Investing in crypto: how to stay away from weak players

Crypto exchanges market: (un)safe heaven for investors’ money

Crypto exchanges are playing a central role in the functioning of the crypto market. According to CoinGecko, there are a bit more than 400 active crypto exchanges as of middle May. More than 30 exchanges process greater than $1B daily trading volume. Users are interested in being confident of the security of their assets traded. 

Since 2012, crypto exchanges have lost $2.66B as a result of hacks. The total number of exchanges that have fallen victim is 46. In 2020, there were 9 recorded hacks of crypto exchanges, the biggest one was the KuCoin hack ($275M). In 2021, there were only 4 recorded hacks, the biggest one was the BitMart hack ($150M). Thus, it is reasonable to note that the state of security in the crypto exchanges industry has improved. 

The main reason behind the hacks of crypto exchanges is weak key management. For example, all 4 hacks that took place in 2021 were caused by the ability of hackers to obtain access to hot wallets. 

But crypto exchanges are just middlemen. What about the security of the final destination for your money – cryptocurrencies? According to the recently released security rating of cryptocurrencies – more than 90% of the top 1,500 cryptocurrencies by CoinGecko do not have all basic security features in place. 

White hat hackers fighting against cybercrime

While common users most often fall victim to simple social engineering attacks such as phishing, crypto projects have experienced advanced cyberattacks involving the use of novel attack vectors. 

For example, in the Axie Infinity breach, hackers attacked the bridge, and networks that connect blockchains. Hackers managed to compromise Ronin network, the own blockchain created by Axie Infinity. Exploiters used hacked private keys to forge fake withdrawals and compromised other key validator nodes. When speaking about bridges, the attack surface is much greater compared to normal DeFi projects. 

Also, bad actors actively utilize flash loan attacks to get voting power without collateral. Flash loans are possible via decentralized lending protocols. They often involve complex financial transactions. If smart contracts are not properly designed, they are vulnerable to flash loan attacks. 

Unfortunately, by solely relying on their internal cybersecurity efforts, projects cannot eliminate all possible security threats. Cooperation with ethical hackers constitutes a universal security solution for crypto projects. Namely, crypto projects run bug bounty programs on reputable platforms such as Yes We Hack, Immunefi, or HackenProof and reward ethical hackers for finding bugs. And bug bounty programs are becoming a must-have testing process for successful projects.

How to see whether your chosen token is a safe option?

• Look for its audit report. Smart contract audit report shows whether the token’s code contains vulnerabilities including the critical ones. Also, try to verify whether the code deployed by a project matches the audited code. Namely, check whether the code published, for example, on Etherscan/BSCscan is the same as the code audited. If there is no match, it is likely that a project tries to manipulate its users. 
• Look for a platform audit. For utility tokens, there is a risk that users may lose their assets due to vulnerabilities in their platforms such as DEX or farming services. 
• Try to find the project’s bug bounty program. An active public bug bounty program run by a project on a reputable platform is a strong indicator of ensuring the security of users’ assets and data.
• Check whether a project has insurance. Insurance guarantees that even if a project is hacked, investors will get their money back. 
• Analyze its history. Be careful when finding a project with previous hack cases.

Conclusion

Security breaches, rug pulls, phishing and other forms of scams undermine users’ trust in crypto. Weak security and high volatility are the factors deterring the real mass adoption of crypto. By improving the security of virtual assets, we can make crypto much more attractive for investors and, thus, prevent or mitigate the negative effects of possible crypto winter. 

Kostiantyn Oleshko, product owner at CER.live.

About Kostiantyn Oleshko: Kostya is a master of science in applied cryptography with 6+ years of expertise in the blockchain industry. He used to work as a Project Manager at many crypto projects, including the entities linked to the National Bank of Ukraine that were developing E-Hryvnia, Ukrainian CBDC. He strongly believes that security is the key to crypto mass adoption.