Investing in crypto: how to stay away from weak players

Kostiantyn Oleshko

The main reason behind the hacks of crypto exchanges is weak key management. For example, all 4 hacks that took place in 2021 were caused by the ability of hackers to obtain access to hot wallets. 

Crypto exchanges market: (un)safe heaven for investors’ money

Crypto exchanges are playing a central role in the functioning of the crypto market. According to CoinGecko, there are a bit more than 400 active crypto exchanges as of middle May. More than 30 exchanges process greater than $1B daily trading volume. Users are interested in being confident of the security of their assets traded. 

Since 2012, crypto exchanges have lost $2.66B as a result of hacks. The total number of exchanges that have fallen victim is 46. In 2020, there were 9 recorded hacks of crypto exchanges, the biggest one was the KuCoin hack ($275M). In 2021, there were only 4 recorded hacks, the biggest one was the BitMart hack ($150M). Thus, it is reasonable to note that the state of security in the crypto exchanges industry has improved. 

The main reason behind the hacks of crypto exchanges is weak key management. For example, all 4 hacks that took place in 2021 were caused by the ability of hackers to obtain access to hot wallets. 

But crypto exchanges are just middlemen. What about the security of the final destination for your money – cryptocurrencies? According to the recently released security rating of cryptocurrencies – more than 90% of the top 1,500 cryptocurrencies by CoinGecko do not have all basic security features in place

White hat hackers fighting against cybercrime

While common users most often fall victim to simple social engineering attacks such as phishing, crypto projects have experienced advanced cyberattacks involving the use of novel attack vectors. 

For example, in the Axie Infinity breach, hackers attacked the bridge, and networks that connect blockchains. Hackers managed to compromise Ronin network, the own blockchain created by Axie Infinity. Exploiters used hacked private keys to forge fake withdrawals and compromised other key validator nodes. When speaking about bridges, the attack surface is much greater compared to normal DeFi projects. 

Also, bad actors actively utilize flash loan attacks to get voting power without collateral. Flash loans are possible via decentralized lending protocols. They often involve complex financial transactions. If smart contracts are not properly designed, they are vulnerable to flash loan attacks. 

Unfortunately, by solely relying on their internal cybersecurity efforts, projects cannot eliminate all possible security threats. Cooperation with ethical hackers constitutes a universal security solution for crypto projects. Namely, crypto projects run bug bounty programs on reputable platforms such as Yes We Hack, Immunefi, or HackenProof and reward ethical hackers for finding bugs. And bug bounty programs are becoming a must-have testing process for successful projects.

How to see whether your chosen token is a safe option?

  • Look for its audit report. Smart contract audit report shows whether the token’s code contains vulnerabilities including the critical ones. Also, try to verify whether the code deployed by a project matches the audited code. Namely, check whether the code published, for example, on Etherscan/BSCscan is the same as the code audited. If there is no match, it is likely that a project tries to manipulate its users. 
  • Look for a platform audit. For utility tokens, there is a risk that users may lose their assets due to vulnerabilities in their platforms such as DEX or farming services. 
  • Try to find the project’s bug bounty program. An active public bug bounty program run by a project on a reputable platform is a strong indicator of ensuring the security of users’ assets and data.
  • Check whether a project has insurance. Insurance guarantees that even if a project is hacked, investors will get their money back. 
  • Analyze its history. Be careful when finding a project with previous hack cases.

Conclusion

Security breaches, rug pulls, phishing and other forms of scams undermine users’ trust in crypto. Weak security and high volatility are the factors deterring the real mass adoption of crypto. By improving the security of virtual assets, we can make crypto much more attractive for investors and, thus, prevent or mitigate the negative effects of possible crypto winter. 

Kostiantyn Oleshko, product owner at CER.live.

About Kostiantyn Oleshko: Kostya is a master of science in applied cryptography with 6+ years of expertise in the blockchain industry. He used to work as a Project Manager at many crypto projects, including the entities linked to the National Bank of Ukraine that were developing E-Hryvnia, Ukrainian CBDC. He strongly believes that security is the key to crypto mass adoption.

Read this next

Web3

US arrests Yune Wang for role in 911 S5 botnet scam

A global malware network, linked to the theft of $5.9 billion in Covid relief funds and crypto crimes, has been dismantled, the Department of Justice (DOJ) announced today. The network was also involved in child exploitation, bomb threats, and various cyberattacks.

Digital Assets

US Treasury official clarifies stance on crypto mixing services

The Financial Crimes Enforcement Network (FinCEN) proposed a rule last year to classify convertible crypto mixing as a “class of transactions” with primary money laundering concerns.

Fintech

Robinhood sweetens US crypto offering with trading API

Robinhood has launched a cryptocurrency trading application programming interface (API) for users in the United States. The new API caters to seasoned crypto traders by enabling automated trading strategies, allowing users to react quickly to market movements and trends.

blockdag

After Retik Finance’s 67% Drop, Investors Turn to BlockDAG’s 30,000x ROI Potential to Recover Their Losses

Explore how BlockDAG’s $37M presale is drawing investors while Retik Finance collapses to $0.403.

Digital Assets

Terraform Labs and co-founder Do Kwon reach settlement with SEC

Terraform Labs and its co-founder Do Kwon have reached a “settlement in principle” with the U.S. Securities and Exchange Commission (SEC) regarding a fraud case, according to a court filing on Thursday.

Market News, Tech and Fundamental, Technical Analysis

FTSE 100 Index Technical Analysis Report 30 May, 2024

FTSE 100 Index can be expected to rise further toward the next resistance level 8325.00, which reversed the price earlier this month.

Chainwire

Sui and Atoma Bring the Power of AI to dApp Builders

The integration of Atoma adds new capabilities to Sui’s flourishing developer ecosystem with unique AI-querying capabilities.

Digital Assets

Talos incorporates DeFi with Skolem acquisition

Talos has acquired Skolem to enable clients to incorporate DeFi into their workflows in a move that sets a new standard for the digital asset OEMS and PMS.

<