (and successful) forms of cyber theft are fraudulent operations which trick crypto holders into handing over their funds, or worse, the keys to their wallets.
Phishing attacks are clever ways of disguising malicious sites as familiar, legitimate services in order to steal passwords, private keys, and eventually, money. New phishing attacks are invented every year, but one of the oldest and time-tested methods is the slight misspelling of URLs.
For example, to steal the passwords of Binance users, a scammer might put up an exact copy of the site, or a “mirror,” under the URL www.bínance.com, with the “i” replaced by an “í” with an accent. The URL address looks similar enough to the real www.binance.com address that an unsuspecting victim would log in without giving it a second glance, effectively handing over their passwords to the thieves.
To avoid falling victim to password-snatching, it’s important to bookmark your favorite exchanges or always type the web addresses manually to be sure that you end up on the correct sites. Additionally, you should take advantage of all the security features offered by your trading platforms. All top exchanges offer 2-factor authentication, which adds a layer of user verification upon login and withdrawal request, ensuring that your account remains secure even if your password falls into the wrong hands.
Unfortunately, some types of deception are not so simple to protect against, including ICO fraud. With a nice website, a thorough white paper and a convincing team page, intelligent scammers can swindle investors out of tens of millions of dollars.
They raise funds for a fake project without any intention of fulfilling the promises laid out in the roadmap, and once the fundraiser is concluded, they simply disappear with the money. Thanks to the anonymity of many cryptocurrencies, this is all too easy to accomplish and it’s the sole responsibility of investors to avoid such traps.
Read through the white papers of all coins you invest in, verify their team members, and steer clear of any projects that make unrealistic promises.
51% Attacks
One kind of attack making headlines this year actually is due to a vulnerability in certain blockchain networks, and that is the infamous 51% attack. In order to understand this attack, it is first important to comprehend what makes a blockchain secure. The reason that Bitcoin’s blockchain cannot be altered is that the data in the blockchain is validated by millions of participants, or “miners,” scattered across the globe.
No single miner owns the majority of the network validation power, called the “hashrate,” and so nobody has the power to influence or alter the information that is being validated. When a blockchain is properly distributed in this way, the information within it remains tamperproof.
The problem with smaller networks, such as that of Verge, is that there are not enough validators participating in the network and so the majority share of validation power can be produced by a single party — given that they hold enough mining power to compete with the rest of the network validators.
Once they achieve the majority (51%) of the network hashrate, the blockchain is essentially theirs, and they can rewrite the data however they choose. Scammers often use this power to change the history of transactions on the network, re-routing tens of thousands of coins to their own personal wallets.
Interested in learning more?
For a comprehensive look at this new technology, check out my new book Blockchain 101, in which I explain everything from the structure of distributed ledgers to the functions of individual tokens — in terms that you, your Grandma, and your inner third-grader can understand.