What Recent Cryptocurrency Heists Reveal About Blockchain Security

In early August 2021, blockchain-based platform Poly Network reported a hack in which malicious actors moved an equivalent of $600 million in cryptocurrencies to their private wallets. This hack was the largest ever, after the 2014 hack of a Tokyo-based bitcoin exchange, which led to the theft of the equivalent of $460 million. A few days later, DAO Maker, a decentralized finance (DeFI) crypto platform announced a hack and theft of 2,261 Ethereum (the equivalent of $7 million at the time of the hack).

These heists reveal potential security vulnerabilities in the current system for purchasing and exchange cryptocurrencies despite the general promises of security provided by decentralized cryptocurrencies.

To understand how these cryptocurrency heists occurred, it is crucial to understand how cryptocurrency functions. In particular, how certain organizations provide cryptocurrency conversion services (i.e., converting Bitcoin to Ethereum). Traditionally, forms of currency (often referred to as “fiat” currency when distinguished from cryptocurrencies) are government issued and rely on a centralized banking system to validate money transfers and accounts. Most fiat currencies are not backed by commodities, such as gold, and therefore, have no intrinsic value. Value in fiat currency derives from consumer confidence (and is subject to government manipulation).

Cryptocurrencies, such as Bitcoin or Ethereum, however, are decentralized currencies with no central banking or financial system to validate transactions. Rather, these currencies rely on a network of users to validate transactions and balances. The technology that supports the storing and validating of transactions in a database (essentially a digital ledger) is called blockchain.

Most cryptocurrencies distribute this Blockchain ledger database across its users. The users earn rewards (usually the in the form of cryptocurrency) for hosting the ledger, validating transactions in the blockchain ledger, and solving complex computational math problems.

Cryptocurrency TransferThe lack of centralization creates complexities in converting currencies. Traditional exchange services involving fiat currency are handled by financial institutions who have the capacity to receive one type of currency (i.e., U.S. Dollar) and provide the equivalent amount in a different currency (i.e., the Euro).

Performing a similar instant exchange among cryptocurrencies requires an exchange service to stockpile multiple cryptocurrencies. Of course, this type of exchange service is inherently centralized – and that centralization of decentralized currency creates the security vulnerability that led to the recent string of crypto currency heists.

The attackers targeted the code behind the accounts that convert cryptocurrencies and injected malicious code that made the exchange service believe that the attacker was the intended recipient of the converted cryptocurrency.  The attackers ultimately redirected the currency into their personal wallets.

These recent events do not mean that those interested in holding or trading cryptocurrency should entirely avoid the use of exchanges. No transaction is 100% secure, and users should understand the potential risk involved in exchanging cryptocurrencies or converting fiat currency within the current systems of exchange.

The legal concerns stemming from these incidents mirror those in traditional incidents involving consumer information or fiat funds. However, the potential risk of loss is increased by the fact that cryptocurrency transactions in certain instances are uniquely untraceable and irreversible, meaning that the exchange may not be able to recover the stolen funds. Further compounding the risk is that these crypto exchange services may not have the same financial protections, insurance, or government backing as traditional financial institutions.

These events serve as a reminder that the security provided by decentralized currency may be lost when that currency is funneled through a centralized exchange.

*Attorney advertising: prior results do not guarantee future outcomes.

Subscribe to our Newsletter.