Security audits ‘not enough’ as losses reach $1.5B in 2023, security professional says
As companies continue to fall for hacks and exploits, professionals working in the cybersecurity space chipped in on what can be improved in terms of crypto security for digital asset companies and the broader crypto industry.
Before September, almost $1 billion had already been lost to crypto hacks, exploits and scams in 2023. Yet, more incidents continue to shake the crypto world in the fourth quarter of 2023, such as the Poloniex exploit, with over $100 million in digital asset losses , and the HECO Chain bridge hack, with over $80 million in losses .
. @Poloniex is suspected to have been hacked.
— Scopescan (@0xScopescan) November 10, 2023
The Poloniex address '0xA910' transferred all tokens to a new address '0x0A59' in 40 minutes, with a total value of about $60 million.
'0x0A59' is currently transferring funds to more addresses and converting them to $ETH : pic.twitter.com/Kjdw5gIkxa
With the number of security incidents happening within the space and the value lost to each hack or exploit, it’s undeniable that there are gaps to be filled in terms of digital asset security within the crypto space. Because of this, Cointelegraph reached out to cybersecurity professionals to see what they think can be done to prevent further incidents and tighten up the security in crypto.
Continued incidents are “inexcusable”
Ronghui Gu, the co-founder of blockchain security firm CertiK, told Cointelegraph in a statement that it’s “inexcusable” to have continued incidents caused by SIM-swap and multisig failures after incidents gave visibility to this security issue. According to Gu, companies should embrace crypto-native multifactor authentication and conduct regular security audits. He said:
“We’re building highly functional, highly complicated technology, and it’s important to make security the primary consideration, even when there are often large incentives to build fast and break things.”
Christian Seifert, the researcher in residence at Forta Network, also agreed that security needs to be a priority. Seifert, who previously worked as a security lead at Microsoft, said that users need to demand security, and if this doesn’t happen, regulators need to step in. The security professional said that in this way, crypto projects would adopt more comprehensive security strategies.
Furthermore, Seifert also argued that while security audits are effective, these are “not enough.” “One needs a comprehensive security strategy that starts with secure design and moves all the way to monitoring and threat prevention solutions,” he added.
Jerry Peng, research analyst at Web3 analytics firm 0xScope, told Cointelegraph in a statement that there needs to be a greater understanding of where and how security threats can potentially emerge. This way, companies and individuals can detect patterns and connections displayed by addresses involved in prior attacks. “This is where crypto data analytics services can help investigators thwart the next potential hack,” Peng explained.
Related: Cybersecurity team claims up to $2.1B in crypto stored in old wallets is at risk
How hacks hinder crypto adoption
Gu told Cointelegraph that based on the data compiled by CertiK, hacks in 2023 alone have already cost the space $1.5 billion as of Nov. 28. The executive believes that these incidents that continue to plague the space also have a massive effect on crypto adoption. “These hacks and exploits significantly impact crypto adoption by undermining public trust in the security and stability of digital assets,” Gu added.
Seifert also expressed similar sentiments. The security researcher noted that while those who adopted the technology early accept that there are risks, this will no longer be acceptable to the broader user base that the crypto space is trying to attract. Seifert explained:
“Imagine you losing all your savings because the branch of your bank got broken into overnight. You wouldn’t bank there.”
Peng also believes that hacks stifle potential market growth. According to Peng, these can “scare away” people previously open to exploring the Web3 space.
Magazine: HTX hacked again for $30M, 100K Koreans test CBDC, Binance 2.0: Asia Express
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.