Cryptocurrency Hacking Has Become A Significant Threat

“This post is drawn from  the  excellent Chainalysis 2024 Cryptocrime Report.  In recent years, cryptocurrency hacking has become a significant threat, leading to billions of dollars stolen from crypto platforms and exposing vulnerabilities across the ecosystem.  Attack vectors affecting DeFi are sophisticated and diverse. Therefore, it is important to classify them to understand how hacks occur and how protocols might reduce their likelihood in the future.  On-chain attack vectors stem not from vulnerabilities inherent to blockchains themselves but rather from vulnerabilities in the on-chain components of a DeFi protocol, such as their smart contracts. These aren’t a point of concern for centralized services, as centralized services don’t function as decentralized apps with publicly visible code the way DeFi protocols do.

The classification of attacks  are summarised below :

• Protocol exploitation – When an attacker exploits vulnerabilities in a blockchain component of a protocol, such as ones about validator nodes, the protocol’s virtual machine, or in the mining layer.
• On-chain Insider attack: When an attacker working inside a protocol, such as a rogue developer, uses privileged keys or other private information to steal funds directly.
• Off-chain P******* occurs when an attacker tricks users into signing permissions, often by supplanting a legitimate protocol, allowing the attacker to spend tokens on users’ behalf.
• P******* may also happen when attackers trick users into directly sending funds to malicious smart contracts.
• Off-chain Contagion –  When an attacker exploits a protocol due to vulnerabilities created by a hack in another protocol. Contagion also includes hacks that are closely related to hacks in other protocols.
• On-chain Compromised server: When an attacker compromises a server owned by a protocol, they disrupt the protocol’s standard workflow or gain knowledge to further exploit the protocol in the future.
• Off-chain Wallet hack – When an attacker exploits a protocol that provides custodial/ wallet services and subsequently acquires information about the wallet’s operation.
• Off-chain Price manipulation hack – When an attacker exploits a smart contract vulnerability or utilizes a flawed oracle that does not reflect accurate asset prices, facilitating the manipulation of a digital token’s price.
• On-chain Smart contract exploitation –  When an attacker exploits a vulnerability in a smart contract code, which typically grants direct access to various control mechanisms of a protocol and token transfers.
• On-chain Compromised private key –  When an attacker acquires access to a user’s private key, which can occur through a leak or a failure in off-chain software, for example.
• Off-chain Governance attacks –  When an attacker manipulates a blockchain project with a decentralized governance structure by gaining enough influence or voting rights to enact a malicious proposal.
• On-chain Third-party compromised – When an attacker gains access to an off-chain third-party program that a protocol uses, which provides information that can later be used for an exploit.

Off-chain attack vectors stem from vulnerabilities outside of the blockchain. One example could be the off-chain storage of private keys in a faulty cloud storage solution, which applies to both DeFi protocols and centralized services. In March 2023, Euler Finance, a borrowing and lending protocol on Ethereum, experienced a flash loan attack, leading to roughly $197 million in losses. July 2023 saw 33 hacks, the most of any month, which included $73.5 million stolen from Curve Finance. Similarly, several large exploits occurred in September and November 2023 on both DeFi and CeFi platforms. On-chain attack vectors stem not from vulnerabilities inherent to blockchains themselves but rather from vulnerabilities in the on-chain components of a DeFi protocol, such as their smart contracts. Hacking remains a significant threat.  Protecting your digital assets from hacking is of utmost importance, especially in the current scenario where cyber threats continue to increase. 

Measures to protect your digital assets include:

• 1. Use Strong P********: Create strong and unique p******** for all your accounts and avoid using the same password for multiple accounts. Use a mix of uppercase and lowercase letters, numbers, and symbols.
• 2. Two-Factor Authentication: Enable two-factor authentication for all your accounts where possible. This adds an extra layer of security to your accounts.
• 3. Keep Your Software Up-to-date: Keep all your software, including anti-virus and anti-malware software, up-to-date to ensure that it has the latest security patches.
• 4. Use a Hardware Wallet: Consider using a hardware wallet to store your digital assets offline. This will ensure your assets are safe even if your computer or mobile device is hacked.
• 5. Be Careful with P******* Emails: Be wary of p******* emails that appear to be from legitimate sources. Do not click on any links or download any attachments from such emails.
• 6. Use Reputable Exchanges: Only use reputable exchanges to buy, sell, and store digital assets. Research the exchange thoroughly before using it.
• 7. Backup Your Data: Regularly back up your data to ensure that you keep access to your digital assets in case of a hack or a hardware failure”.