Headline: Is data theft a real problem in cryptocurrency?
Body: For as long as there have been human beings on this Earth, there has been theft. As time went on, and our systems of scrip and other physical tokens turned to 1s and 0s on a screen, theft did continue to be a problem. Only, now, instead of an unobservant watchman making a pile of silver or gold vulnerable, it is physically easier to break into a computer and steal the data that underlies that account. In this case, there was the Federal Government backstopping the banks, in the guise of the FDIC. Now, there is cryptocurrency, and people are worrying that the blockchain and the organizations that control it might inadvertently open up people to additional scams. Only, this time, there is no Federal Government to insure (at least part of) your account balance. So, this leads us to a question.
Does investing in cryptocurrency place my personal data at risk?
To be frank, yes, you are more at risk. Just a few illustrative examples:
Just recently, a French cryptocurrency firm fell victim to a hacking exploit, and as a result, e-mail addresses for many of their customers were compromised. Reportedly, 9,500 of these customers also had their physical addresses, phone numbers and names exposed as well.
Intuit is accused of “failing to take adequate and reasonable measures to ensure that its data systems were protected.” In a subsidiary of Intuit, one employee clicked on a link they didn’t know the source of, and POOF thousands of accounts were potentially exposed. (It appears that several hundred were exposed, but only a subset of these have been maliciously used.
In 2022, a very organized extortion gang (Lapsus$) started to become very active by stealing source code and other data from world-renowned companies. At its height (depth?) they leaked a significant amount of Bing source code and compromised a contractor important to their authentication standard. After the 7 arrests, the group has gone underground.
Also in 2022, Conti, a Russian cybercrime gang launched ransomware attacks against the government of Costa Rica, and as a result, the president declared “national emergency” as a result of the attack. Some say that these attacks were merely a diversion, allowing the gang time to loudly down=play their association with the Russian government.
Decentralized Finance Platform Hacks
As the cryptocurrency ecosystem has evolved, tools and utilities for storing, converting, and otherwise managing it have developed at breakneck speed. Such rapid expansion has come with its share of oversights and missteps, though. And cybercriminals have been eager to capitalize on these mistakes, frequently stealing vast troves of cryptocurrency worth tens or hundreds of millions of dollars. At the end of March, for example, North Korea’s Lazarus Group memorably stole what at the time was $540 million worth of Ethereum and USDC stablecoin from the popular Ronin blockchain “bridge.” Meanwhile, in February, attackers exploited a flaw in the Wormhole bridge to grab what was then about $321 million worth of Wormhole’s Ethereum variant. And in April, attackers targeted the stablecoin protocol Beanstalk, granting themselves a “flash loan” to steal about $182 million worth of cryptocurrency at the time.
Why are these cryptocurrency firms having such difficulty with security?
There are a lot of ideas about what makes these cryptocurrency firms so vulnerable to these attacks. But, they all seem to boil down to inexperience. Most of the firms that are selling cryptocurrencies are directed by people who are very young. Given their youth, they have energy but lack the longstanding experience that confers upon older companies some ability to display wisdom. For instance, many cryptocurrency concerns were started in 2021 and 2022, at a time when the economy was doing pretty badly. Because of this, they have learned how to behave in these market conditions. But, as the business cycle goes, there are bound to be other times when fortunes change. Given the realities of this new market condition, they might not have sufficient resources to adapt to the new reality. Furthermore, security seems to be less of a priority, because of an organizational culture emphasizing FOMO, or “Fear of Missing out.”
The Verdict
Data theft is a large problem as it relates to cryptocurrency But, it seems like we should be more able to wrap our arms around it. Each cryptocurrency seems to have an excellent “why” as spelled out in their whitepaper. But, it seems that the questions of “how” are rarely answered. How are you going to protect the cryptocurrency not yet sold? How are you going to handle your ICO? How are you going to keep fraudsters from hawking counterfeit versions of your currency? These are all valid questions and if not answered to your satisfaction, perhaps you would reconsider your investment.
REFERENCES
https://www.wired.com/story/worst-hacks-breaches-2022/
Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice. Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.