Securities in the cryptocurrency sector.
A Moody’s report says the cryptocurrency ecosystem’s vulnerability to cyber-attacks is limiting the sector’s growth. Moody’s says this trend was most recently highlighted by the hacks suffered by FTX shortly after the exchange filed for Chapter 11 bankruptcy last week.
The complexity of blockchain-powered apps.
Moody’s explains that applications built on the blockchain rely on a “mess of technologies” that open them up to attack:
“The ecosystem relies on a number of technological layers, such as the user interface, smart contracts, the blockchain program and the hardware infrastructure. Each segment may be subject to vulnerabilities. In particular, smart contracts, programs that run automatically when predetermined conditions are met, present new challenges. While bugs can remain hidden for a long time in conventional applications, hackers can easily identify bugs in a smart contract because their code is often open source. Their automated nature and ability to hold cryptoassets also enables thieves to exploit logical errors to steal funds.”
More attacks targeting DeFi.
The researchers note that more attacks are now targeting decentralized finance (DeFi) companies compared to centralized finance (CeFi):
“Many reasons explain why hackers focus on DeFi. Some decentralized applications have large sums of money, which makes them attractive targets for theft. As of October 24, the total amount of funds invested in DeFi protocols, also known as the total value, was locked , at $53 billion, according to research firm DefiLlama, up from $595 million at the end of 2019.
“In addition, the DeFi ecosystem is fragmented and includes many startups, which sometimes rush to release products without performing thorough security checks.”
“DeFi is also subject to specific vulnerabilities. Like other segments of digital finance, some DeFi smart contracts rely on oracles, systems that retrieve and send data from outside the blockchain. This data is vulnerable to manipulation by hackers, a tactic known as an oracle attack.”
FTX fiasco highlights crypto risk.
CoinDesk describes a hack inflicted by FTX several hours after the exchange filed for bankruptcy. Unknown hackers stole more than $600 million from FTX crypto wallets. FTX stated in its Telegram channel, “FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Do not visit the FTX website as it may download Trojans.”
WIRED outlines the efforts industry and law enforcement are making to trace the stolen funds. Michelle Lai, a cryptocurrency consultant, told WIRED that the thieves are likely to be identified if they try to withdraw the money, but are unlikely to be apprehended if they live in Russia or North Korea.
WIRED also describes suspicions that the theft may have been an inside job. Reuters reports that FTX CEO Sam Bankman-Fried had what has been described as a “backdoor” that allowed him to issue funds from the exchange. The story is still developing rapidly, but there is no hard evidence for these accusations.